Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows not loading properly + can't change wallpaper


  • This topic is locked This topic is locked
19 replies to this topic

#1 Oyayubi

Oyayubi

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 24 January 2009 - 11:06 PM

Hello, after seeing more pop-ups than normal and being unable to open Task Manager with Ctrl+Alt+Del, I found out I had Virtumonde. I ran a few tools that appeared to get rid of it, but then my Windows XP would freeze after showing my desktop. I deleted a few programs thinking that would help, but even after disabling parts of Windows I thought were unnecessary, it's still happening. Any thoughts on this are greatly appreciated. Thanks in advance!

DDS log (attach.txt attached):


DDS (Ver_09-01-19.01) - NTFSx86
Run by Teddi at 22:59:45.39 on 01/24/2009 Sat
Internet Explorer: 7.0.5730.13

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206235346031
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Notify: igfxcui - igfxdev.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Notification Packages = scecli scecli

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-01-24 22:50 54,156 a---h--- c:\windows\QTFont.qfn
2009-01-24 22:50 1,409 a------- c:\windows\QTFont.for
2009-01-24 13:15 759 a------- c:\windows\system32\spupdsvc.inf
2009-01-23 18:00 <DIR> --d----- c:\windows\ServicePackFiles
2009-01-23 17:49 294,912 -c------ c:\windows\system32\dllcache\msaud32.acm
2009-01-23 17:34 <DIR> --d----- c:\program files\Trend Micro
2009-01-22 22:17 23,392 a------- c:\windows\system32\nscompat.tlb
2009-01-22 22:17 16,832 a------- c:\windows\system32\amcompat.tlb
2009-01-22 22:11 <DIR> --d----- c:\windows\SxsCaPendDel
2009-01-18 18:04 <DIR> --d----- c:\program files\Power Wallpaper Changer
2009-01-17 20:44 1,499,136 -c------ c:\windows\system32\dllcache\shdocvw.dll
2009-01-17 20:44 1,160,192 -c------ c:\windows\system32\dllcache\urlmon.dll
2009-01-17 20:44 826,368 -c------ c:\windows\system32\dllcache\wininet.dll
2009-01-17 20:44 3,593,216 -c------ c:\windows\system32\dllcache\mshtml.dll
2009-01-17 19:11 664 a------- c:\windows\system32\d3d9caps.dat
2009-01-17 18:11 129,024 a------- c:\windows\system32\cojfqb.dll
2009-01-17 18:11 129,024 a------- c:\windows\system32\pmnoOfGX.dll
2009-01-17 18:08 <DIR> --d----- C:\VundoFix Backups
2009-01-17 11:59 129,024 a------- c:\windows\system32\awtsQJbX.dll
2009-01-17 10:59 129,024 a------- c:\windows\system32\xrfrst.dll
2009-01-17 10:59 129,024 a------- c:\windows\system32\vtUkjJAt.dll
2009-01-17 09:58 129,024 a------- c:\windows\system32\yhfkiq.dll
2009-01-17 09:58 129,024 a------- c:\windows\system32\pmnLBSlJ.dll
2009-01-17 01:03 <DIR> --d----- c:\program files\AnVir Task Manager Pro
2009-01-17 00:41 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\SecTaskMan
2009-01-17 00:40 <DIR> --d----- c:\program files\Security Task Manager
2009-01-17 00:35 129,024 a------- c:\windows\system32\ssqPgeDv.dll
2009-01-17 00:31 1 a------- c:\windows\system32\uniq.tll
2009-01-16 20:53 41,984 a------- c:\windows\system32\chert5-998.exe
2009-01-16 20:44 129,024 a------- c:\windows\system32\modwlp.dll
2009-01-16 20:44 129,024 a------- c:\windows\system32\vtUlJccy.dll
2009-01-15 23:37 124,928 a------- c:\windows\system32\efcDVNdd.dll
2009-01-15 22:37 124,928 a------- c:\windows\system32\ssqOGxuS.dll
2009-01-15 21:36 124,928 a------- c:\windows\system32\fccyARHY.dll
2009-01-15 19:42 124,928 a------- c:\windows\system32\vhdgcu.dll
2009-01-15 19:42 124,928 a------- c:\windows\system32\qoMfebCs.dll
2009-01-15 18:41 124,928 a------- c:\windows\system32\xcyvpc.dll
2009-01-15 18:41 124,928 a------- c:\windows\system32\opnonkKb.dll
2009-01-15 17:41 124,928 a------- c:\windows\system32\qtoaax.dll
2009-01-15 17:41 124,928 a------- c:\windows\system32\awtsQJcB.dll
2009-01-15 16:40 124,928 a------- c:\windows\system32\iifeETml.dll
2009-01-15 15:40 124,928 a------- c:\windows\system32\dxmzea.dll
2009-01-15 15:40 124,928 a------- c:\windows\system32\nnnmlkiF.dll
2009-01-15 14:40 124,928 a------- c:\windows\system32\zpyvaj.dll
2009-01-15 14:40 124,928 a------- c:\windows\system32\opnKDspq.dll
2009-01-15 13:39 124,928 a------- c:\windows\system32\umuagi.dll
2009-01-15 13:39 124,928 a------- c:\windows\system32\opnnkigg.dll
2009-01-15 12:38 124,928 a------- c:\windows\system32\reqnoa.dll
2009-01-15 12:38 124,928 a------- c:\windows\system32\geBQjhIa.dll
2009-01-15 11:38 124,928 a------- c:\windows\system32\cqwnqj.dll
2009-01-15 11:38 124,928 a------- c:\windows\system32\iifgDsRk.dll
2009-01-15 10:37 124,928 a------- c:\windows\system32\wykgzx.dll
2009-01-15 09:37 124,928 a------- c:\windows\system32\rrcvdx.dll
2009-01-15 09:37 124,928 a------- c:\windows\system32\nnnopOhH.dll
2009-01-15 08:36 124,928 a------- c:\windows\system32\uonned.dll
2009-01-15 08:36 124,928 a------- c:\windows\system32\wvUmmmjg.dll
2009-01-15 07:24 124,928 a------- c:\windows\system32\qnussc.dll
2009-01-15 07:24 124,928 a------- c:\windows\system32\rqRKCtRK.dll
2009-01-15 02:29 124,928 a------- c:\windows\system32\icqsrp.dll
2009-01-15 02:29 124,928 a------- c:\windows\system32\xxyATljJ.dll
2009-01-15 01:28 124,928 a------- c:\windows\system32\hxwbgg.dll
2009-01-15 01:28 124,928 a------- c:\windows\system32\iifecccD.dll
2009-01-15 00:28 124,928 a------- c:\windows\system32\ldxrhl.dll
2009-01-15 00:28 124,928 a------- c:\windows\system32\ddcDWmkL.dll
2009-01-14 23:28 124,928 a------- c:\windows\system32\hkejlg.dll
2009-01-14 23:28 124,928 a------- c:\windows\system32\efcAsttR.dll
2009-01-14 22:28 124,928 a------- c:\windows\system32\wtlabj.dll
2009-01-14 22:28 124,928 a------- c:\windows\system32\urqRjgEx.dll
2009-01-14 21:23 124,928 a------- c:\windows\system32\scoxqx.dll
2009-01-14 21:23 124,928 a------- c:\windows\system32\nnnnkljh.dll
2009-01-14 20:50 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2009-01-14 20:23 124,928 a------- c:\windows\system32\udynve.dll
2009-01-14 20:23 124,928 a------- c:\windows\system32\byXPHaWP.dll
2009-01-14 19:22 124,928 a------- c:\windows\system32\eacxgd.dll
2009-01-14 19:22 124,928 a------- c:\windows\system32\ssqPfCSi.dll
2009-01-14 18:22 124,928 a------- c:\windows\system32\adsawd.dll
2009-01-14 18:22 124,928 a------- c:\windows\system32\jkkJARLb.dll
2009-01-14 17:21 124,928 a------- c:\windows\system32\grdijz.dll
2009-01-14 16:21 124,928 a------- c:\windows\system32\ersxje.dll
2009-01-14 16:21 124,928 a------- c:\windows\system32\urqRLebY.dll
2009-01-14 15:20 124,928 a------- c:\windows\system32\zkkmvl.dll
2009-01-14 15:20 124,928 a------- c:\windows\system32\cbXPhgdb.dll
2009-01-14 14:19 124,928 a------- c:\windows\system32\hunuoh.dll
2009-01-14 14:19 124,928 a------- c:\windows\system32\iiffCULc.dll
2009-01-14 13:18 124,928 a------- c:\windows\system32\hzszek.dll
2009-01-14 13:18 124,928 a------- c:\windows\system32\rqRJYsTl.dll
2009-01-14 12:18 124,928 a------- c:\windows\system32\qpyigb.dll
2009-01-14 12:18 124,928 a------- c:\windows\system32\fccaBRHY.dll
2009-01-14 12:13 35,328 a------- c:\windows\system32\mlJBSmJd.dll.vir
2009-01-14 12:13 45,568 -------- c:\windows\system32\log.exe
2009-01-14 04:13 24,064 a------- c:\windows\system32\pcload.exe
2009-01-07 12:55 73,216 a------- c:\windows\system32\ffkuz.dll
2009-01-05 14:26 0 a------- c:\windows\system32\winsrc.dll.tmp
2009-01-03 13:36 45,056 a------- c:\windows\system32\wpv751230995573.cpx

==================== Find3M ====================

2009-01-23 18:04 77,423 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-25 13:21 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2008-12-25 13:21 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys

============= FINISH: 23:00:32.03 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:05:12 AM

Posted 25 January 2009 - 05:47 AM

Hello, Oyayubi

Welcome to the Bleeping Computer Forums. My name is Jat, and I will be helping you with your situation.

If you do not make a reply in 5 days, we will have to close your topic.


You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.



Your DDS log looks minimal and incomplete. Having 0 Running Processes is an impossibility. Without a full DDS log it will be difficult to help you.

Please rescan with DDS.
When the log pops up, press "ctrl + a" to highlight all the text
Press "ctrl+v "to paste that here

Thanks

Edited by Jat90, 25 January 2009 - 06:26 AM.

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#3 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:05:12 AM

Posted 28 January 2009 - 03:12 AM

Are you there?
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#4 harrythook

harrythook


  • Security Colleague
  • 4,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philadelphia
  • Local time:11:12 PM

Posted 29 January 2009 - 06:58 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.
All others please read The Preparation Guide before starting your topic.

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook

#5 harrythook

harrythook


  • Security Colleague
  • 4,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philadelphia
  • Local time:11:12 PM

Posted 30 January 2009 - 10:01 AM

Opened at user request.

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook

#6 Oyayubi

Oyayubi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 30 January 2009 - 01:25 PM

Hello, attached are the two complete logs with everything running. FYI, I believe the first log posted above was the full result of DDS, but after I disabled virtually every service from starting. Thanks, oyayubi

DDS (Ver_09-01-19.01) - NTFSx86
Run by Teddi at 20:07:05.40 on 01/29/2009 Thu
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.1013.723 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\Teddi\Desktop\dds.scr
C:\WINDOWS\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Power Wallpaper Changer] c:\progra~1\powerw~1\Power Wallpaper Changer.exe
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206235346031
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Notify: igfxcui - igfxdev.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Notification Packages = scecli scecli

============= SERVICES / DRIVERS ===============

R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]

=============== Created Last 30 ================

2009-01-23 18:00 <DIR> --d----- c:\windows\ServicePackFiles
2009-01-23 17:49 294,912 -c------ c:\windows\system32\dllcache\msaud32.acm
2009-01-23 17:34 <DIR> --d----- c:\program files\Trend Micro
2009-01-22 22:17 23,392 a------- c:\windows\system32\nscompat.tlb
2009-01-22 22:17 16,832 a------- c:\windows\system32\amcompat.tlb
2009-01-22 22:11 <DIR> --d----- c:\windows\SxsCaPendDel
2009-01-18 18:04 <DIR> --d----- c:\program files\Power Wallpaper Changer
2009-01-17 20:44 1,499,136 -c------ c:\windows\system32\dllcache\shdocvw.dll
2009-01-17 20:44 1,160,192 -c------ c:\windows\system32\dllcache\urlmon.dll
2009-01-17 20:44 826,368 -c------ c:\windows\system32\dllcache\wininet.dll
2009-01-17 20:44 3,593,216 -c------ c:\windows\system32\dllcache\mshtml.dll
2009-01-17 19:11 664 a------- c:\windows\system32\d3d9caps.dat
2009-01-17 18:11 129,024 a------- c:\windows\system32\cojfqb.dll
2009-01-17 18:11 129,024 a------- c:\windows\system32\pmnoOfGX.dll
2009-01-17 18:08 <DIR> --d----- C:\VundoFix Backups
2009-01-17 11:59 129,024 a------- c:\windows\system32\awtsQJbX.dll
2009-01-17 10:59 129,024 a------- c:\windows\system32\xrfrst.dll
2009-01-17 10:59 129,024 a------- c:\windows\system32\vtUkjJAt.dll
2009-01-17 09:58 129,024 a------- c:\windows\system32\yhfkiq.dll
2009-01-17 09:58 129,024 a------- c:\windows\system32\pmnLBSlJ.dll
2009-01-17 01:03 <DIR> --d----- c:\program files\AnVir Task Manager Pro
2009-01-17 00:41 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\SecTaskMan
2009-01-17 00:40 <DIR> --d----- c:\program files\Security Task Manager
2009-01-17 00:35 129,024 a------- c:\windows\system32\ssqPgeDv.dll
2009-01-17 00:31 1 a------- c:\windows\system32\uniq.tll
2009-01-16 20:53 41,984 a------- c:\windows\system32\chert5-998.exe
2009-01-16 20:44 129,024 a------- c:\windows\system32\modwlp.dll
2009-01-16 20:44 129,024 a------- c:\windows\system32\vtUlJccy.dll
2009-01-15 23:37 124,928 a------- c:\windows\system32\efcDVNdd.dll
2009-01-15 22:37 124,928 a------- c:\windows\system32\ssqOGxuS.dll
2009-01-15 21:36 124,928 a------- c:\windows\system32\fccyARHY.dll
2009-01-15 19:42 124,928 a------- c:\windows\system32\vhdgcu.dll
2009-01-15 19:42 124,928 a------- c:\windows\system32\qoMfebCs.dll
2009-01-15 18:41 124,928 a------- c:\windows\system32\xcyvpc.dll
2009-01-15 18:41 124,928 a------- c:\windows\system32\opnonkKb.dll
2009-01-15 17:41 124,928 a------- c:\windows\system32\qtoaax.dll
2009-01-15 17:41 124,928 a------- c:\windows\system32\awtsQJcB.dll
2009-01-15 16:40 124,928 a------- c:\windows\system32\iifeETml.dll
2009-01-15 15:40 124,928 a------- c:\windows\system32\dxmzea.dll
2009-01-15 15:40 124,928 a------- c:\windows\system32\nnnmlkiF.dll
2009-01-15 14:40 124,928 a------- c:\windows\system32\zpyvaj.dll
2009-01-15 14:40 124,928 a------- c:\windows\system32\opnKDspq.dll
2009-01-15 13:39 124,928 a------- c:\windows\system32\umuagi.dll
2009-01-15 13:39 124,928 a------- c:\windows\system32\opnnkigg.dll
2009-01-15 12:38 124,928 a------- c:\windows\system32\reqnoa.dll
2009-01-15 12:38 124,928 a------- c:\windows\system32\geBQjhIa.dll
2009-01-15 11:38 124,928 a------- c:\windows\system32\cqwnqj.dll
2009-01-15 11:38 124,928 a------- c:\windows\system32\iifgDsRk.dll
2009-01-15 10:37 124,928 a------- c:\windows\system32\wykgzx.dll
2009-01-15 09:37 124,928 a------- c:\windows\system32\rrcvdx.dll
2009-01-15 09:37 124,928 a------- c:\windows\system32\nnnopOhH.dll
2009-01-15 08:36 124,928 a------- c:\windows\system32\uonned.dll
2009-01-15 08:36 124,928 a------- c:\windows\system32\wvUmmmjg.dll
2009-01-15 07:24 124,928 a------- c:\windows\system32\qnussc.dll
2009-01-15 07:24 124,928 a------- c:\windows\system32\rqRKCtRK.dll
2009-01-15 02:29 124,928 a------- c:\windows\system32\icqsrp.dll
2009-01-15 02:29 124,928 a------- c:\windows\system32\xxyATljJ.dll
2009-01-15 01:28 124,928 a------- c:\windows\system32\hxwbgg.dll
2009-01-15 01:28 124,928 a------- c:\windows\system32\iifecccD.dll
2009-01-15 00:28 124,928 a------- c:\windows\system32\ldxrhl.dll
2009-01-15 00:28 124,928 a------- c:\windows\system32\ddcDWmkL.dll
2009-01-14 23:28 124,928 a------- c:\windows\system32\hkejlg.dll
2009-01-14 23:28 124,928 a------- c:\windows\system32\efcAsttR.dll
2009-01-14 22:28 124,928 a------- c:\windows\system32\wtlabj.dll
2009-01-14 22:28 124,928 a------- c:\windows\system32\urqRjgEx.dll
2009-01-14 21:23 124,928 a------- c:\windows\system32\scoxqx.dll
2009-01-14 21:23 124,928 a------- c:\windows\system32\nnnnkljh.dll
2009-01-14 20:50 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2009-01-14 20:23 124,928 a------- c:\windows\system32\udynve.dll
2009-01-14 20:23 124,928 a------- c:\windows\system32\byXPHaWP.dll
2009-01-14 19:22 124,928 a------- c:\windows\system32\eacxgd.dll
2009-01-14 19:22 124,928 a------- c:\windows\system32\ssqPfCSi.dll
2009-01-14 18:22 124,928 a------- c:\windows\system32\adsawd.dll
2009-01-14 18:22 124,928 a------- c:\windows\system32\jkkJARLb.dll
2009-01-14 17:21 124,928 a------- c:\windows\system32\grdijz.dll
2009-01-14 16:21 124,928 a------- c:\windows\system32\ersxje.dll
2009-01-14 16:21 124,928 a------- c:\windows\system32\urqRLebY.dll
2009-01-14 15:20 124,928 a------- c:\windows\system32\zkkmvl.dll
2009-01-14 15:20 124,928 a------- c:\windows\system32\cbXPhgdb.dll
2009-01-14 14:19 124,928 a------- c:\windows\system32\hunuoh.dll
2009-01-14 14:19 124,928 a------- c:\windows\system32\iiffCULc.dll
2009-01-14 13:18 124,928 a------- c:\windows\system32\hzszek.dll
2009-01-14 13:18 124,928 a------- c:\windows\system32\rqRJYsTl.dll
2009-01-14 12:18 124,928 a------- c:\windows\system32\qpyigb.dll
2009-01-14 12:18 124,928 a------- c:\windows\system32\fccaBRHY.dll
2009-01-14 12:13 35,328 a------- c:\windows\system32\mlJBSmJd.dll.vir
2009-01-14 12:13 45,568 -------- c:\windows\system32\log.exe
2009-01-14 04:13 24,064 a------- c:\windows\system32\pcload.exe
2009-01-07 12:55 73,216 a------- c:\windows\system32\ffkuz.dll
2009-01-05 14:26 0 a------- c:\windows\system32\winsrc.dll.tmp
2009-01-03 13:36 45,056 a------- c:\windows\system32\wpv751230995573.cpx

==================== Find3M ====================

2009-01-23 18:04 77,423 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-25 13:21 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2008-12-25 13:21 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys

============= FINISH: 20:08:08.13 ===============

Attach log:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-19.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/22/2008 6:55:34 PM
System Uptime: 1/29/2009 8:06:04 PM (0 hours ago)

Motherboard: Dell Inc. | | 0CU409
Processor: Genuine Intel® CPU 2160 @ 1.80GHz | Socket 775 | 1795/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 298 GiB total, 56.018 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
AIM 6
AnVir Task Manager Pro
Apple Mobile Device Support
Apple Software Update
BufferChm
Combined Community Codec Pack 2008-01-24
D1400
D1400_Help
Dell Resource CD
DeviceManagementQFolder
dj_sf_ProductContext
dj_sf_software
dj_sf_software_req
eSupportQFolder
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Deskjet 8.0 Software
HP Imaging Device Functions 8.0
HP Photosmart Essential
HP Solution Center 8.0
HP Update
HPProductAssistant
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections 12.1.12.0
iTunes
Japanese Fonts Support For Adobe Reader 8
LiveUpdate 3.1 (Symantec Corporation)
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Power Wallpaper Changer V3.2
PowerDVD
QuickTime
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Security Task Manager 1.7g
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
SolutionCenter
Sonic Activation Module
Status
Toolbox
TrayApp
UnloadSupport
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
WD Diagnostics
WebFldrs XP
WebReg
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format SDK Hotfix - KB891122
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
μTorrent

==== Event Viewer Messages From Past Week ========

1/22/2009 10:06:33 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
1/22/2009 10:01:46 PM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
1/22/2009 10:39:51 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework, Version 2.0 (KB928365).
1/22/2009 10:40:36 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows User Mode Driver Framework service to connect.
1/22/2009 10:40:36 PM, error: Service Control Manager [7000] - The Windows User Mode Driver Framework service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/22/2009 10:45:28 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer TAEKO that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8D36DD7C-699C-4735-800. The master browser is stopping or an election is being forced.
1/23/2009 8:19:13 PM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/23/2009 8:19:13 PM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
1/24/2009 12:00:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/24/2009 12:00:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/24/2009 12:01:30 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/24/2009 12:01:30 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/24/2009 12:01:30 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/24/2009 12:01:30 PM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
1/24/2009 12:01:30 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/24/2009 12:01:30 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/24/2009 12:01:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD eeCtrl Fips intelppm IPSec KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss SAVRT SAVRTPEL SYMTDI Tcpip vsdatant
1/24/2009 12:01:36 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/24/2009 12:17:55 PM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the Cryptographic Services service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/24/2009 12:17:55 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips intelppm KLIF SAVRT SAVRTPEL SYMTDI
1/24/2009 12:29:08 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
1/24/2009 12:48:56 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/24/2009 1:04:26 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
1/24/2009 8:38:04 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/24/2009 9:17:33 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

==== End Of File ===========================

#7 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:05:12 AM

Posted 31 January 2009 - 10:25 AM

Hello,

Your computer is quite heavily infected, mainly by Vundo. Please do the following:

Registry Backup

Backup Your Registry with ERUNT
  • Download from here
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

OTMoveIt

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :reg
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "securityproviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
    
    :files
    c:\windows\system32\cojfqb.dll
    c:\windows\system32\pmnoOfGX.dll
    c:\VundoFix Backups
    c:\windows\system32\awtsQJbX.dll
    c:\windows\system32\xrfrst.dll
    c:\windows\system32\vtUkjJAt.dll
    c:\windows\system32\yhfkiq.dll
    c:\windows\system32\pmnLBSlJ.dll
    c:\windows\system32\vtUlJccy.dll
    c:\windows\system32\efcDVNdd.dll
    c:\windows\system32\ssqOGxuS.dll
    c:\windows\system32\fccyARHY.dll
    c:\windows\system32\vhdgcu.dll
    c:\windows\system32\qoMfebCs.dll
    c:\windows\system32\xcyvpc.dll
    c:\windows\system32\opnonkKb.dll
    c:\windows\system32\qtoaax.dll
    c:\windows\system32\awtsQJcB.dll
    c:\windows\system32\iifeETml.dll
    c:\windows\system32\dxmzea.dll
    c:\windows\system32\nnnmlkiF.dll
    c:\windows\system32\zpyvaj.dll
    c:\windows\system32\opnKDspq.dll
    c:\windows\system32\umuagi.dll
    c:\windows\system32\opnnkigg.dll
    c:\windows\system32\reqnoa.dll
    c:\windows\system32\geBQjhIa.dll
    c:\windows\system32\cqwnqj.dll
    c:\windows\system32\iifgDsRk.dll
    c:\windows\system32\wykgzx.dll
    c:\windows\system32\rrcvdx.dll
    c:\windows\system32\nnnopOhH.dll
    c:\windows\system32\uonned.dll
    c:\windows\system32\wvUmmmjg.dll
    c:\windows\system32\qnussc.dll
    c:\windows\system32\rqRKCtRK.dll
    c:\windows\system32\icqsrp.dll
    c:\windows\system32\xxyATljJ.dll
    c:\windows\system32\hxwbgg.dll
    c:\windows\system32\iifecccD.dll
    c:\windows\system32\ldxrhl.dll
    c:\windows\system32\ddcDWmkL.dll
    c:\windows\system32\hkejlg.dll
    c:\windows\system32\efcAsttR.dll
    c:\windows\system32\wtlabj.dll
    c:\windows\system32\urqRjgEx.dll
    c:\windows\system32\scoxqx.dll
    c:\windows\system32\nnnnkljh.dll
    c:\windows\system32\udynve.dll
    c:\windows\system32\byXPHaWP.dll
    c:\windows\system32\eacxgd.dll
    c:\windows\system32\ssqPfCSi.dll
    c:\windows\system32\adsawd.dll
    c:\windows\system32\jkkJARLb.dll
    c:\windows\system32\grdijz.dll
    c:\windows\system32\ersxje.dll
    c:\windows\system32\urqRLebY.dll
    c:\windows\system32\zkkmvl.dll
    c:\windows\system32\cbXPhgdb.dll
    c:\windows\system32\hunuoh.dll
    c:\windows\system32\iiffCULc.dll
    c:\windows\system32\hzszek.dll
    c:\windows\system32\rqRJYsTl.dll
    c:\windows\system32\qpyigb.dll
    c:\windows\system32\fccaBRHY.dll
    c:\windows\system32\mlJBSmJd.dll.vir
    c:\windows\system32\wpv751230995573.cpx
    c:\windows\system32\log.exe 
    c:\windows\system32\pcload.exe 
    c:\windows\system32\chert5-998.exe
    c:\documents and settings\allusers.win\application data\SecTaskMan
    c:\windows\system32\nscompat.tlb
    c:\windows\system32\amcompat.tlb
    c:\windows\system32\winsrc.dll.tmp 
    c:\windows\system32\uniq.tll
    c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
    c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    c:\windows\system32\d3d9caps.dat
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
ESET Online Scan

Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.
  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Uncheck (untick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.
ReScan

Please rescan with DDS and post DDS.txt


In your next reply, please post:
  • OTMoveIt log
  • ESET log
  • DDS log

Edited by Jat90, 31 January 2009 - 12:26 PM.

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#8 Oyayubi

Oyayubi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 31 January 2009 - 01:19 PM

Hello, thanks for the diagnosis. Following below are the OTMoveIt log, the ESET log, and the DDS log + attach. I really appreciate these steps. Thanks again, Oyayubi

OTMoveIt log:
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\\"securityproviders"|"msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" /E : value set successfully!
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!
========== FILES ==========
DllUnregisterServer procedure not found in c:\windows\system32\cojfqb.dll
c:\windows\system32\cojfqb.dll NOT unregistered.
c:\windows\system32\cojfqb.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\pmnoOfGX.dll
c:\windows\system32\pmnoOfGX.dll NOT unregistered.
c:\windows\system32\pmnoOfGX.dll moved successfully.
c:\VundoFix Backups moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\awtsQJbX.dll
c:\windows\system32\awtsQJbX.dll NOT unregistered.
c:\windows\system32\awtsQJbX.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\xrfrst.dll
c:\windows\system32\xrfrst.dll NOT unregistered.
c:\windows\system32\xrfrst.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\vtUkjJAt.dll
c:\windows\system32\vtUkjJAt.dll NOT unregistered.
c:\windows\system32\vtUkjJAt.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\yhfkiq.dll
c:\windows\system32\yhfkiq.dll NOT unregistered.
c:\windows\system32\yhfkiq.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\pmnLBSlJ.dll
c:\windows\system32\pmnLBSlJ.dll NOT unregistered.
c:\windows\system32\pmnLBSlJ.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\vtUlJccy.dll
c:\windows\system32\vtUlJccy.dll NOT unregistered.
c:\windows\system32\vtUlJccy.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\efcDVNdd.dll
c:\windows\system32\efcDVNdd.dll NOT unregistered.
c:\windows\system32\efcDVNdd.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\ssqOGxuS.dll
c:\windows\system32\ssqOGxuS.dll NOT unregistered.
c:\windows\system32\ssqOGxuS.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\fccyARHY.dll
c:\windows\system32\fccyARHY.dll NOT unregistered.
c:\windows\system32\fccyARHY.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\vhdgcu.dll
c:\windows\system32\vhdgcu.dll NOT unregistered.
c:\windows\system32\vhdgcu.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\qoMfebCs.dll
c:\windows\system32\qoMfebCs.dll NOT unregistered.
c:\windows\system32\qoMfebCs.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\xcyvpc.dll
c:\windows\system32\xcyvpc.dll NOT unregistered.
c:\windows\system32\xcyvpc.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\opnonkKb.dll
c:\windows\system32\opnonkKb.dll NOT unregistered.
c:\windows\system32\opnonkKb.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\qtoaax.dll
c:\windows\system32\qtoaax.dll NOT unregistered.
c:\windows\system32\qtoaax.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\awtsQJcB.dll
c:\windows\system32\awtsQJcB.dll NOT unregistered.
c:\windows\system32\awtsQJcB.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\iifeETml.dll
c:\windows\system32\iifeETml.dll NOT unregistered.
c:\windows\system32\iifeETml.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\dxmzea.dll
c:\windows\system32\dxmzea.dll NOT unregistered.
c:\windows\system32\dxmzea.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\nnnmlkiF.dll
c:\windows\system32\nnnmlkiF.dll NOT unregistered.
c:\windows\system32\nnnmlkiF.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\zpyvaj.dll
c:\windows\system32\zpyvaj.dll NOT unregistered.
c:\windows\system32\zpyvaj.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\opnKDspq.dll
c:\windows\system32\opnKDspq.dll NOT unregistered.
c:\windows\system32\opnKDspq.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\umuagi.dll
c:\windows\system32\umuagi.dll NOT unregistered.
c:\windows\system32\umuagi.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\opnnkigg.dll
c:\windows\system32\opnnkigg.dll NOT unregistered.
c:\windows\system32\opnnkigg.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\reqnoa.dll
c:\windows\system32\reqnoa.dll NOT unregistered.
c:\windows\system32\reqnoa.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\geBQjhIa.dll
c:\windows\system32\geBQjhIa.dll NOT unregistered.
c:\windows\system32\geBQjhIa.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\cqwnqj.dll
c:\windows\system32\cqwnqj.dll NOT unregistered.
c:\windows\system32\cqwnqj.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\iifgDsRk.dll
c:\windows\system32\iifgDsRk.dll NOT unregistered.
c:\windows\system32\iifgDsRk.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\wykgzx.dll
c:\windows\system32\wykgzx.dll NOT unregistered.
c:\windows\system32\wykgzx.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\rrcvdx.dll
c:\windows\system32\rrcvdx.dll NOT unregistered.
c:\windows\system32\rrcvdx.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\nnnopOhH.dll
c:\windows\system32\nnnopOhH.dll NOT unregistered.
c:\windows\system32\nnnopOhH.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\uonned.dll
c:\windows\system32\uonned.dll NOT unregistered.
c:\windows\system32\uonned.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\wvUmmmjg.dll
c:\windows\system32\wvUmmmjg.dll NOT unregistered.
c:\windows\system32\wvUmmmjg.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\qnussc.dll
c:\windows\system32\qnussc.dll NOT unregistered.
c:\windows\system32\qnussc.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\rqRKCtRK.dll
c:\windows\system32\rqRKCtRK.dll NOT unregistered.
c:\windows\system32\rqRKCtRK.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\icqsrp.dll
c:\windows\system32\icqsrp.dll NOT unregistered.
c:\windows\system32\icqsrp.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\xxyATljJ.dll
c:\windows\system32\xxyATljJ.dll NOT unregistered.
c:\windows\system32\xxyATljJ.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\hxwbgg.dll
c:\windows\system32\hxwbgg.dll NOT unregistered.
c:\windows\system32\hxwbgg.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\iifecccD.dll
c:\windows\system32\iifecccD.dll NOT unregistered.
c:\windows\system32\iifecccD.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\ldxrhl.dll
c:\windows\system32\ldxrhl.dll NOT unregistered.
c:\windows\system32\ldxrhl.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\ddcDWmkL.dll
c:\windows\system32\ddcDWmkL.dll NOT unregistered.
c:\windows\system32\ddcDWmkL.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\hkejlg.dll
c:\windows\system32\hkejlg.dll NOT unregistered.
c:\windows\system32\hkejlg.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\efcAsttR.dll
c:\windows\system32\efcAsttR.dll NOT unregistered.
c:\windows\system32\efcAsttR.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\wtlabj.dll
c:\windows\system32\wtlabj.dll NOT unregistered.
c:\windows\system32\wtlabj.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\urqRjgEx.dll
c:\windows\system32\urqRjgEx.dll NOT unregistered.
c:\windows\system32\urqRjgEx.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\scoxqx.dll
c:\windows\system32\scoxqx.dll NOT unregistered.
c:\windows\system32\scoxqx.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\nnnnkljh.dll
c:\windows\system32\nnnnkljh.dll NOT unregistered.
c:\windows\system32\nnnnkljh.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\udynve.dll
c:\windows\system32\udynve.dll NOT unregistered.
c:\windows\system32\udynve.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\byXPHaWP.dll
c:\windows\system32\byXPHaWP.dll NOT unregistered.
c:\windows\system32\byXPHaWP.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\eacxgd.dll
c:\windows\system32\eacxgd.dll NOT unregistered.
c:\windows\system32\eacxgd.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\ssqPfCSi.dll
c:\windows\system32\ssqPfCSi.dll NOT unregistered.
c:\windows\system32\ssqPfCSi.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\adsawd.dll
c:\windows\system32\adsawd.dll NOT unregistered.
c:\windows\system32\adsawd.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\jkkJARLb.dll
c:\windows\system32\jkkJARLb.dll NOT unregistered.
c:\windows\system32\jkkJARLb.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\grdijz.dll
c:\windows\system32\grdijz.dll NOT unregistered.
c:\windows\system32\grdijz.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\ersxje.dll
c:\windows\system32\ersxje.dll NOT unregistered.
c:\windows\system32\ersxje.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\urqRLebY.dll
c:\windows\system32\urqRLebY.dll NOT unregistered.
c:\windows\system32\urqRLebY.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\zkkmvl.dll
c:\windows\system32\zkkmvl.dll NOT unregistered.
c:\windows\system32\zkkmvl.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\cbXPhgdb.dll
c:\windows\system32\cbXPhgdb.dll NOT unregistered.
c:\windows\system32\cbXPhgdb.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\hunuoh.dll
c:\windows\system32\hunuoh.dll NOT unregistered.
c:\windows\system32\hunuoh.dll moved successfully.
File/Folder 2c:\windows\system32\iiffCULc.dll not found.
DllUnregisterServer procedure not found in c:\windows\system32\hzszek.dll
c:\windows\system32\hzszek.dll NOT unregistered.
c:\windows\system32\hzszek.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\rqRJYsTl.dll
c:\windows\system32\rqRJYsTl.dll NOT unregistered.
c:\windows\system32\rqRJYsTl.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\qpyigb.dll
c:\windows\system32\qpyigb.dll NOT unregistered.
c:\windows\system32\qpyigb.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\fccaBRHY.dll
c:\windows\system32\fccaBRHY.dll NOT unregistered.
c:\windows\system32\fccaBRHY.dll moved successfully.
c:\windows\system32\mlJBSmJd.dll.vir moved successfully.
c:\windows\system32\wpv751230995573.cpx moved successfully.
c:\windows\system32\log.exe moved successfully.
c:\windows\system32\pcload.exe moved successfully.
c:\windows\system32\chert5-998.exe moved successfully.
File/Folder c:\documents and settings\allusers.win\application data\SecTaskMan not found.
c:\windows\system32\nscompat.tlb moved successfully.
c:\windows\system32\amcompat.tlb moved successfully.
c:\windows\system32\winsrc.dll.tmp moved successfully.
c:\windows\system32\uniq.tll moved successfully.
c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf moved successfully.
c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf moved successfully.
c:\windows\system32\d3d9caps.dat moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01312009_110344

ESET log:
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3815 (20090131)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=66b6f0019620c541a4b8d3f62f12d46b
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2009-01-31 05:25:18
# local_time=2009-01-31 12:25:18 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=507201
# found=71
# scan_time=3835
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan\Ajobuqazefijo.dll.q_2CFA400_q Win32/Cimag.E trojan EF89D54C3F78E803F9816B7C5953244F
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan\fpxvea.dll.q_804E801_q Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan\frmwrk32.exe.q_8045E00_q Win32/TrojanDownloader.FakeAlert.QT trojan 7EA9A741086D4EF64A44AA6A28D0F47D
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan\jyukce.dll.q_804E801_q Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan\ulqmrh.dll.q_804E801_q Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan\vcszyl.dll.q_804E801_q Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchSmartSearch.zip Win32/Bagle.gen.zip worm E4EA1D6C40C4412DBC8A1F2AD90517AD
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip Win32/Bagle.gen.zip worm C9C0141FDC4BEF250A7E2CEBE3A61532
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip Win32/Bagle.gen.zip worm 15FAC6715CCD819F17AE87E55C68440F
C:\Documents and Settings\Teddi\Local Settings\Temporary Internet Files\Content.IE5\0B8J2GHQ\per[1] Win32/Adware.SuperJuan application 97FA98BBFBD61DBB917550CBE5F5D05C
C:\Documents and Settings\Teddi\Local Settings\Temporary Internet Files\Content.IE5\0B8J2GHQ\per[2] Win32/Adware.SuperJuan application 97FA98BBFBD61DBB917550CBE5F5D05C
C:\WINDOWS\system32\ffkuz.dll Win32/BHO.NLI trojan C01A37CB1F41C92208E27857F51167FF
C:\WINDOWS\system32\iiffCULc.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\adsawd.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\awtsQJcB.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\byXPHaWP.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\cbXPhgdb.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\chert5-998.exe Win32/Cimag.E trojan D9CF5E73DFF52B1A4AEE09B1F896966B
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\cqwnqj.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\ddcDWmkL.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\dxmzea.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\eacxgd.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\efcAsttR.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\efcDVNdd.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\ersxje.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\fccaBRHY.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\fccyARHY.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\geBQjhIa.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\grdijz.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\hkejlg.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\hunuoh.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\hxwbgg.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\hzszek.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\icqsrp.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\iifecccD.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\iifeETml.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\iifgDsRk.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\jkkJARLb.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\ldxrhl.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\mlJBSmJd.dll.vir Win32/Adware.Virtumonde application 48D97721BF95F6A990B46A738470796B
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\nnnmlkiF.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\nnnnkljh.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\nnnopOhH.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\opnKDspq.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\opnnkigg.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\opnonkKb.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\pcload.exe Win32/TrojanDownloader.FakeAlert.QT trojan 7EA9A741086D4EF64A44AA6A28D0F47D
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\qnussc.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\qoMfebCs.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\qpyigb.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\qtoaax.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\reqnoa.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\rqRJYsTl.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\rqRKCtRK.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\rrcvdx.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\scoxqx.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\ssqOGxuS.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\ssqPfCSi.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\udynve.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\umuagi.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\uonned.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\urqRjgEx.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\urqRLebY.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\vhdgcu.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\wtlabj.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\wvUmmmjg.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\wykgzx.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\xcyvpc.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\xxyATljJ.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\zkkmvl.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619
C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\zpyvaj.dll Win32/Adware.SuperJuan application 55F25ACE4FAD92EAF1E88E06BE8F4619

DDS log:

DDS (Ver_09-01-19.01) - NTFSx86
Run by Teddi at 13:13:00.20 on 01/31/2009 Sat
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.1013.724 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\Teddi\Desktop\dds.scr
C:\WINDOWS\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelper.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Power Wallpaper Changer] c:\progra~1\powerw~1\Power Wallpaper Changer.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11

\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} -

hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-

f7252adaa4f2/LegitCheckControl.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206235346031
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]

=============== Created Last 30 ================

2009-01-31 11:08 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-01-31 11:03 <DIR> --d----- C:\_OTMoveIt
2009-01-23 18:00 <DIR> --d----- c:\windows\ServicePackFiles
2009-01-23 17:49 294,912 -c------ c:\windows\system32\dllcache\msaud32.acm
2009-01-23 17:34 <DIR> --d----- c:\program files\Trend Micro
2009-01-22 22:11 <DIR> --d----- c:\windows\SxsCaPendDel
2009-01-18 18:04 <DIR> --d----- c:\program files\Power Wallpaper Changer
2009-01-17 20:44 1,499,136 -c------ c:\windows\system32\dllcache\shdocvw.dll
2009-01-17 20:44 1,160,192 -c------ c:\windows\system32\dllcache\urlmon.dll
2009-01-17 20:44 826,368 -c------ c:\windows\system32\dllcache\wininet.dll
2009-01-17 20:44 3,593,216 -c------ c:\windows\system32\dllcache\mshtml.dll
2009-01-17 01:03 <DIR> --d----- c:\program files\AnVir Task Manager Pro
2009-01-17 00:41 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\SecTaskMan
2009-01-17 00:40 <DIR> --d----- c:\program files\Security Task Manager
2009-01-17 00:35 129,024 a------- c:\windows\system32\ssqPgeDv.dll
2009-01-16 20:44 129,024 a------- c:\windows\system32\modwlp.dll
2009-01-14 20:50 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2009-01-14 14:19 124,928 a------- c:\windows\system32\iiffCULc.dll
2009-01-07 12:55 73,216 a------- c:\windows\system32\ffkuz.dll

==================== Find3M ====================

2009-01-23 18:04 77,423 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys

============= FINISH: 13:13:52.50 ===============

Attached Files



#9 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:05:12 AM

Posted 01 February 2009 - 04:24 PM

Hi,

OTMoveIt got mostly everything, just a few things left:

Run Batch

Open Notepad & paste the contents of the code box below into it:
@echo off
dir /a /o:d C:\Windows\SxsCaPendDel > info.txt
info.txt
del info.txt
del %0

Click File then Save As, for the Filename type fix.bat and for type, select All Files. Save it to the desktop.

It should look like this: Posted Image

Now simply double click fix.bat and a black window will briefly appear then disappear, this is normal.

Notepad will pop up, paste the contents of notepad in your next reply.

Both the batch and text file will disappear after use.

Empty Quarantined Files
  • Open Spybot in one of the following ways:
    • If you have a shortcut on your desktop, double click it.
    • Click Start, then All Programs, then Spybot - Search & Destroy and then Spybot - Search & Destroy.
  • On the left side, click "Recovery".
    • NOTE: If this window is empty, you may skip the remaining steps. Exit Spybot.
  • Select (place a check) beside ALL the backup files that contain quarantined items.
  • Click on the Purge Selected Items button.
  • A dialog will appear, stating that the backup will be removed. Click Yes.
  • When the Recovery window is empty, Exit Spybot.
OTMoveIt

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan
    C:\WINDOWS\system32\ffkuz.dll
    C:\WINDOWS\system32\iiffCULc.dll
    c:\windows\system32\ssqPgeDv.dll
    c:\windows\system32\modwlp.dll
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
ATF Cleaner

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Kaspersky Scan

Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.


In your next reply, please post:
  • contents of info.txt
  • OTMoveIt log
  • Kaspersky log
  • How is your pc now?

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#10 Oyayubi

Oyayubi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 02 February 2009 - 11:42 PM

Hi, just giving you an update... I've completed all the steps except the last Kaspersky scan... it should finish overnight, so I should be able to post it all tomorrow. The computer is starting up now without me having to stop any startup jobs from opening... I do get crash messages saying that svchost32.exe shut down, and that forces the computer to restart... we'll see if that keeps up after this latest scan. Thanks again! -oyayubi

#11 Oyayubi

Oyayubi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 03 February 2009 - 07:45 AM

Scans are done! Other than this, I still can't change my desktop wallpaper on the desktop tab of Display Properties, and the svchost32.exe still seems to ctash about a half hour after startup. I don't have Symantec anti-virus installed anymore, so I'll be wondering which program I should get that will replace it. Thanks again, oyayubi

Info.txt:
Volume in drive C has no label.
Volume Serial Number is D451-0CF1

Directory of C:\Windows\SxsCaPendDel

01/22/2009 10:16 PM <DIR> ..
01/22/2009 10:16 PM <DIR> .
0 File(s) 0 bytes
2 Dir(s) 59,985,080,320 bytes free

OTMoveIt log:
========== FILES ==========
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ffkuz.dll
C:\WINDOWS\system32\ffkuz.dll NOT unregistered.
C:\WINDOWS\system32\ffkuz.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\iiffCULc.dll
C:\WINDOWS\system32\iiffCULc.dll NOT unregistered.
C:\WINDOWS\system32\iiffCULc.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\ssqPgeDv.dll
c:\windows\system32\ssqPgeDv.dll NOT unregistered.
c:\windows\system32\ssqPgeDv.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\modwlp.dll
c:\windows\system32\modwlp.dll NOT unregistered.
c:\windows\system32\modwlp.dll moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02022009_000634

Kaspersky log:
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, February 3, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, February 03, 2009 04:13:22
Records in database: 1738936


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics
Files scanned 134320
Threat name 9
Infected objects 82
Suspicious objects 0
Duration of the scan 03:15:12

File name Threat name Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B880000\4F9D2A68.VBN Infected: Trojan-Downloader.JS.Cobase.j 1

C:\RECYCLER\S-1-5-21-448539723-484763869-725345543-500\Dc1.dll Infected: Trojan.Win32.Agent2.js 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\adsawd.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\awtsQJbX.dll Infected: Trojan.Win32.Monder.arrb 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\awtsQJcB.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\byXPHaWP.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\cbXPhgdb.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\chert5-998.exe Infected: Trojan-Downloader.Win32.Agent.bdlh 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\cojfqb.dll Infected: Trojan.Win32.Monder.arrb 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\cqwnqj.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\ddcDWmkL.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\dxmzea.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\eacxgd.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\efcAsttR.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\efcDVNdd.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\ersxje.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\fccaBRHY.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\fccyARHY.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\geBQjhIa.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\grdijz.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\hkejlg.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\hunuoh.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\hxwbgg.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\hzszek.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\icqsrp.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\iifecccD.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\iifeETml.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\iifgDsRk.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\jkkJARLb.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\ldxrhl.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\log.exe Infected: Trojan.Win32.Agent.bktp 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\mlJBSmJd.dll.vir Infected: Trojan.Win32.Agent.bktp 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\nnnmlkiF.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\nnnnkljh.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\nnnopOhH.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\opnKDspq.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\opnnkigg.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\opnonkKb.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\pcload.exe Infected: Trojan.Win32.Pakes.mrn 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\pmnLBSlJ.dll Infected: Trojan.Win32.Monder.arrb 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\pmnoOfGX.dll Infected: Trojan.Win32.Monder.arrb 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\qnussc.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\qoMfebCs.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\qpyigb.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\qtoaax.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\reqnoa.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\rqRJYsTl.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\rqRKCtRK.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\rrcvdx.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\scoxqx.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\ssqOGxuS.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\ssqPfCSi.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\udynve.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\umuagi.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\uonned.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\urqRjgEx.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\urqRLebY.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\vhdgcu.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\vtUkjJAt.dll Infected: Trojan.Win32.Monder.arrb 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\vtUlJccy.dll Infected: Trojan.Win32.Monder.arrb 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\wpv751230995573.cpx Infected: Trojan-Downloader.Win32.Injecter.bzl 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\wtlabj.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\wvUmmmjg.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\wykgzx.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\xcyvpc.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\xrfrst.dll Infected: Trojan.Win32.Monder.arrb 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\xxyATljJ.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\yhfkiq.dll Infected: Trojan.Win32.Monder.arrb 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\zkkmvl.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\01312009_110344\windows\system32\zpyvaj.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\02022009_000634\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan\Ajobuqazefijo.dll.q_2CFA400_q Infected: Trojan-Downloader.Win32.Agent.bdlh 1

C:\_OTMoveIt\MovedFiles\02022009_000634\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan\fpknwy.dll.q_804F801_q Infected: Trojan.Win32.Monder.arrb 1

C:\_OTMoveIt\MovedFiles\02022009_000634\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan\fpxvea.dll.q_804E801_q Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\02022009_000634\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan\frmwrk32.exe.q_8045E00_q Infected: Trojan.Win32.Pakes.mrn 1

C:\_OTMoveIt\MovedFiles\02022009_000634\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan\fxezmu.dll.q_804F801_q Infected: Trojan.Win32.Monder.arrb 1

C:\_OTMoveIt\MovedFiles\02022009_000634\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan\jyukce.dll.q_804E801_q Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\02022009_000634\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan\ulqmrh.dll.q_804E801_q Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\02022009_000634\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan\vcszyl.dll.q_804E801_q Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\02022009_000634\WINDOWS\system32\ffkuz.dll Infected: Trojan-Downloader.Win32.Murlo.vn 1

C:\_OTMoveIt\MovedFiles\02022009_000634\WINDOWS\system32\iiffCULc.dll Infected: Trojan.Win32.Monder.aobs 1

C:\_OTMoveIt\MovedFiles\02022009_000634\WINDOWS\system32\modwlp.dll Infected: Trojan.Win32.Monder.arrb 1

C:\_OTMoveIt\MovedFiles\02022009_000634\WINDOWS\system32\ssqPgeDv.dll Infected: Trojan.Win32.Monder.arrb 1

The selected area was scanned.

#12 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:05:12 AM

Posted 03 February 2009 - 11:17 AM

Hello,

System File Checker

Protected system files may have been overwritten or modified. I would like you to run the System File Checker. However it may require the Windows Installation cd to correct some files.

To run the File Checker:
  • Go to Start
  • Click Run
  • In the box type sfc /scannow
  • Hit enter and let it check for modified files.
There are restrictions in place to prevent you changing your background. Applying this reg fix should solve that problem (let me know if it doesn't)

Registry Fix

Launch Notepad, and copy/paste the box below into a new text file. Save it on your desktop as fixme.reg. For the "save as type" choose all files
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktopChanges"=""
  • Locate fixme.reg on your Desktop and double-click on it.
  • You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
  • Answer "Yes" and wait for a message to appear similar to "Merged Successfully".
  • Delete the file after use
As for your other problem, I will need to look a little closer into your system:

OTViewIt

We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#13 Oyayubi

Oyayubi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 03 February 2009 - 10:42 PM

Hi again... I ran the System File Checker (using the Windows installation CD) and the registry fix... no changes yet. Attached are the two logs from OTViewIt. I also realized that I've been running the computer without any antivirus software since I first started to post , so I downloaded AVG Anti-virus. If this isn't a good problem, I'll delete that, and Spybot too if that is bad. thanks, oyayubi

otviewit.txt:
OTViewIt logfile created on: 2/3/2009 10:35:49 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Teddi\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.10 Mb Total Physical Memory | 405.43 Mb Available Physical Memory | 40.02% Memory free
2.38 Gb Paging File | 1.77 Gb Available in Paging File | 74.05% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.04 Gb Total Space | 55.77 Gb Free Space | 18.71% Space Free | Partition Type: NTFS
Drive D: | 583.18 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MIKURU
Current User Name: Teddi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/07/19 18:26:12 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
[2007/09/06 12:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2009/02/02 20:30:01 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2005/01/28 12:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2008/06/27 07:10:52 | 00,135,168 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
[2008/06/27 07:11:24 | 00,143,360 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
[2006/07/19 18:26:04 | 00,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[2009/02/02 20:30:01 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/06/27 07:10:36 | 00,249,856 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
[2008/09/16 12:16:08 | 01,833,296 | ---- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
File not found -- \?\globalroot\C:\WINDOWS\system32\rundll32.exe
[2008/04/13 19:12:37 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe
[2008/10/31 14:22:38 | 00,050,480 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
[2007/10/08 16:50:56 | 00,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
[2009/02/03 20:17:41 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2009/02/03 20:17:44 | 00,484,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2009/02/03 20:17:44 | 00,687,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
[2009/02/03 20:17:41 | 01,601,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2009/02/03 20:17:45 | 00,592,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
[2008/10/15 02:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/02/03 20:17:54 | 00,555,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\aAvgApi.exe
[2008/10/15 02:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/02/03 22:05:20 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Teddi\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/09/06 12:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
File not found -- -- (aspnet_state [On_Demand | Stopped])
[2006/07/19 18:26:12 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
[2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2009/02/02 20:30:01 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2006/08/25 11:00:38 | 02,528,960 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate [On_Demand | Stopped])
[2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/11/05 10:15:12 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
[2006/11/05 10:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
[2006/04/11 16:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [On_Demand | Stopped])
[2006/09/14 13:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
[2005/01/28 12:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2009/02/03 20:17:41 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])

========== Driver Services ==========

[2004/12/13 16:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
[2006/08/18 12:17:46 | 00,035,096 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM [Auto | Running])
[2006/08/18 12:17:40 | 00,032,472 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
[2006/08/11 09:35:18 | 00,012,920 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
[2006/08/18 12:18:08 | 00,009,400 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM [Auto | Running])
[2006/08/18 12:17:38 | 00,104,472 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
[2006/08/18 12:17:42 | 00,026,008 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
[2006/08/18 12:17:38 | 00,014,520 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
[2006/08/11 09:35:16 | 00,028,184 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M [System | Running])
[2006/08/18 12:17:44 | 00,094,648 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
[2006/08/18 12:17:44 | 00,097,848 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
[2006/07/21 10:21:26 | 00,099,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
[2006/08/11 10:05:58 | 00,051,768 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
[2007/04/13 20:33:34 | 00,254,872 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express [On_Demand | Running])
[2004/08/04 05:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga [System | Running])
[2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2008/06/27 07:46:48 | 06,023,072 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm [On_Demand | Running])
[2007/05/02 16:21:22 | 04,403,712 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/06/09 13:12:06 | 00,018,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2006/07/24 02:00:00 | 00,036,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2006/04/11 16:13:34 | 00,389,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [On_Demand | Stopped])
[2006/11/02 07:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped])
[2009/02/03 20:17:59 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2009/02/03 20:18:00 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2009/02/03 20:18:05 | 00,107,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.com/ig?hl=en&source=iglk

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{0d40ebab-215f-41f5-90f3-c06c28df6c28} (HKLM) -- C:\WINDOWS\system32\prieap.dll ()
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{A057A204-BACC-4D26-9990-79A187E2698E} (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
"Persistence"=C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe File not found
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoSetActiveDesktop"=1
"NoActiveDesktopChanges"=
"NoCDBurning"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoSetActiveDesktop"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/14 21:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search && Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 21:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/2008.1...toUploader5.cab -- Facebook Photo Uploader 5 Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/8/b...heckControl.cab -- Windows Genuine Advantage Validation Tool
{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}: http://www.eset.eu/buxus/docs/OnlineScanner.cab -- OnlineScanner Control
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupd...b?1206235346031 -- WUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab -- Java Plug-in 1.6.0_11
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11

========== (O17) DNS Name Servers ==========

{8D36DD7C-699C-4735-8004-BAD51D633C84} (Servers: | Description: Intel® 82562V-2 10/100 Network Connection)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=cptqnl.dll prieap.dll
>[2009/02/03 19:40:37 | 00,129,024 | ---- | M] () -- C:\WINDOWS\system32\cptqnl.dll
>[2009/02/03 21:42:08 | 00,129,024 | ---- | M] () -- C:\WINDOWS\system32\prieap.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
avgrsstarter: "DllName" = avgrsstx.dll -- C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
NavLogon: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found
ssqOFUNE: "DllName" = ssqOFUNE.dll -- C:\WINDOWS\system32\ssqOFUNE.dll ()
WgaLogon: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}" (HKLM) -- C:\WINDOWS\system32\ssqOFUNE.dll ()

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/10 12:04:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTORUN.INF [[AutoRun] | open=setup.exe | icon=setup.exe,0 | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |  | ]
[2004/08/04 07:00:00 | 00,000,110 | R--- | M] () -- D:\AUTORUN.INF -- [ CDFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11985cf3-7473-11dc-a441-001aa08fdc8a}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11985cf3-7473-11dc-a441-001aa08fdc8a}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11985cf3-7473-11dc-a441-001aa08fdc8a}\Shell\AutoRun\command]
""=J:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f88eaf9-6198-11dc-a418-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f88eaf9-6198-11dc-a418-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f88eaf9-6198-11dc-a418-806d6172696f}\Shell\AutoRun\command]
""=D:\setup.exe -- [2004/08/04 07:00:00 | 01,314,816 | R--- | M] (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[9 C:\WINDOWS\*.tmp files]
[2009/02/03 22:31:19 | 00,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2009/02/03 22:31:15 | 00,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2009/02/03 22:31:14 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2009/02/03 22:31:10 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2009/02/03 22:31:07 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xrxflnch.exe
[2009/02/03 22:31:02 | 00,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2009/02/03 22:30:58 | 00,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2009/02/03 22:30:55 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2009/02/03 22:30:53 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2009/02/03 22:30:46 | 00,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiacpi.sys
[2009/02/03 22:30:44 | 00,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2009/02/03 22:30:41 | 00,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2009/02/03 22:30:35 | 00,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2009/02/03 22:30:31 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiamsmud.dll
[2009/02/03 22:30:27 | 00,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2009/02/03 22:30:19 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wceusbsh.sys
[2009/02/03 22:30:16 | 00,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2009/02/03 22:30:05 | 00,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2009/02/03 22:30:01 | 00,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2009/02/03 22:29:57 | 00,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2009/02/03 22:29:51 | 00,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2009/02/03 22:29:47 | 00,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2009/02/03 22:29:43 | 00,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2009/02/03 22:29:40 | 00,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2009/02/03 22:29:35 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viaide.sys
[2009/02/03 22:29:34 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2009/02/03 22:29:30 | 00,687,999 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrwdxjs.sys
[2009/02/03 22:29:26 | 00,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2009/02/03 22:29:22 | 00,113,762 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrpda.sys
[2009/02/03 22:29:19 | 00,007,556 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usroslba.sys
[2009/02/03 22:29:15 | 00,224,802 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usr1807a.sys
[2009/02/03 22:29:11 | 00,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2009/02/03 22:29:08 | 00,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2009/02/03 22:29:04 | 00,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2009/02/03 22:29:03 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2009/02/03 22:29:02 | 00,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbohci.sys
[2009/02/03 22:29:01 | 00,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2009/02/03 22:29:00 | 00,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2009/02/03 22:28:55 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxud32.dll
[2009/02/03 22:28:52 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu40.dll
[2009/02/03 22:28:48 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu22.dll
[2009/02/03 22:28:45 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu12.dll
[2009/02/03 22:28:41 | 00,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2009/02/03 22:28:38 | 00,022,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxpcls.sys
[2009/02/03 22:28:34 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxp60.dll
[2009/02/03 22:28:31 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxcam.dll
[2009/02/03 22:28:27 | 00,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2009/02/03 22:28:24 | 00,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2009/02/03 22:28:12 | 00,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2009/02/03 22:28:08 | 00,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2009/02/03 22:28:05 | 00,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2009/02/03 22:28:01 | 00,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2009/02/03 22:27:58 | 00,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2009/02/03 22:27:54 | 00,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2009/02/03 22:27:39 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\toside.sys
[2009/02/03 22:27:25 | 00,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2009/02/03 22:27:20 | 00,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2009/02/03 22:27:17 | 00,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2009/02/03 22:27:16 | 00,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2009/02/03 22:27:12 | 00,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2009/02/03 22:27:09 | 00,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2009/02/03 22:26:59 | 00,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tandqic.sys
[2009/02/03 22:26:56 | 00,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2009/02/03 22:26:52 | 00,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2009/02/03 22:26:36 | 00,094,293 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sxports.dll
[2009/02/03 22:26:32 | 00,103,936 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sx.sys
[2009/02/03 22:26:29 | 00,003,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swusbflt.sys
[2009/02/03 22:26:26 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpidflt.dll
[2009/02/03 22:26:23 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpdflt2.dll
[2009/02/03 22:26:20 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_wheel.dll
[2009/02/03 22:26:16 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_effct.dll
[2009/02/03 22:26:15 | 00,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2009/02/03 22:26:12 | 00,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2009/02/03 22:26:09 | 00,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2009/02/03 22:26:06 | 00,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2009/02/03 22:26:02 | 00,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2009/02/03 22:25:58 | 00,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2009/02/03 22:25:55 | 00,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusd.dll
[2009/02/03 22:25:51 | 00,024,660 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxupchk.dll
[2009/02/03 22:25:47 | 00,061,824 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\speed.sys
[2009/02/03 22:25:44 | 00,106,584 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spdports.dll
[2009/02/03 22:25:40 | 00,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2009/02/03 22:25:24 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonymc.sys
[2009/02/03 22:25:24 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonyait.sys
[2009/02/03 22:25:20 | 00,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snyaitmc.sys
[2009/02/03 22:25:13 | 00,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2009/02/03 22:25:10 | 00,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2009/02/03 22:25:06 | 00,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2009/02/03 22:25:03 | 00,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2009/02/03 22:25:00 | 00,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2009/02/03 22:24:57 | 00,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbhc.sys
[2009/02/03 22:24:56 | 00,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys
[2009/02/03 22:24:55 | 00,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys
[2009/02/03 22:24:52 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb3w.dll
[2009/02/03 22:24:49 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb0w.dll
[2009/02/03 22:24:45 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma0w.dll
[2009/02/03 22:24:41 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm91w.dll
[2009/02/03 22:24:38 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2009/02/03 22:24:37 | 00,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2009/02/03 22:24:34 | 00,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2009/02/03 22:24:31 | 00,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2009/02/03 22:24:23 | 00,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2009/02/03 22:23:59 | 00,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2009/02/03 22:23:56 | 00,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2009/02/03 22:23:53 | 00,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2009/02/03 22:23:50 | 00,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2009/02/03 22:23:42 | 00,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2009/02/03 22:23:39 | 00,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sermouse.sys
[2009/02/03 22:23:36 | 00,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seaddsmc.sys
[2009/02/03 22:23:34 | 00,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
[2009/02/03 22:23:31 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiprnt.sys
[2009/02/03 22:23:26 | 00,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2009/02/03 22:23:23 | 00,016,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scmstcs.sys
[2009/02/03 22:23:20 | 00,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2009/02/03 22:23:17 | 00,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2009/02/03 22:23:15 | 00,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys
[2009/02/03 22:23:03 | 00,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2009/02/03 22:23:00 | 00,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2009/02/03 22:22:56 | 00,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2009/02/03 22:22:53 | 00,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2009/02/03 22:22:50 | 00,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2009/02/03 22:22:47 | 00,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2009/02/03 22:22:44 | 00,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2009/02/03 22:22:41 | 00,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2009/02/03 22:22:38 | 00,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2009/02/03 22:22:35 | 00,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.sys
[2009/02/03 22:22:31 | 00,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2009/02/03 22:22:28 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2009/02/03 22:22:26 | 00,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2009/02/03 22:22:25 | 00,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2009/02/03 22:22:22 | 00,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2009/02/03 22:22:18 | 00,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2009/02/03 22:22:11 | 00,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2009/02/03 22:22:07 | 00,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2009/02/03 22:22:03 | 00,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2009/02/03 22:21:59 | 00,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2009/02/03 22:21:52 | 00,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasirda.sys
[2009/02/03 22:21:48 | 00,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2009/02/03 22:21:45 | 00,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2009/02/03 22:21:42 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qvusd.dll
[2009/02/03 22:21:38 | 00,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qv2kux.sys
[2009/02/03 22:21:31 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql1240.sys
[2009/02/03 22:21:25 | 00,033,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql10wnt.sys
[2009/02/03 22:21:21 | 00,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys
[2009/02/03 22:21:18 | 00,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2009/02/03 22:21:15 | 00,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2009/02/03 22:21:11 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll
[2009/02/03 22:21:11 | 00,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2009/02/03 22:21:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusb.dll
[2009/02/03 22:21:06 | 00,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2009/02/03 22:21:03 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\psisload.dll
[2009/02/03 22:21:02 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2009/02/03 22:20:59 | 00,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2009/02/03 22:20:58 | 00,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys
[2009/02/03 22:20:54 | 00,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa.sys
[2009/02/03 22:20:54 | 00,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
[2009/02/03 22:20:50 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pnrmc.sys
[2009/02/03 22:20:42 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phvfwext.dll
[2009/02/03 22:20:39 | 00,019,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philtune.sys
[2009/02/03 22:20:36 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phildec.sys
[2009/02/03 22:20:32 | 00,173,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam2.sys
[2009/02/03 22:20:29 | 00,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.sys
[2009/02/03 22:20:25 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.dll
[2009/02/03 22:20:22 | 00,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll
[2009/02/03 22:20:22 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phdsext.ax
[2009/02/03 22:20:21 | 00,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys
[2009/02/03 22:20:20 | 00,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll
[2009/02/03 22:20:19 | 00,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys
[2009/02/03 22:20:16 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2hib.sys
[2009/02/03 22:20:13 | 00,027,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2.sys
[2009/02/03 22:20:12 | 00,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2009/02/03 22:20:09 | 00,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2009/02/03 22:20:06 | 00,035,328 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntpci5.sys
[2009/02/03 22:20:03 | 00,029,769 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5m.sys
[2009/02/03 22:20:00 | 00,030,282 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5hl.sys
[2009/02/03 22:19:57 | 00,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2009/02/03 22:19:55 | 00,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2009/02/03 22:19:52 | 00,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2009/02/03 22:19:48 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2rc.dll
[2009/02/03 22:19:46 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2.dll
[2009/02/03 22:19:43 | 00,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovsound2.sys
[2009/02/03 22:19:40 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcoms.exe
[2009/02/03 22:19:37 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcomc.dll
[2009/02/03 22:19:34 | 00,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodek2.sys
[2009/02/03 22:19:31 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodec2.dll
[2009/02/03 22:19:28 | 00,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovce.sys
[2009/02/03 22:19:25 | 00,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcd.sys
[2009/02/03 22:19:22 | 00,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcam2.sys
[2009/02/03 22:19:18 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovca.sys
[2009/02/03 22:19:15 | 00,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2009/02/03 22:19:12 | 00,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2009/02/03 22:19:09 | 00,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2009/02/03 22:19:06 | 00,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2009/02/03 22:19:04 | 00,061,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ohci1394.sys
[2009/02/03 22:18:48 | 00,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2009/02/03 22:18:45 | 00,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntapm.sys
[2009/02/03 22:18:41 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsmmc.sys
[2009/02/03 22:18:37 | 00,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2009/02/03 22:18:34 | 00,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2009/02/03 22:18:30 | 00,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2009/02/03 22:18:30 | 00,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2009/02/03 22:18:25 | 00,065,278 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\netflx3.sys
[2009/02/03 22:18:22 | 00,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2009/02/03 22:18:19 | 00,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2009/02/03 22:18:16 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ne2000.sys
[2009/02/03 22:18:15 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2009/02/03 22:18:14 | 00,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2009/02/03 22:18:11 | 00,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2009/02/03 22:18:08 | 00,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2009/02/03 22:18:06 | 00,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2009/02/03 22:18:03 | 00,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2009/02/03 22:18:00 | 00,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2009/02/03 22:17:57 | 00,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2009/02/03 22:17:54 | 00,128,000 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n100325.sys
[2009/02/03 22:17:51 | 00,052,255 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n1000nt5.sys
[2009/02/03 22:17:48 | 00,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2009/02/03 22:17:46 | 00,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2009/02/03 22:17:43 | 00,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2009/02/03 22:17:40 | 00,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2009/02/03 22:17:37 | 00,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2009/02/03 22:17:34 | 00,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2009/02/03 22:17:29 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2009/02/03 22:17:28 | 00,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstape.sys
[2009/02/03 22:17:25 | 00,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msriffwv.sys
[2009/02/03 22:17:20 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msmpu401.sys
[2009/02/03 22:17:18 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msircomm.sys
[2009/02/03 22:17:11 | 00,035,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgame.sys
[2009/02/03 22:17:08 | 00,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfsio.sys
[2009/02/03 22:17:07 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2009/02/03 22:17:07 | 00,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2009/02/03 22:17:02 | 00,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2009/02/03 22:17:00 | 00,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2009/02/03 22:16:56 | 00,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys
[2009/02/03 22:16:52 | 00,006,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\miniqic.sys
[2009/02/03 22:16:41 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memgrp.dll
[2009/02/03 22:16:38 | 00,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memcard.sys
[2009/02/03 22:16:35 | 00,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2009/02/03 22:16:31 | 00,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mammoth.sys
[2009/02/03 22:16:25 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3092dc.dll
[2009/02/03 22:16:22 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3091dc.dll
[2009/02/03 22:16:16 | 00,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2009/02/03 22:16:13 | 00,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2009/02/03 22:16:13 | 00,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ltotape.sys
[2009/02/03 22:16:12 | 00,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2009/02/03 22:16:10 | 00,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2009/02/03 22:16:09 | 00,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2009/02/03 22:16:07 | 00,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2009/02/03 22:16:03 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\loop.sys
[2009/02/03 22:15:59 | 00,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2009/02/03 22:15:57 | 00,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2009/02/03 22:15:54 | 00,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2009/02/03 22:15:51 | 00,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2009/02/03 22:15:48 | 00,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2009/02/03 22:15:45 | 00,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2009/02/03 22:15:44 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2009/02/03 22:15:44 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2009/02/03 22:15:43 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2009/02/03 22:15:41 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kousd.dll
[2009/02/03 22:15:39 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2009/02/03 22:15:39 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2009/02/03 22:15:13 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2009/02/03 22:15:13 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irsir.sys
[2009/02/03 22:15:10 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2009/02/03 22:15:10 | 00,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2009/02/03 22:15:09 | 00,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys
[2009/02/03 22:15:08 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2009/02/03 22:15:05 | 00,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2009/02/03 22:15:02 | 00,090,200 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8ports.dll
[2009/02/03 22:15:00 | 00,038,784 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8.sys
[2009/02/03 22:14:59 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\intelide.sys
[2009/02/03 22:14:57 | 00,013,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inport.sys
[2009/02/03 22:14:54 | 00,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ini910u.sys
[2009/02/03 22:14:44 | 00,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2009/02/03 22:14:41 | 00,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5usb.sys
[2009/02/03 22:14:39 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5ext.dll
[2009/02/03 22:14:36 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5com.dll
[2009/02/03 22:14:34 | 00,154,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4usb.sys
[2009/02/03 22:14:31 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4ext.dll
[2009/02/03 22:14:29 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4com.dll
[2009/02/03 22:14:26 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3ext.dll
[2009/02/03 22:14:24 | 00,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3.sys
[2009/02/03 22:14:21 | 00,038,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ibmvcap.sys
[2009/02/03 22:14:04 | 00,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omp.sys
[2009/02/03 22:14:04 | 00,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2009/02/03 22:13:21 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hr1w.dll
[2009/02/03 22:12:41 | 00,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidswvd.sys
[2009/02/03 22:12:38 | 00,020,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2009/02/03 22:12:38 | 00,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidgame.sys
[2009/02/03 22:12:34 | 00,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2009/02/03 22:12:32 | 00,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2009/02/03 22:12:30 | 00,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2009/02/03 22:12:29 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2009/02/03 22:12:28 | 00,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2009/02/03 22:12:18 | 00,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2009/02/03 22:12:10 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fuusd.dll
[2009/02/03 22:12:08 | 00,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2009/02/03 22:12:06 | 00,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2009/02/03 22:12:03 | 00,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2009/02/03 22:12:01 | 00,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2009/02/03 22:11:59 | 00,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2009/02/03 22:11:58 | 00,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2009/02/03 22:11:56 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fnfilter.dll
[2009/02/03 22:11:44 | 00,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2009/02/03 22:11:41 | 00,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2009/02/03 22:11:39 | 00,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2009/02/03 22:11:36 | 00,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exabyte2.sys
[2009/02/03 22:11:31 | 00,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunib.dll
[2009/02/03 22:11:29 | 00,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuni.dll
[2009/02/03 22:11:27 | 00,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimg.dll
[2009/02/03 22:11:25 | 00,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucm.dll
[2009/02/03 22:11:12 | 00,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2009/02/03 22:10:59 | 00,114,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epstw2k.sys
[2009/02/03 22:10:56 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epcfw2k.sys
[2009/02/03 22:10:55 | 00,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\enum1394.sys
[2009/02/03 22:10:47 | 00,007,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\elmsmc.sys
[2009/02/03 22:10:17 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2009/02/03 22:10:16 | 00,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2009/02/03 22:10:14 | 00,020,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpti2o.sys
[2009/02/03 22:10:12 | 00,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2009/02/03 22:10:11 | 00,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4usb.sys
[2009/02/03 22:10:10 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4scan.sys
[2009/02/03 22:10:09 | 00,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2009/02/03 22:10:09 | 00,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4prt.sys
[2009/02/03 22:10:05 | 00,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2009/02/03 22:10:05 | 00,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys
[2009/02/03 22:10:04 | 00,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2009/02/03 22:10:02 | 00,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2009/02/03 22:10:01 | 00,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2009/02/03 22:10:00 | 00,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2009/02/03 22:09:59 | 00,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2009/02/03 22:09:58 | 00,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2009/02/03 22:09:57 | 00,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2009/02/03 22:09:55 | 00,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2009/02/03 22:09:54 | 00,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2009/02/03 22:09:53 | 00,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2009/02/03 22:09:34 | 00,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2009/02/03 22:09:33 | 00,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2009/02/03 22:09:29 | 00,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2009/02/03 22:09:28 | 00,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddsmc.sys
[2009/02/03 22:09:26 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc260usd.dll
[2009/02/03 22:09:25 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc240usd.dll
[2009/02/03 22:09:23 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210usd.dll
[2009/02/03 22:09:22 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210_32.dll
[2009/02/03 22:09:20 | 00,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dac960nt.sys
[2009/02/03 22:09:16 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzports.dll
[2009/02/03 22:09:15 | 00,049,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzport.sys
[2009/02/03 22:09:14 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzcoins.dll
[2009/02/03 22:09:12 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyports.dll
[2009/02/03 22:09:11 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyport.sys
[2009/02/03 22:09:10 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyycoins.dll
[2009/02/03 22:09:09 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclom-y.sys
[2009/02/03 22:09:08 | 00,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2009/02/03 22:09:08 | 00,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclad-z.sys
[2009/02/03 22:09:06 | 00,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2009/02/03 22:09:05 | 00,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2009/02/03 22:09:04 | 00,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2009/02/03 22:09:03 | 00,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2009/02/03 22:09:02 | 00,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2009/02/03 22:09:01 | 00,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2009/02/03 22:08:59 | 00,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2009/02/03 22:08:54 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csamsp.dll
[2009/02/03 22:08:52 | 00,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2009/02/03 22:08:51 | 00,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2009/02/03 22:08:50 | 00,021,533 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\cpqndis5.sys
[2009/02/03 22:08:49 | 00,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cpqarray.sys
[2009/02/03 22:08:47 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2009/02/03 22:08:44 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnusd.dll
[2009/02/03 22:08:42 | 00,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2009/02/03 22:08:42 | 00,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmbatt.sys
[2009/02/03 22:08:41 | 00,248,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546xm.sys
[2009/02/03 22:08:40 | 00,170,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546x.dll
[2009/02/03 22:08:39 | 00,111,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl5465.dll
[2009/02/03 22:08:39 | 00,045,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.sys
[2009/02/03 22:08:38 | 00,091,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.dll
[2009/02/03 22:08:37 | 00,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\dllcache\cinemclc.sys
[2009/02/03 22:08:35 | 00,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2009/02/03 22:08:32 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2009/02/03 22:08:31 | 00,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2009/02/03 22:08:30 | 00,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2009/02/03 22:08:29 | 00,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2009/02/03 22:08:29 | 00,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2009/02/03 22:08:28 | 00,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2009/02/03 22:08:27 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cd20xrnt.sys
[2009/02/03 22:08:26 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2009/02/03 22:08:25 | 00,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2009/02/03 22:08:25 | 00,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2009/02/03 22:08:24 | 00,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2009/02/03 22:08:23 | 00,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2009/02/03 22:08:22 | 00,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2009/02/03 22:08:21 | 00,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2009/02/03 22:08:20 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2009/02/03 22:08:19 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.ax
[2009/02/03 22:08:18 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.ax
[2009/02/03 22:08:18 | 00,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.dll
[2009/02/03 22:08:17 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.dll
[2009/02/03 22:08:17 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.ax
[2009/02/03 22:08:16 | 00,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv30.sys
[2009/02/03 22:08:15 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv21.sys
[2009/02/03 22:08:14 | 00,314,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdro21.sys
[2009/02/03 22:07:49 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2009/02/03 22:07:48 | 00,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2009/02/03 22:07:48 | 00,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2009/02/03 22:07:47 | 00,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2009/02/03 22:07:46 | 00,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2009/02/03 22:07:45 | 00,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2009/02/03 22:07:45 | 00,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2009/02/03 22:07:44 | 00,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2009/02/03 22:07:44 | 00,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2009/02/03 22:07:43 | 00,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2009/02/03 22:07:42 | 00,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2009/02/03 22:07:41 | 00,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2009/02/03 22:07:41 | 00,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2009/02/03 22:07:40 | 00,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2009/02/03 22:07:39 | 00,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2009/02/03 22:07:39 | 00,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2009/02/03 22:07:38 | 00,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2009/02/03 22:07:38 | 00,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2009/02/03 22:07:37 | 00,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2009/02/03 22:07:36 | 00,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2009/02/03 22:07:35 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2009/02/03 22:07:35 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2009/02/03 22:07:34 | 00,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2009/02/03 22:07:34 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2009/02/03 22:07:32 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2009/02/03 22:07:31 | 00,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2009/02/03 22:07:30 | 00,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2009/02/03 22:07:29 | 00,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2009/02/03 22:07:29 | 00,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2009/02/03 22:07:28 | 00,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2009/02/03 22:07:28 | 00,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2009/02/03 22:07:27 | 00,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2009/02/03 22:07:26 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2009/02/03 22:07:26 | 00,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2009/02/03 22:07:26 | 00,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2009/02/03 22:07:24 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2009/02/03 22:07:23 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2009/02/03 22:07:22 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2009/02/03 22:07:22 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2009/02/03 22:07:21 | 00,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2009/02/03 22:07:21 | 00,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2009/02/03 22:07:20 | 00,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2009/02/03 22:07:19 | 00,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2009/02/03 22:07:18 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2009/02/03 22:07:16 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2009/02/03 22:07:14 | 00,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2009/02/03 22:07:12 | 00,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2009/02/03 22:07:11 | 00,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2009/02/03 22:07:11 | 00,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2009/02/03 22:07:10 | 00,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2009/02/03 22:07:04 | 00,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2009/02/03 22:07:03 | 00,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2009/02/03 22:07:03 | 00,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2009/02/03 22:07:01 | 00,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2009/02/03 22:07:00 | 00,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2009/02/03 22:07:00 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2009/02/03 22:06:57 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2009/02/03 22:05:23 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2009/02/03 22:05:23 | 00,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2009/02/03 22:05:22 | 00,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2009/02/03 22:05:22 | 00,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2009/02/03 22:05:21 | 00,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2009/02/03 22:05:20 | 00,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2009/02/03 22:05:20 | 00,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2009/02/03 22:05:20 | 00,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2009/02/03 22:05:19 | 00,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2009/02/03 22:05:18 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Teddi\Desktop\OTViewIt.exe
[2009/02/03 22:05:17 | 00,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2009/02/03 22:05:17 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2009/02/03 22:05:16 | 00,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2009/02/03 22:05:15 | 00,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2009/02/03 22:05:14 | 00,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2009/02/03 22:05:14 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2009/02/03 22:05:14 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2009/02/03 22:05:14 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2009/02/03 22:05:13 | 00,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2009/02/03 22:05:13 | 00,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2009/02/03 22:05:13 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2009/02/03 22:05:12 | 00,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2009/02/03 22:04:54 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2009/02/03 22:04:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/02/03 21:42:08 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\prieap.dll
[2009/02/03 21:42:07 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\vtUklkLD.dll
[2009/02/03 20:41:23 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\plhlai.dll
[2009/02/03 20:41:22 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\fccBqrSm.dll
[2009/02/03 20:18:05 | 00,107,272 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/02/03 20:18:05 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/02/03 20:18:05 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG Free 8.0.lnk
[2009/02/03 20:18:00 | 00,325,128 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/02/03 20:17:59 | 00,027,656 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/02/03 20:17:54 | 32,749,615 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/02/03 20:17:54 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/02/03 20:17:54 | 00,368,010 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/02/03 20:17:54 | 00,085,942 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/02/03 20:17:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/02/03 20:17:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Teddi\Application Data\AVGTOOLBAR
[2009/02/03 20:17:41 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/02/03 20:17:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
[2009/02/03 19:40:37 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\cptqnl.dll
[2009/02/03 19:40:36 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\awtuuVOF.dll
[2009/02/03 19:35:05 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\ssqOFUNE.dll
[2009/02/03 19:35:04 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\clickfile.exe
[2009/02/03 07:40:11 | 00,021,393 | ---- | C] () -- C:\Documents and Settings\Teddi\Desktop\kaspersky.html
[2009/02/02 23:09:57 | 06,256,189 | ---- | C] () -- C:\Documents and Settings\Teddi\Desktop\It Doesnt Matter.flv
[2009/02/02 20:22:27 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/02/02 20:22:27 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/02/02 00:01:20 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Teddi\Desktop\Spybot - Search & Destroy.lnk
[2009/01/31 13:18:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Teddi\Desktop\dds
[2009/01/31 11:08:10 | 00,000,000 | ---D | C] -- C:\Program Files\EsetOnlineScanner
[2009/01/31 11:03:44 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/01/31 11:02:25 | 00,348,160 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Teddi\Desktop\OTMoveIt3.exe
[2009/01/31 11:01:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/01/31 11:01:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Teddi\Desktop\erunt
[2009/01/24 22:59:27 | 00,368,971 | ---- | C] () -- C:\Documents and Settings\Teddi\Desktop\dds.scr
[2009/01/24 13:14:45 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2009/01/24 13:14:37 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2009/01/24 13:14:22 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2009/01/23 19:08:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/01/23 18:00:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/01/23 17:56:09 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/01/23 17:50:45 | 00,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2009/01/23 17:50:45 | 00,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2009/01/23 17:50:45 | 00,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2009/01/23 17:50:44 | 00,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2009/01/23 17:50:44 | 00,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2009/01/23 17:50:44 | 00,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2009/01/23 17:50:44 | 00,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2009/01/23 17:50:43 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2009/01/23 17:50:43 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2009/01/23 17:50:43 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2009/01/23 17:50:42 | 00,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2009/01/23 17:50:42 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2009/01/23 17:50:42 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2009/01/23 17:50:42 | 00,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2009/01/23 17:50:42 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2009/01/23 17:50:42 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2009/01/23 17:50:42 | 00,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2009/01/23 17:50:41 | 00,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2009/01/23 17:50:41 | 00,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2009/01/23 17:50:41 | 00,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2009/01/23 17:50:41 | 00,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2009/01/23 17:50:41 | 00,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2009/01/23 17:50:41 | 00,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2009/01/23 17:50:41 | 00,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2009/01/23 17:50:41 | 00,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2009/01/23 17:50:41 | 00,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2009/01/23 17:50:41 | 00,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2009/01/23 17:50:41 | 00,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2009/01/23 17:50:40 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2009/01/23 17:50:40 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wlanapi.dll
[2009/01/23 17:50:37 | 00,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2009/01/23 17:50:37 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[2009/01/23 17:50:37 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viaagp.sys
[2009/01/23 17:50:37 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2009/01/23 17:50:37 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vidcap.ax
[2009/01/23 17:50:37 | 00,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2009/01/23 17:50:37 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2009/01/23 17:50:37 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wacompen.sys
[2009/01/23 17:50:37 | 00,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2009/01/23 17:50:34 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2009/01/23 17:50:34 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2009/01/23 17:50:33 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2009/01/23 17:50:33 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2009/01/23 17:50:32 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2009/01/23 17:50:32 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uagp35.sys
[2009/01/23 17:50:31 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2009/01/23 17:50:31 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tspkg.dll
[2009/01/23 17:50:31 | 00,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2009/01/23 17:50:31 | 00,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2009/01/23 17:50:31 | 00,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2009/01/23 17:50:31 | 00,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2009/01/23 17:50:31 | 00,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2009/01/23 17:50:31 | 00,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2009/01/23 17:50:30 | 00,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2009/01/23 17:50:30 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2009/01/23 17:50:30 | 00,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2009/01/23 17:50:30 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2009/01/23 17:50:30 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2009/01/23 17:50:30 | 00,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2009/01/23 17:50:27 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2009/01/23 17:50:26 | 00,577,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sprc041b.dll
[2009/01/23 17:50:26 | 00,576,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sprc0424.dll
[2009/01/23 17:50:25 | 00,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2009/01/23 17:50:25 | 00,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2009/01/23 17:50:25 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2009/01/23 17:50:25 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2009/01/23 17:50:25 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2009/01/23 17:50:25 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2009/01/23 17:50:25 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2009/01/23 17:50:25 | 00,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2009/01/23 17:50:24 | 00,456,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2009/01/23 17:50:24 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2009/01/23 17:50:24 | 00,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2009/01/23 17:50:24 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2009/01/23 17:50:24 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbali.sys
[2009/01/23 17:50:23 | 00,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2009/01/23 17:50:22 | 00,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2009/01/23 17:50:22 | 00,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2009/01/23 17:50:21 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2009/01/23 17:50:20 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2009/01/23 17:50:20 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setupn.exe
[2009/01/23 17:50:18 | 00,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2009/01/23 17:50:18 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2009/01/23 17:50:18 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rndismpx.sys
[2009/01/23 17:50:18 | 00,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2009/01/23 17:50:18 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2009/01/23 17:50:17 | 00,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2009/01/23 17:50:17 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2009/01/23 17:50:17 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rfcomm.sys
[2009/01/23 17:50:16 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2009/01/23 17:50:16 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasqec.dll
[2009/01/23 17:50:14 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2009/01/23 17:50:14 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qagentrt.dll
[2009/01/23 17:50:14 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2009/01/23 17:50:14 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qagent.dll
[2009/01/23 17:50:14 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2009/01/23 17:50:14 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qutil.dll
[2009/01/23 17:50:14 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2009/01/23 17:50:14 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qcliprov.dll
[2009/01/23 17:50:14 | 00,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2009/01/23 17:50:13 | 00,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2009/01/23 17:50:13 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2009/01/23 17:50:13 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2009/01/23 17:50:13 | 00,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2009/01/23 17:50:13 | 00,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2009/01/23 17:50:13 | 00,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2009/01/23 17:50:13 | 00,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2009/01/23 17:50:13 | 00,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2009/01/23 17:50:12 | 00,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2009/01/23 17:50:12 | 00,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2009/01/23 17:50:12 | 00,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2009/01/23 17:50:12 | 00,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2009/01/23 17:50:12 | 00,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2009/01/23 17:50:12 | 00,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2009/01/23 17:50:12 | 00,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2009/01/23 17:50:12 | 00,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2009/01/23 17:50:10 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2009/01/23 17:50:10 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\onex.dll
[2009/01/23 17:50:08 | 00,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2009/01/23 17:50:05 | 00,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2009/01/23 17:50:05 | 00,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2009/01/23 17:50:03 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2009/01/23 17:50:03 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\napstat.exe
[2009/01/23 17:50:03 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2009/01/23 17:50:02 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2009/01/23 17:50:02 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\napmontr.dll
[2009/01/23 17:50:02 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2009/01/23 17:50:02 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\napipsec.dll
[2009/01/23 17:50:01 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2009/01/23 17:50:01 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2009/01/23 17:50:01 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2009/01/23 17:50:00 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll
[2009/01/23 17:50:00 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2009/01/23 17:50:00 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2009/01/23 17:50:00 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssha.dll
[2009/01/23 17:50:00 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2009/01/23 17:50:00 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msshamsg.dll
[2009/01/23 17:49:54 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiregmv.exe
[2009/01/23 17:49:50 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2009/01/23 17:49:49 | 00,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2009/01/23 17:49:49 | 00,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2009/01/23 17:49:49 | 00,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2009/01/23 17:49:48 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2009/01/23 17:49:48 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\Mmcfxc.dll
[2009/01/23 17:49:48 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2009/01/23 17:49:48 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mmcperf.exe
[2009/01/23 17:49:47 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2009/01/23 17:49:47 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mmcex.dll
[2009/01/23 17:49:47 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2009/01/23 17:49:47 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mmc30.dll
[2009/01/23 17:49:47 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2009/01/23 17:49:45 | 00,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2009/01/23 17:49:45 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2009/01/23 17:49:45 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2009/01/23 17:49:44 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2009/01/23 17:49:37 | 00,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2009/01/23 17:49:37 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2009/01/23 17:49:37 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmsvc.dll
[2009/01/23 17:49:37 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2009/01/23 17:49:37 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\l2store.dll
[2009/01/23 17:49:37 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2009/01/23 17:49:37 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2009/01/23 17:49:37 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpash.dll
[2009/01/23 17:49:37 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnepr.dll
[2009/01/23 17:49:36 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2009/01/23 17:49:36 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2009/01/23 17:49:36 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdiultn.dll
[2009/01/23 17:49:36 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbhc.dll
[2009/01/23 17:49:34 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2009/01/23 17:49:32 | 00,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2009/01/23 17:49:32 | 00,001,261 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pid.inf
[2009/01/23 17:49:31 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2009/01/23 17:49:30 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2009/01/23 17:49:30 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbth.sys
[2009/01/23 17:49:30 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys
[2009/01/23 17:49:30 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidir.sys
[2009/01/23 17:49:29 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2009/01/23 17:49:29 | 00,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2009/01/23 17:49:29 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2009/01/23 17:49:29 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2009/01/23 17:49:29 | 00,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2009/01/23 17:49:29 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2009/01/23 17:49:29 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2009/01/23 17:49:29 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2009/01/23 17:49:29 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2009/01/23 17:49:29 | 00,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2009/01/23 17:49:29 | 00,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2009/01/23 17:49:29 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2009/01/23 17:49:29 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2009/01/23 17:49:29 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2009/01/23 17:49:29 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gagp30kx.sys
[2009/01/23 17:49:29 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2009/01/23 17:49:29 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2009/01/23 17:49:29 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2009/01/23 17:49:29 | 00,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2009/01/23 17:49:29 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2009/01/23 17:49:29 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2009/01/23 17:49:28 | 00,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2009/01/23 17:49:28 | 00,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2009/01/23 17:49:28 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2009/01/23 17:49:28 | 00,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2009/01/23 17:49:28 | 00,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2009/01/23 17:49:28 | 00,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2009/01/23 17:49:28 | 00,109,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2009/01/23 17:49:28 | 00,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2009/01/23 17:49:28 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2009/01/23 17:49:28 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2009/01/23 17:49:28 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2009/01/23 17:49:28 | 00,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2009/01/23 17:49:28 | 00,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2009/01/23 17:49:28 | 00,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2009/01/23 17:49:28 | 00,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2009/01/23 17:49:28 | 00,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2009/01/23 17:49:28 | 00,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2009/01/23 17:49:28 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2009/01/23 17:49:28 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2009/01/23 17:49:28 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2009/01/23 17:49:28 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2009/01/23 17:49:28 | 00,015,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2009/01/23 17:49:28 | 00,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2009/01/23 17:49:27 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2009/01/23 17:49:27 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\eapp3hst.dll
[2009/01/23 17:49:27 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2009/01/23 17:49:27 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\eapphost.dll
[2009/01/23 17:49:27 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2009/01/23 17:49:27 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\eappcfg.dll
[2009/01/23 17:49:27 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2009/01/23 17:49:27 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\eappgnui.dll
[2009/01/23 17:49:27 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2009/01/23 17:49:27 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\eapqec.dll
[2009/01/23 17:49:27 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2009/01/23 17:49:27 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\eappprxy.dll
[2009/01/23 17:49:27 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2009/01/23 17:49:27 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\eapsvc.dll
[2009/01/23 17:49:27 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2009/01/23 17:49:27 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\eapolqec.dll
[2009/01/23 17:49:25 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2009/01/23 17:49:25 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot3ui.dll
[2009/01/23 17:49:25 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2009/01/23 17:49:25 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot3svc.dll
[2009/01/23 17:49:25 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2009/01/23 17:49:25 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot3cfg.dll
[2009/01/23 17:49:25 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2009/01/23 17:49:25 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot3msm.dll
[2009/01/23 17:49:25 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2009/01/23 17:49:25 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot3clnt.dll
[2009/01/23 17:49:25 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2009/01/23 17:49:25 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot3api.dll
[2009/01/23 17:49:25 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2009/01/23 17:49:25 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot3dlg.dll
[2009/01/23 17:49:24 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2009/01/23 17:49:24 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dimsroam.dll
[2009/01/23 17:49:24 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2009/01/23 17:49:24 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dimsntfy.dll
[2009/01/23 17:49:24 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2009/01/23 17:49:23 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhcpqec.dll
[2009/01/23 17:49:23 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2009/01/23 17:49:22 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2009/01/23 17:49:21 | 00,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2009/01/23 17:49:21 | 00,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2009/01/23 17:49:21 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\credssp.dll
[2009/01/23 17:49:21 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2009/01/23 17:49:21 | 00,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2009/01/23 17:49:21 | 00,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2009/01/23 17:49:21 | 00,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2009/01/23 17:49:20 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2009/01/23 17:49:20 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2009/01/23 17:49:20 | 00,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2009/01/23 17:49:20 | 00,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2009/01/23 17:49:20 | 00,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2009/01/23 17:49:19 | 00,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2009/01/23 17:49:18 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\azroles.dll
[2009/01/23 17:49:18 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2009/01/23 17:49:18 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2009/01/23 17:49:18 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthmodem.sys
[2009/01/23 17:49:18 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2009/01/23 17:49:18 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthusb.sys
[2009/01/23 17:49:18 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2009/01/23 17:49:18 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthenum.sys
[2009/01/23 17:49:18 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx4.dll
[2009/01/23 17:49:18 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2009/01/23 17:49:18 | 00,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2009/01/23 17:49:17 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2009/01/23 17:49:17 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2009/01/23 17:49:17 | 00,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2009/01/23 17:49:15 | 00,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2009/01/23 17:49:14 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2009/01/23 17:49:14 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\alim1541.sys
[2009/01/23 17:49:13 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2009/01/23 17:49:13 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agpcpq.sys
[2009/01/23 17:49:13 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2009/01/23 17:49:13 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agp440.sys
[2009/01/23 17:49:13 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2009/01/23 17:49:13 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2009/01/23 17:49:13 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2009/01/23 17:49:13 | 00,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2009/01/23 17:34:25 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Teddi\Desktop\HijackThis.lnk
[2009/01/23 17:34:25 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/01/22 22:11:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/01/20 21:19:59 | 00,036,864 | ---- | C] () -- C:\Documents and Settings\Teddi\My Documents\Scott CPA Letter.doc
[2009/01/20 20:54:39 | 00,033,792 | ---- | C] () -- C:\Documents and Settings\Teddi\Desktop\Scott CFE Recommendation Letter.doc
[2009/01/18 18:04:40 | 00,000,000 | ---D | C] -- C:\Program Files\Power Wallpaper Changer
[2009/01/17 16:10:09 | 00,096,978 | ---- | C] (Business Information Solutions) -- C:\Documents and Settings\Teddi\My Documents\VirtumundoBeGone.exe
[2009/01/17 15:08:39 | 00,168,592 | ---- | C] () -- C:\Documents and Settings\Teddi\My Documents\FxVMonde.exe
[2009/01/17 01:03:22 | 00,000,779 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AnVir Task Manager Pro.lnk
[2009/01/17 01:03:22 | 00,000,000 | ---D | C] -- C:\Program Files\AnVir Task Manager Pro
[2009/01/17 01:03:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Teddi\Local Settings\Application Data\AnVir
[2009/01/17 00:53:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
[2009/01/17 00:48:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Teddi\Local Settings\Application Data\Help
[2009/01/17 00:48:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Teddi\Application Data\Help
[2009/01/17 00:40:58 | 00,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2009/01/16 21:19:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Teddi\Local Settings\Application Data\{A8DB923E-32BA-407D-8D72-F2BD15EDC218}
[2009/01/14 20:50:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2009/01/14 20:47:53 | 15,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Teddi\Desktop\spybotsd160.exe

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[9 C:\WINDOWS\*.tmp files]
[2009/02/03 22:05:20 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Teddi\Desktop\OTViewIt.exe
[2009/02/03 21:42:08 | 00,129,024 | ---- | M] () -- C:\WINDOWS\System32\vtUklkLD.dll
[2009/02/03 21:42:08 | 00,129,024 | ---- | M] () -- C:\WINDOWS\System32\prieap.dll
[2009/02/03 20:41:23 | 00,129,024 | ---- | M] () -- C:\WINDOWS\System32\plhlai.dll
[2009/02/03 20:41:23 | 00,129,024 | ---- | M] () -- C:\WINDOWS\System32\fccBqrSm.dll
[2009/02/03 20:21:56 | 32,749,615 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/02/03 20:21:40 | 00,085,942 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/02/03 20:18:05 | 00,107,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/02/03 20:18:05 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/02/03 20:18:05 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG Free 8.0.lnk
[2009/02/03 20:18:00 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/02/03 20:17:59 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/02/03 20:17:54 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/02/03 20:17:54 | 00,368,010 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/02/03 19:40:37 | 00,129,024 | ---- | M] () -- C:\WINDOWS\System32\cptqnl.dll
[2009/02/03 19:40:37 | 00,129,024 | ---- | M] () -- C:\WINDOWS\System32\awtuuVOF.dll
[2009/02/03 19:35:05 | 00,035,328 | ---- | M] () -- C:\WINDOWS\System32\ssqOFUNE.dll
[2009/02/03 19:35:04 | 00,045,568 | ---- | M] () -- C:\WINDOWS\System32\clickfile.exe
[2009/02/03 19:20:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/02/03 19:20:02 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/02/03 19:19:15 | 04,832,792 | -H-- | M] () -- C:\Documents and Settings\Teddi\Local Settings\Application Data\IconCache.db
[2009/02/03 11:37:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/02/03 07:40:11 | 00,021,393 | ---- | M] () -- C:\Documents and Settings\Teddi\Desktop\kaspersky.html
[2009/02/02 23:11:05 | 06,256,189 | ---- | M] () -- C:\Documents and Settings\Teddi\Desktop\It Doesnt Matter.flv
[2009/02/02 20:22:27 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/02/02 20:22:27 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/02/02 00:01:20 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Teddi\Desktop\Spybot - Search & Destroy.lnk
[2009/01/31 13:08:26 | 00,000,624 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/01/31 13:08:26 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/01/31 13:08:26 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/01/31 11:02:27 | 00,348,160 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Teddi\Desktop\OTMoveIt3.exe
[2009/01/29 08:00:31 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/24 22:59:28 | 00,368,971 | ---- | M] () -- C:\Documents and Settings\Teddi\Desktop\dds.scr
[2009/01/24 13:17:37 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\Teddi\My Documents\desktop.ini
[2009/01/24 13:16:34 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/01/24 12:23:08 | 00,296,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/23 19:10:16 | 00,400,578 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/01/23 19:10:16 | 00,342,316 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/01/23 19:10:16 | 00,052,580 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/01/23 19:09:50 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/01/23 17:59:18 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/01/23 17:34:25 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Teddi\Desktop\HijackThis.lnk
[2009/01/20 21:19:59 | 00,036,864 | ---- | M] () -- C:\Documents and Settings\Teddi\My Documents\Scott CPA Letter.doc
[2009/01/20 20:54:40 | 00,033,792 | ---- | M] () -- C:\Documents and Settings\Teddi\Desktop\Scott CFE Recommendation Letter.doc
[2009/01/17 13:44:32 | 00,168,592 | ---- | M] () -- C:\Documents and Settings\Teddi\My Documents\FxVMonde.exe
[2009/01/17 13:41:04 | 00,096,978 | ---- | M] (Business Information Solutions) -- C:\Documents and Settings\Teddi\My Documents\VirtumundoBeGone.exe
[2009/01/17 01:03:22 | 00,000,779 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AnVir Task Manager Pro.lnk
[2009/01/14 20:47:53 | 15,083,520 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Teddi\Desktop\spybotsd160.exe
[2009/01/09 20:35:28 | 20,853,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >

Extras.txt:
OTViewIt Extras logfile created on: 2/3/2009 10:35:49 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Teddi\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.10 Mb Total Physical Memory | 405.43 Mb Available Physical Memory | 40.02% Memory free
2.38 Gb Paging File | 1.77 Gb Available in Paging File | 74.05% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.04 Gb Total Space | 55.77 Gb Free Space | 18.71% Space Free | Partition Type: NTFS
Drive D: | 583.18 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MIKURU
Current User Name: Teddi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2006/11/03 02:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2008/03/30 09:36:34 | 20,638,504 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/11/28 16:16:15 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:μTorrent
[2008/10/31 14:22:38 | 00,050,480 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2009/02/03 20:17:41 | 01,032,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2009/02/03 20:17:45 | 00,592,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2003/07/11 01:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2009/02/03 20:17:53 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])
msdaipp: [HKLM - No CLSID value]
[2003/07/11 01:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2003/07/11 01:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2000/04/19 17:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[2005/06/02 23:36:20 | 07,252,672 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[2005/04/25 12:29:56 | 08,071,360 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/14 21:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}"=Apple Software Update
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}"=Roxio Creator Tools
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}"=WD Diagnostics
"{0D397393-9B50-4c52-84D5-77E344289F87}"=Roxio Creator Data
"{179C56A4-F57F-4561-8BBF-F911D26EB435}"=WebReg
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}"=QuickTime
"{190C7419-C254-408e-81F8-BE11FCD72A1F}"=dj_sf_software
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{281ECE39-F043-492B-8337-F2E546B5604A}"=PowerDVD
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}"=Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Roxio Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}"=Sonic Activation Module
"{42929F0F-CE14-47AF-9FC7-FF297A603021}"=Dell Resource CD
"{44734179-8A79-4DEE-BB08-73037F065543}"=Apple Mobile Device Support
"{58535A90-1788-44f5-80BB-CFF62D9CE6D5}"=HP Deskjet 8.0 Software
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}"=iTunes
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}"=Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Roxio Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}"=HPProductAssistant
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}"=Intel® PRO Network Connections 12.1.12.0
"{83FFCFC7-88C6-41c6-8752-958A45325C82}"=Roxio Creator Audio
"{8C6027FD-53DC-446D-BB75-CACD7028A134}"=HP Update
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting
"{978C25EE-5777-46e4-8988-732C297CBDBD}"=Status
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}"=SolutionCenter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AC76BA86-7AD7-5760-0000-800000000003}"=Japanese Fonts Support For Adobe Reader 8
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}"=BufferChm
"{C716522C-3731-4667-8579-40B098294500}"=Toolbox
"{C7E154EF-D5EC-4da4-9D00-43B85967B120}"=dj_sf_ProductContext
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}"=Roxio Creator DE
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}"=Roxio MyDVD DE
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}"=UnloadSupport
"{EB21A812-671B-4D08-B974-2A347F0D8F70}"=HP Photosmart Essential
"{EFF78ADB-B586-4b49-8473-F2441B47F9AD}"=D1400_Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F327A8F7-00C6-4491-9782-1DFFBB0594A2}"=dj_sf_software_req
"{F6E69D86-4A9D-436D-AAE7-B764EA87420D}"=D1400
"{FF075778-6E50-47ed-991D-3B07FD4E3250}"=TrayApp
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"AIM_6"=AIM 6
"AnVir Task Manager Pro"=AnVir Task Manager Pro
"AVG8Uninstall"=AVG Free 8.0
"Combined Community Codec Pack_is1"=Combined Community Codec Pack 2008-01-24
"EsetOnlineScanner"=ESET Online Scanner
"HDMI"=Intel® Graphics Media Accelerator Driver
"HijackThis"=HijackThis 2.0.2
"HP Imaging Device Functions"=HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools"=HP Solution Center 8.0
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"LiveUpdate"=LiveUpdate 3.1 (Symantec Corporation)
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Security Task Manager"=Security Task Manager 1.7g
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC"=Windows Imaging Component
"Windows XP Service Pack"=Windows XP Service Pack 3
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/23/2009 9:16:35 PM | Computer Name = MIKURU | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0077101c.

Error - 1/24/2009 2:33:14 PM | Computer Name = MIKURU | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/24/2009 2:33:14 PM | Computer Name = MIKURU | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 1/31/2009 6:17:28 PM | Computer Name = MIKURU | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00cd101c.

Error - 1/31/2009 7:01:08 PM | Computer Name = MIKURU | Source = Application Error | ID = 1001
Description = Fault bucket 1076779660.

Error - 2/3/2009 12:06:52 AM | Computer Name = MIKURU | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00f2101c.

Error - 2/3/2009 4:36:28 AM | Computer Name = MIKURU | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00d4101c.

Error - 2/3/2009 2:47:06 PM | Computer Name = MIKURU | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00e9101c.

Error - 2/3/2009 11:22:26 PM | Computer Name = MIKURU | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.3.25, faulting module
teatimer.exe, version 1.6.3.25, fault address 0x00001c49.

Error - 2/3/2009 11:22:43 PM | Computer Name = MIKURU | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.3.25, faulting module
teatimer.exe, version 1.6.3.25, fault address 0x000042e8.

[ System Events ]
Error - 1/24/2009 11:39:46 PM | Computer Name = MIKURU | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 1/24/2009 11:39:50 PM | Computer Name = MIKURU | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/24/2009 11:43:13 PM | Computer Name = MIKURU | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/29/2009 10:09:51 PM | Computer Name = MIKURU | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/29/2009 10:10:45 PM | Computer Name = MIKURU | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm

Error - 1/29/2009 10:11:29 PM | Computer Name = MIKURU | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/31/2009 7:01:09 PM | Computer Name = MIKURU | Source = Service Control Manager | ID = 7031
Description = The DCOM Server Process Launcher service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.

Error - 1/31/2009 7:01:09 PM | Computer Name = MIKURU | Source = Service Control Manager | ID = 7034
Description = The Terminal Services service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/3/2009 8:18:15 PM | Computer Name = MIKURU | Source = Service Control Manager | ID = 7031
Description = The DCOM Server Process Launcher service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.

Error - 2/3/2009 8:18:15 PM | Computer Name = MIKURU | Source = Service Control Manager | ID = 7034
Description = The Terminal Services service terminated unexpectedly. It has done
this 1 time(s).


< End of report >

#14 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:05:12 AM

Posted 05 February 2009 - 02:51 AM

Hello,

Yes well done for installing an Antivirus, you should always have antivirus software installed, especially if your connected to the internet. It's pretty much suicide without one. Spybot is also a very good program, that you should keep.

I see a few more bad entries in the OTVI log. So lets do this:

Disable Teatimer

I see your running Teatimer. Although this service is great to have, it has a tendency to interfere with some of the tools we use. Therefore we must disable it using the steps below:
  • Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
  • On the left hand side, click on Tools, then click on the Resident Icon in the list.
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • Click on the "System Startup" icon in the List
  • Uncheck the "TeaTimer" box and "OK" any prompts.
  • If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
  • Exit Spybot S&D when done.
  • (When we are done, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.]
OTMoveIt

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_Dlls"=""
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqOFUNE]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=""
    
    :files
    C:\WINDOWS\*.tmp
    C:\WINDOWS\System32\*.tmp
    C:\WINDOWS\System32\prieap.dll
    C:\WINDOWS\System32\vtUklkLD.dll
    C:\WINDOWS\System32\plhlai.dll
    C:\WINDOWS\System32\fccBqrSm.dll
    C:\WINDOWS\System32\cptqnl.dll
    C:\WINDOWS\System32\awtuuVOF.dll
    C:\WINDOWS\System32\ssqOFUNE.dll
    C:\WINDOWS\System32\clickfile.exe
    C:\WINDOWS\QTFont.qfn
    C:\WINDOWS\QTFont.for
    
    :commands
    [EmptyTemp]
    [Reboot]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
ComboFix

Please download ComboFix from one of these locations (if you already have ComboFix, then delete it and download again) :

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. See this topic to find out how to disable your antivirus and firewall (post #1 and #2).
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

NOTE**ComboFix was intended to be used under the supervision of a helper, not for general use. This is a powerful tool which can permanently damage your computer.

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

ReScan

Please rescan with OTViewIt and post the logs. Also, can you change your wallpaper now? Has the svchost error occured lately?
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#15 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:05:12 AM

Posted 08 February 2009 - 10:16 AM

Hello,

Are you there?
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users