Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Heur? - Bit defender detected but no action possible


  • This topic is locked This topic is locked
16 replies to this topic

#1 fuzzywz

fuzzywz

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 02 April 2009 - 01:02 AM

HOW I GOT IT:

Really stupid actually. I downloaded a file called "update.exe" from a video website requesting to update my codec from a sketchy popup. Normally red flags would fly in my head but I was running on fumes and was extremely tired. I d/l and actually checked it with bit defender and it gave the green light that the file was clean. Opened it, then bit defender went off and said Trojan.Heur was discovered and Bit Defender couldn't do anything about it (no quarantine, deletion or anything). Anyway the file I downloaded disappeared and I suspected the possibility of having it so I ran a full system scan and deep system scan overnight.

Woke up the next morning to check on the results and immediately my screen went blue screen of death, saying I needed a memory dump to prevent more damage .. . .blah blah . . . IRQ_EQUAL_TO . . . something . . .

SYMPTOMS:

After rebooting, my 1 Tb usb removable hard drive had no partition, and it asked me to format.

Then tried to search "heur" in google and a bunch of results came up that when I clicked on the ones regarding trojan information, lead me to websites that weren't related to the link at all (ie. looking for trojan information and shopping site came up - very spyware and adware like).

After a necessary reboot, bitdefender no longer is on the system icon tray upon bootup. I also have Malwarebytes Anti-Malware on the system icon tray but I can't double click on it to open it.

Just ran CCleaner in safe mode . . . typing this from another computer right now.

BTW I am pretty sure the virus detected was Heur but BitDefender was too fast to see and I didn't write it down right away . . . my assumption is that it is . . .

Here is my dds log is this - cheers:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Ferlin at 23:07:06.39 on Wed 04/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.512.259 [GMT -6:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated)
AV: avast! antivirus 4.8.1335 [VPS 090401-0] *On-access scanning disabled* (Updated)
FW: BitDefender Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\iPod Access for Windows\iPAHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\SLEE503.exe
C:\Program Files\SlimServer\server\slim.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\IPMonitor\IPMonitor.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Ferlin\Desktop\dds.PIF

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Bar =
mSearch Bar =
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [IP Monitor] c:\program files\ipmonitor\IPMonitor.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [CTStartup] c:\program files\creative\sbaudigy\program\CTEaxSpl.EXE /run
mRun: [WINDVDPatch] CTHELPER.EXE
mRun: [UpdReg] c:\windows\Updreg.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [POINTER] c:\program files\microsoft hardware\mouse\point32.exe
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Palm MulitUser Config] c:\program files\palm\Configtool.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [IntelliType] "c:\program files\microsoft hardware\keyboard\type32.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [Jet Detection] c:\program files\creative\sbaudigy\program\ADGJDet.exe
mRun: [NWEReboot]
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [EPSON Stylus Photo RX500] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB002" /M "Stylus Photo RX500"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [SSS6_Suite] "c:\program files\steganos security suite 6\sss.exe" /booting
dRun: [SSS6_SAFE] "c:\program files\steganos security suite 6\safe.exe" /booting
dRun: [SSS6_SPM] "c:\program files\steganos security suite 6\spm.exe" /booting
dRun: [Norton SystemWorks] "c:\program files\norton systemworks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quickenw\bagent.exe
uPolicies-explorer: <NO NAME> =
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download with GetRight - c:\program files\getright\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\getright\GRbrowse.htm
IE: Send To &Bluetooth - c:\program files\iogear\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\iogear\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\MSMSGS.EXE
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15009/CTSUEng.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {33363249-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/i263_32.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20021017/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} - hxxp://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://207.188.7.150/26bbe1d0a90c56503b03/netzip/RdxIE601.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186420284296
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186420268609
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxp://transfers.one.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - hxxp://toolbar.google.com/data/GoogleActivate.cab
DPF: {99888952-AC62-437C-AFC6-7B5CF05A7F2F} - hxxp://download.ourgame.com/IEDown.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37967.9649768519
DPF: {CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_01-win.cab
DPF: {CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_03-win.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?316
DPF: {EF58E341-49C3-4156-A3C4-5FFCA7C1EAB7} - hxxp://www.euras.com/euras/router.CAB
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15009/CTPID.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ferlin\applic~1\mozilla\firefox\profiles\default.lqm\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\ferlin\application data\mozilla\firefox\profiles\default.lqm\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\ferlin\application data\mozilla\firefox\profiles\default.lqm\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll

============= SERVICES / DRIVERS ===============

R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [2004-5-15 140800]
R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [2004-5-15 5504]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-1 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-1 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-4-1 138680]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [2008-7-2 82696]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-1-7 170640]
R2 nvTUNEP;nVidia WDM TVTuner;c:\windows\system32\drivers\NVTUNEP.SYS [2002-10-10 16064]
R2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\drivers\NVTVSND.SYS [2002-10-10 14048]
R2 SLEE_503_DRIVER;Steganos Live Encryption Engine (Version 503) [Driver];c:\windows\system32\drivers\slee503.sys [2002-11-28 84736]
R2 VPCAppSv;Virtual PC Application Services;c:\windows\system32\drivers\vpcappsv.sys [2003-3-14 10374]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-8-12 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-8-14 104328]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-1-7 15504]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2008-7-17 118784]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-4-1 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-4-1 352920]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-1-6 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-1-6 8320]
S3 pohci13F;pohci13F;\??\c:\docume~1\ferlin\locals~1\temp\pohci13f.sys --> c:\docume~1\ferlin\locals~1\temp\pohci13F.sys [?]
S3 UBFWNet;Unibrain 1394 FireNet Adapter NT Driver;c:\windows\system32\drivers\ubfwnet.sys [2002-10-11 32016]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [2002-10-10 72576]

=============== Created Last 30 ================

2009-04-01 23:00 <DIR> --d----- C:\HJT
2009-04-01 21:15 <DIR> --d----- c:\program files\CCleaner
2009-04-01 20:48 563 a------- c:\windows\system32\BDUpdateV1.xml
2009-04-01 20:16 81,984 a------- c:\windows\system32\bdod.bin
2009-03-26 23:12 850 a------- c:\windows\system32\ProductTweaks.xml
2009-03-26 23:12 385 a------- c:\windows\system32\user_gensett.xml
2009-03-26 22:57 <DIR> --d----- c:\windows\system32\logs
2009-03-26 22:57 <DIR> --d----- c:\docume~1\ferlin\applic~1\BitDefender
2009-03-26 22:56 <DIR> --d----- c:\program files\BitDefender
2009-03-26 22:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BitDefender
2009-03-26 22:49 <DIR> --d----- c:\program files\common files\BitDefender
2009-03-03 23:07 114,944 a------- C:\viamraid.sys
2009-03-03 23:07 11,478 a------- C:\viamraid.cat
2009-03-03 23:07 2,781 a------- C:\VIAMRAID.INF

==================== Find3M ====================

2009-04-01 20:14 104,328 a------- c:\windows\system32\drivers\bdfndisf.sys
2009-03-26 23:37 242,184 a------- c:\windows\system32\drivers\bdfsfltr.sys
2009-03-26 23:37 192,512 a------- c:\windows\system32\txmlutil.dll
2009-03-26 23:37 111,112 a------- c:\windows\system32\drivers\bdfm.sys
2009-03-26 23:37 82,696 a------- c:\windows\system32\drivers\BDVEDISK.sys
2009-02-19 11:25 410,984 a------- c:\windows\system32\deploytk.dll
2007-01-12 22:45 87,608 a------- c:\docume~1\ferlin\applic~1\ezpinst.exe
2007-01-12 22:45 47,360 a------- c:\docume~1\ferlin\applic~1\pcouffin.sys
2006-05-14 10:00 24,192 a------- c:\documents and settings\ferlin\usbsermptxp.sys
2006-05-14 10:00 22,768 a------- c:\documents and settings\ferlin\usbsermpt.sys
2005-05-04 21:23 1,806 a---h--- c:\documents and settings\ferlin\hpothb07.dat
2003-04-26 18:53 30,696 a------- c:\docume~1\ferlin\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 23:08:53.06 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:38 AM

Posted 02 April 2009 - 05:15 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 fuzzywz

fuzzywz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 03 April 2009 - 12:50 AM

Hi Sam! Sorry for the late reply. Thanks for helping me - I really appreciate it. :thumbup2:

My bitdefender is acting up on me so I disabled it (computer wouldn't completely boot up without crashing until i ended the bitdefender agent process) but I still have Avast running. Also now my Quick Launch has disappeared . . . don't know if that's cause I went into safe mode or what . . .

Also my computer is not starting firefox anymore. Using IE now . . .

Anyway here is the OTlistit2 log, GMER to follow in next thread:

OTListIt logfile created on: 4/2/2009 8:54:35 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.9.1 Folder = C:\Documents and Settings\Ferlin\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.53 Mb Total Physical Memory | 156.64 Mb Available Physical Memory | 30.62% Memory free
1.22 Gb Paging File | 0.64 Gb Available in Paging File | 52.32% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 31.72 Gb Free Space | 42.57% Space Free | Partition Type: NTFS
Drive D: | 0.83 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 97.65 Gb Total Space | 8.19 Gb Free Space | 8.38% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KANGFERLIN
Current User Name: Ferlin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/04/01 20:15:24 | 00,415,024 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2009/04/01 20:15:02 | 01,626,112 | ---- | M] (BitDefender S. R. L.) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
PRC - [2009/02/05 14:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/05 14:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE
PRC - [2007/11/14 22:46:00 | 00,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe
PRC - [2008/10/28 17:42:30 | 00,156,968 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2004/08/04 01:56:52 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2007/04/05 22:35:40 | 01,543,614 | ---- | M] () -- C:\Program Files\iPod Access for Windows\iPAHelper.exe
PRC - [2009/02/19 11:25:52 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/01/04 19:38:18 | 00,170,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2002/10/19 09:50:07 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2003/07/28 16:19:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2003/12/11 04:09:34 | 00,046,592 | R--- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\wdsvc.exe
PRC - [2002/11/28 12:10:04 | 00,040,960 | ---- | M] () -- C:\WINDOWS\System32\SLEE503.exe
PRC - [2004/11/15 13:05:24 | 04,251,711 | ---- | M] () -- C:\Program Files\SlimServer\server\slim.exe
PRC - [2005/05/07 01:46:25 | 00,126,976 | ---- | M] () -- C:\WINDOWS\System32\UAService7.exe
PRC - [2004/08/04 01:56:50 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/02/05 14:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/05 14:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/03/19 00:10:40 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2003/10/06 15:57:32 | 00,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
PRC - [2004/09/29 00:12:48 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2002/03/21 22:41:56 | 00,094,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
PRC - [2008/04/23 02:08:13 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
PRC - [2009/02/19 11:25:52 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2003/06/02 03:00:00 | 00,099,840 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
PRC - [2008/11/20 14:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/10/28 17:42:12 | 00,181,544 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
PRC - [2009/01/04 19:38:20 | 00,399,504 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2009/02/05 14:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2004/12/02 17:44:34 | 00,492,032 | ---- | M] (Barefoot Productions, Inc.) -- C:\Program Files\IPMonitor\IPMonitor.exe
PRC - [2006/06/26 16:13:40 | 01,207,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2008/12/03 13:47:34 | 01,205,760 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2006/06/26 16:13:24 | 00,187,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2002/05/29 14:57:06 | 00,323,646 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
PRC - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2002/05/29 15:07:18 | 00,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2002/05/29 15:19:20 | 00,303,104 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
PRC - [2008/11/11 10:38:06 | 00,620,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008/06/03 09:02:34 | 00,119,808 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008/09/19 09:52:04 | 00,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008/10/27 15:08:04 | 00,128,000 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2008/08/22 23:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Iexplore.exe
PRC - [2009/04/02 20:46:24 | 00,499,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ferlin\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2005/06/28 22:55:36 | 00,069,632 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/17 13:06:56 | 00,118,784 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -- (Arrakis3 [On_Demand | Stopped])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/05 14:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/02/05 14:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 14:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/02/05 14:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - File not found -- -- (btwdins [Auto | Stopped])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2007/11/14 22:46:00 | 00,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize [Auto | Running])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/10/28 17:42:30 | 00,156,968 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service [Auto | Running])
SRV - [2009/03/19 00:10:39 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/04 01:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2004/08/04 01:56:52 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN [Auto | Running])
SRV - [2007/04/05 22:35:40 | 01,543,614 | ---- | M] () -- C:\Program Files\iPod Access for Windows\iPAHelper.exe -- (iPAHelper.exe [Auto | Running])
SRV - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/02/19 11:25:52 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/04/01 20:15:24 | 00,415,024 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV [Auto | Running])
SRV - [2009/01/04 19:38:18 | 00,170,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService [Auto | Running])
SRV - [2002/10/19 09:50:07 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
SRV - File not found -- -- (MySql [Auto | Stopped])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 16:19:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2002/03/15 14:37:46 | 00,081,920 | R--- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2003/12/11 04:09:34 | 00,046,592 | R--- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\wdsvc.exe -- (RetroWDSvc [Auto | Running])
SRV - [2009/03/26 23:33:26 | 00,323,584 | ---- | M] (S.C. BitDefender S.R.L) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan [On_Demand | Stopped])
SRV - [2008/11/11 10:38:06 | 00,620,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running])
SRV - [2002/11/28 12:10:04 | 00,040,960 | ---- | M] () -- C:\WINDOWS\System32\SLEE503.exe -- (SLEE_503_SERVICE [Auto | Running])
SRV - [2004/11/15 13:05:24 | 04,251,711 | ---- | M] () -- C:\Program Files\SlimServer\server\slim.exe -- (slimsvc [Auto | Running])
SRV - [2004/08/04 01:56:52 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (SMTPSVC [Auto | Running])
SRV - [2002/12/24 12:01:22 | 00,065,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
SRV - [2004/09/22 19:46:10 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
SRV - [2005/05/07 01:46:25 | 00,126,976 | ---- | M] () -- C:\WINDOWS\System32\UAService7.exe -- (UserAccess7 [Auto | Running])
SRV - [2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [1998/06/06 01:00:00 | 00,034,036 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe -- (Visual Studio Analyzer RPC bridge [On_Demand | Stopped])
SRV - [2009/04/01 20:15:02 | 01,626,112 | ---- | M] (BitDefender S. R. L.) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV [Auto | Running])
SRV - [2004/08/04 01:56:52 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2009/02/05 14:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2004/10/07 19:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K [System | Running])
DRV - [1997/04/22 10:16:00 | 00,006,272 | ---- | M] () -- C:\WINDOWS\system32\drivers\aslm75.sys -- (aslm75 [Auto | Running])
DRV - [2005/11/20 23:48:20 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Auto | Running])
DRV - [2009/02/05 14:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/02/05 14:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/02/05 14:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/02/05 14:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/02/05 14:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2009/03/26 23:37:19 | 00,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm [On_Demand | Running])
DRV - [2009/04/01 20:14:51 | 00,104,328 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\system32\DRIVERS\bdfndisf.sys -- (Bdfndisf [On_Demand | Running])
DRV - [2009/03/26 23:37:20 | 00,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr [On_Demand | Running])
DRV - [2009/03/26 23:33:35 | 00,137,224 | ---- | M] (BitDefender LLC) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif [System | Running])
DRV - [2008/02/26 17:12:40 | 00,008,448 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys -- (BDSelfPr [On_Demand | Running])
DRV - [2009/03/26 23:33:42 | 00,082,696 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys -- (BDVEDISK [Auto | Running])
DRV - [2003/08/14 12:22:44 | 00,051,848 | ---- | M] (WIDCOMM, Inc.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
DRV - [2004/06/25 18:13:42 | 00,818,816 | ---- | M] (C-Media Inc) -- C:\WINDOWS\system32\drivers\cmuda.sys -- (cmuda [On_Demand | Stopped])
DRV - [2003/10/21 18:22:18 | 00,645,360 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
DRV - [2003/10/08 11:06:04 | 00,366,160 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
DRV - [2003/10/14 12:17:56 | 00,332,800 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
DRV - [2003/10/08 11:08:12 | 00,006,096 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
DRV - [2003/10/08 11:09:10 | 00,130,288 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2006/01/30 03:00:00 | 00,321,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2003/10/13 18:42:12 | 00,145,488 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
DRV - [2004/08/04 02:05:44 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/03/24 20:42:07 | 00,005,248 | ---- | M] () -- C:\WINDOWS\System32\giveio.sys -- (giveio [On_Demand | Stopped])
DRV - [2003/10/21 18:26:08 | 00,904,496 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
DRV - [2003/10/21 18:23:44 | 00,148,432 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\hap16v2k.sys -- (hap16v2k [On_Demand | Stopped])
DRV - [2002/02/15 12:26:22 | 00,050,960 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2002/03/21 11:37:52 | 00,016,112 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2002/03/08 04:49:26 | 00,022,512 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2002/04/11 12:47:52 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\IPFilter.sys -- (IPFilter [On_Demand | Stopped])
DRV - [2009/01/04 19:38:18 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector [On_Demand | Running])
DRV - [2003/06/05 20:34:17 | 00,028,276 | ---- | M] (MusicMatch, Inc.) -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k [On_Demand | Running])
DRV - [2008/09/15 08:56:24 | 00,017,664 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])
DRV - [2008/09/15 08:56:24 | 00,022,016 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])
DRV - [2008/02/01 16:17:12 | 00,138,112 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu [On_Demand | Stopped])
DRV - [2008/02/01 16:17:06 | 00,008,320 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc [On_Demand | Stopped])
DRV - [2003/07/28 16:19:00 | 01,341,339 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2002/06/06 20:12:00 | 00,106,012 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvcap.sys -- (nvcap [Auto | Running])
DRV - [2002/06/06 20:12:00 | 00,016,064 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvtunep.sys -- (nvTUNEP [Auto | Running])
DRV - [2002/06/06 20:12:00 | 00,014,048 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvtvsnd.sys -- (nvtvSND [Auto | Running])
DRV - [2002/06/06 20:12:00 | 00,010,398 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVxbar.sys -- (NVXBAR [Auto | Stopped])
DRV - [2003/10/08 11:06:50 | 00,178,672 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2003/04/08 15:14:50 | 00,038,656 | ---- | M] (Motorola Inc) -- C:\WINDOWS\System32\DRIVERS\P2k.sys -- (P2k [On_Demand | Stopped])
DRV - [2003/06/11 18:30:02 | 00,016,772 | R--- | M] (Palm, Inc.) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Stopped])
DRV - [2008/08/26 10:26:12 | 00,018,816 | ---- | M] (Nokia) -- C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])
DRV - [2007/01/12 22:45:03 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
DRV - [2002/01/17 15:23:44 | 00,013,924 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2003/03/05 16:07:46 | 00,015,840 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\PfModNT.sys -- (PfModNT [Auto | Running])
DRV - [2003/07/01 15:56:32 | 00,015,401 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\pivot.sys -- (pivot [System | Running])
DRV - [2003/07/01 15:56:32 | 00,009,260 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou [On_Demand | Stopped])
DRV - [2009/03/26 23:33:25 | 00,013,056 | ---- | M] () -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos [On_Demand | Stopped])
DRV - [2001/08/23 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/07 17:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/23 06:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2007/01/20 01:11:07 | 00,031,644 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2004/07/17 12:36:38 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2002/07/16 22:25:18 | 00,028,160 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
DRV - [2002/06/28 09:15:14 | 00,005,888 | R--- | M] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\DRIVERS\siside.sys -- (SiSide [Boot | Running])
DRV - [2002/04/15 18:52:04 | 00,032,256 | ---- | M] (SiS Corporation) -- C:\WINDOWS\System32\DRIVERS\sisnic.sys -- (SISNIC [On_Demand | Running])
DRV - [2002/07/16 03:39:12 | 00,009,344 | R--- | M] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf [Boot | Running])
DRV - [2002/11/28 12:10:02 | 00,084,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\SLEE503.sys -- (SLEE_503_DRIVER [Auto | Running])
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2009/03/26 23:33:22 | 00,039,936 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos [On_Demand | Stopped])
DRV - [2001/07/16 09:14:38 | 00,032,016 | ---- | M] (Unibrain S.A.) -- C:\WINDOWS\System32\DRIVERS\ubfwnet.sys -- (UBFWNet [On_Demand | Stopped])
DRV - [2008/09/15 08:56:24 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])
DRV - [2008/10/01 14:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2004/08/04 00:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2002/02/19 12:34:18 | 00,072,576 | R--- | M] (The LinkSys Group, Inc.) -- C:\WINDOWS\System32\DRIVERS\netusbxp.sys -- (USBNET_XP [On_Demand | Stopped])
DRV - [2004/08/04 02:05:44 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2008/09/15 08:56:34 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])
DRV - [2004/08/04 00:04:34 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
DRV - [2003/03/14 23:43:30 | 00,010,374 | ---- | M] (Connectix Corporation) -- C:\WINDOWS\System32\DRIVERS\VPCAppSv.sys -- (VPCAppSv [Auto | Running])
DRV - [2002/06/27 17:04:54 | 00,035,040 | ---- | M] (Connectix Corporation) -- C:\WINDOWS\System32\DRIVERS\VPCNetS2.sys -- (VPCNetS2 [On_Demand | Stopped])
DRV - [2004/08/04 02:05:44 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\wceusbsh.sys -- (wceusbsh [On_Demand | Stopped])
DRV - [2001/12/27 10:59:34 | 00,067,072 | ---- | M] (WIBU-SYSTEMS AG) -- C:\WINDOWS\SYSTEM32\DRIVERS\Wibukey.sys -- (WIBUKEY [Auto | Running])
DRV - [2003/12/21 17:24:22 | 00,140,800 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\xmasbus.sys -- (xmasbus [Boot | Running])
DRV - [2003/12/20 20:03:42 | 00,005,504 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\xmasscsi.sys -- (xmasscsi [Boot | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-796845957-1229272821-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-796845957-1229272821-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-796845957-1229272821-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-796845957-1229272821-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-796845957-1229272821-839522115-1003\S-1-5-21-796845957-1229272821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-796845957-1229272821-839522115-1003\S-1-5-21-796845957-1229272821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC\ [2009/01/13 00:29:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/01/14 01:01:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/02/19 11:25:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2009\FFTOOLBAR\ [2009/03/26 22:56:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/28 11:11:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/28 11:11:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2009\TBEXTENSION\ [2009/03/26 22:56:34 | 00,000,000 | ---D | M]

[2008/12/04 23:59:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ferlin\Application Data\mozilla\Extensions
[2008/12/04 23:59:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ferlin\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/01 08:56:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ferlin\Application Data\mozilla\Firefox\Profiles\default.lqm\extensions
[2008/03/17 00:20:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ferlin\Application Data\mozilla\Firefox\Profiles\default.lqm\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2007/10/26 08:26:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ferlin\Application Data\mozilla\Firefox\Profiles\default.lqm\extensions\{27A2FD41-CB23-4518-AB5C-C25BAFFDE531}
[2004/09/15 21:32:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ferlin\Application Data\mozilla\Firefox\Profiles\default.lqm\extensions\{34274bf4-1d97-a289-e984-17e546307e4f}
[2009/03/16 20:43:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ferlin\Application Data\mozilla\Firefox\Profiles\default.lqm\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2008/10/09 09:40:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ferlin\Application Data\mozilla\Firefox\Profiles\default.lqm\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2009/03/26 23:40:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ferlin\Application Data\mozilla\Firefox\Profiles\default.lqm\extensions\firefox@tvunetworks.com
[2008/02/24 12:42:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ferlin\Application Data\mozilla\Firefox\Profiles\default.lqm\extensions\moveplayer@movenetworks.com
[2005/10/30 20:14:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ferlin\Application Data\mozilla\Firefox\Profiles\default.lqm\extensions\temp
[2009/04/01 08:56:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/28 11:11:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/11/16 23:04:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/11/25 00:49:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/02/19 11:26:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/28 11:10:56 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/28 11:10:58 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/01 20:15:12 | 00,049,664 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2008/12/18 09:20:05 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/18 09:20:05 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/18 09:20:05 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/18 09:20:05 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/18 09:20:05 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/18 09:20:05 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/18 09:20:05 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-796845957-1229272821-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-796845957-1229272821-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-796845957-1229272821-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-796845957-1229272821-839522115-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-796845957-1229272821-839522115-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" (BitDefender)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe File not found
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
O4 - HKLM..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run (Creative Technology Ltd.)
O4 - HKLM..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB002" /M "Stylus Photo RX500" (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray (Malwarebytes Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" (Seagate LLC)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [nwiz] nwiz.exe /install (NVIDIA Corporation)
O4 - HKLM..\Run: [Palm MulitUser Config] C:\Program Files\Palm\Configtool.exe (Palm, Inc.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName File not found
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC File not found
O4 - HKLM..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [WINDVDPatch] CTHELPER.EXE (Creative Technology Ltd)
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog File not found
O4 - HKU\.DEFAULT..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz File not found
O4 - HKU\.DEFAULT..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\Run: [SSS6_SAFE] "C:\Program Files\Steganos Security Suite 6\safe.exe" /booting ()
O4 - HKU\.DEFAULT..\Run: [SSS6_SPM] "C:\Program Files\Steganos Security Suite 6\spm.exe" /booting ()
O4 - HKU\.DEFAULT..\Run: [SSS6_Suite] "C:\Program Files\Steganos Security Suite 6\sss.exe" /booting (Steganos GmbH)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog File not found
O4 - HKU\S-1-5-18..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz File not found
O4 - HKU\S-1-5-18..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (NVIDIA Corporation)
O4 - HKU\S-1-5-18..\Run: [SSS6_SAFE] "C:\Program Files\Steganos Security Suite 6\safe.exe" /booting ()
O4 - HKU\S-1-5-18..\Run: [SSS6_SPM] "C:\Program Files\Steganos Security Suite 6\spm.exe" /booting ()
O4 - HKU\S-1-5-18..\Run: [SSS6_Suite] "C:\Program Files\Steganos Security Suite 6\sss.exe" /booting (Steganos GmbH)
O4 - HKU\S-1-5-19..\Run: [SSS6_SAFE] "C:\Program Files\Steganos Security Suite 6\safe.exe" /booting ()
O4 - HKU\S-1-5-19..\Run: [SSS6_SPM] "C:\Program Files\Steganos Security Suite 6\spm.exe" /booting ()
O4 - HKU\S-1-5-19..\Run: [SSS6_Suite] "C:\Program Files\Steganos Security Suite 6\sss.exe" /booting (Steganos GmbH)
O4 - HKU\S-1-5-20..\Run: [SSS6_SAFE] "C:\Program Files\Steganos Security Suite 6\safe.exe" /booting ()
O4 - HKU\S-1-5-20..\Run: [SSS6_SPM] "C:\Program Files\Steganos Security Suite 6\spm.exe" /booting ()
O4 - HKU\S-1-5-20..\Run: [SSS6_Suite] "C:\Program Files\Steganos Security Suite 6\sss.exe" /booting (Steganos GmbH)
O4 - HKU\S-1-5-21-796845957-1229272821-839522115-1003..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
O4 - HKU\S-1-5-21-796845957-1229272821-839522115-1003..\Run: [IP Monitor] C:\Program Files\IPMonitor\IPMonitor.exe (Barefoot Productions, Inc.)
O4 - HKU\S-1-5-21-796845957-1229272821-839522115-1003..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (Nokia)
O4 - HKU\S-1-5-21-796845957-1229272821-839522115-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\QUICKENW\bagent.exe (Intuit Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-796845957-1229272821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O7 - HKU\S-1-5-21-796845957-1229272821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [Bluetooth Namespace] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15009/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/i263_32.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akamai.net/7/1540/52/200210...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab (EARTPatchX Class)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} http://207.188.7.150/26bbe1d0a90c56503b03/...ip/RdxIE601.cab (RdxIE Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1186420284296 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1186420268609 (MUWebControl Class)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} http://transfers.one.microsoft.com/FTM/Tra...ransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} http://toolbar.google.com/data/GoogleActivate.cab (Reg Error: Key error.)
O16 - DPF: {99888952-AC62-437C-AFC6-7B5CF05A7F2F} http://download.ourgame.com/IEDown.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...7967.9649768519 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.3.1/...-131_01-win.cab (Java Plug-in 1.3.1_01)
O16 - DPF: {CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.3.1/...-131_03-win.cab (Java Plug-in 1.3.1_03)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?316 (QDiagHUpdateObj Class)
O16 - DPF: {EF58E341-49C3-4156-A3C4-5FFCA7C1EAB7} http://www.euras.com/euras/router.CAB (Portal.Gateway)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su/ocx/15009/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - Reg Error: Value error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx ()
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/10/10 15:26:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[2009/04/02 20:54:02 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Ferlin\Desktop\m9ggm7gm.exe
[2009/04/02 20:53:40 | 00,499,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ferlin\Desktop\OTListIt2.exe
[2009/04/01 23:01:41 | 00,000,469 | ---- | C] () -- C:\Documents and Settings\Ferlin\Desktop\HijackThis.lnk
[2009/04/01 23:00:07 | 00,000,000 | ---D | C] -- C:\HJT
[2009/04/01 22:58:01 | 00,318,369 | ---- | C] () -- C:\Documents and Settings\Ferlin\Desktop\HiJackThis.zip
[2009/04/01 22:45:26 | 53,644,9024 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/01 22:41:42 | 00,360,002 | ---- | C] () -- C:\Documents and Settings\Ferlin\Desktop\dds.PIF
[2009/04/01 21:15:29 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Ferlin\Desktop\CCleaner.lnk
[2009/04/01 21:15:28 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/04/01 21:10:03 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/04/01 21:10:02 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/04/01 21:10:02 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/04/01 21:10:01 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/04/01 21:09:59 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/04/01 21:09:58 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/04/01 21:09:58 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/04/01 21:09:58 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/04/01 21:09:58 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/04/01 21:09:42 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/04/01 21:09:42 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/04/01 21:09:39 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/04/01 20:48:14 | 00,000,563 | ---- | C] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2009/04/01 20:16:41 | 00,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2009/04/01 19:56:16 | 03,067,000 | ---- | C] () -- C:\Documents and Settings\Ferlin\Desktop\ComboFix.exe
[2009/03/31 04:03:30 | 10,082,192 | ---- | C] () -- C:\Documents and Settings\Ferlin\Desktop\Full Siteworks Binder.pdf
[2009/03/30 06:15:19 | 00,769,313 | ---- | C] () -- C:\Documents and Settings\Ferlin\Desktop\1020-S2-Foundation_Plan-1089_V1.pdf
[2009/03/30 00:01:16 | 03,933,971 | ---- | C] () -- C:\Documents and Settings\Ferlin\Desktop\Add4 - Updated Landscaping Binder.pdf
[2009/03/28 10:24:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ferlin\My Documents\Bitdefender
[2009/03/26 23:12:22 | 00,000,850 | ---- | C] () -- C:\WINDOWS\System32\ProductTweaks.xml
[2009/03/26 23:12:16 | 00,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
[2009/03/26 22:57:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\logs
[2009/03/26 22:57:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ferlin\Application Data\BitDefender
[2009/03/26 22:56:07 | 00,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2009/03/26 22:56:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2009/03/26 22:55:54 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/03/26 22:49:32 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2009/03/03 23:07:53 | 00,114,944 | ---- | C] (VIA Technologies inc,.ltd) -- C:\viamraid.sys
[2009/03/03 23:07:53 | 00,011,478 | ---- | C] () -- C:\viamraid.cat
[2009/03/03 23:07:53 | 00,002,781 | ---- | C] () -- C:\VIAMRAID.INF

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\drivers\*.tmp files]
[2 C:\WINDOWS\System32\*.tmp files]
[15 C:\WINDOWS\*.tmp files]
[2009/04/02 20:46:37 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Ferlin\Desktop\m9ggm7gm.exe
[2009/04/02 20:46:24 | 00,499,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ferlin\Desktop\OTListIt2.exe
[2009/04/02 00:33:35 | 00,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/04/02 00:31:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/02 00:31:39 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/02 00:31:33 | 53,644,9024 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/02 00:31:29 | 53,650,6368 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009/04/02 00:31:08 | 00,000,456 | ---- | M] () -- C:\WINDOWS\System32\miniPortInfo.dat
[2009/04/02 00:12:00 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2009/04/02 00:11:59 | 00,032,184 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000A-00001102-00000004-00511102}.rfx
[2009/04/02 00:11:59 | 00,030,660 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000A-00001102-00000004-00511102}.rfx
[2009/04/02 00:11:59 | 00,030,660 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000A-00001102-00000004-00511102}.rfx
[2009/04/02 00:11:59 | 00,002,064 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/04/02 00:11:59 | 00,002,064 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/04/02 00:11:59 | 00,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000004-00511102}.dat
[2009/04/02 00:11:59 | 00,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000A-00001102-00000004-00511102}.dat
[2009/04/02 00:11:58 | 00,032,184 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000A-00001102-00000004-00511102}.rfx
[2009/04/01 23:01:41 | 00,000,469 | ---- | M] () -- C:\Documents and Settings\Ferlin\Desktop\HijackThis.lnk
[2009/04/01 22:39:35 | 00,360,002 | ---- | M] () -- C:\Documents and Settings\Ferlin\Desktop\dds.PIF
[2009/04/01 21:15:29 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Ferlin\Desktop\CCleaner.lnk
[2009/04/01 21:10:03 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/04/01 21:09:58 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/04/01 21:03:44 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/01 20:49:19 | 00,000,563 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2009/04/01 20:14:51 | 00,104,328 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys
[2009/04/01 19:44:45 | 00,318,369 | ---- | M] () -- C:\Documents and Settings\Ferlin\Desktop\HiJackThis.zip
[2009/04/01 19:32:59 | 03,067,000 | ---- | M] () -- C:\Documents and Settings\Ferlin\Desktop\ComboFix.exe
[2009/04/01 08:41:29 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/31 22:28:14 | 00,003,868 | -H-- | M] () -- C:\Documents and Settings\Ferlin\My Documents\Default.rdp
[2009/03/30 06:42:01 | 00,769,313 | ---- | M] () -- C:\Documents and Settings\Ferlin\Desktop\1020-S2-Foundation_Plan-1089_V1.pdf
[2009/03/26 23:37:20 | 00,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys
[2009/03/26 23:37:20 | 00,192,512 | ---- | M] () -- C:\WINDOWS\System32\txmlutil.dll
[2009/03/26 23:37:19 | 00,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfm.sys
[2009/03/26 23:37:18 | 00,082,696 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\BDVEDISK.sys
[2009/03/26 23:12:22 | 00,000,850 | ---- | M] () -- C:\WINDOWS\System32\ProductTweaks.xml
[2009/03/26 23:12:16 | 00,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
[2009/03/26 15:09:55 | 03,933,971 | ---- | M] () -- C:\Documents and Settings\Ferlin\Desktop\Add4 - Updated Landscaping Binder.pdf
[2009/03/23 21:51:07 | 00,215,552 | ---- | M] () -- C:\Documents and Settings\Ferlin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/23 08:30:21 | 00,756,336 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/23 08:30:21 | 00,608,342 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/23 08:30:21 | 00,129,030 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/20 10:56:39 | 10,082,192 | ---- | M] () -- C:\Documents and Settings\Ferlin\Desktop\Full Siteworks Binder.pdf
< End of report >


GMER log file:-

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-02 23:23:34
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

Code 82BD3168 ZwEnumerateKey
Code 82ABE780 ZwFlushInstructionCache
Code 82BC70B6 IofCallDriver
Code 82BC6B96 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 82BC70BB
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 82BC6B9B
PAGE ntoskrnl.exe!ZwEnumerateKey 8056EF30 5 Bytes JMP 82BD316C
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80576A6A 5 Bytes JMP 82ABE784

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\FolderSize\FolderSizeSvc.exe[220] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0081000A
.text C:\Program Files\FolderSize\FolderSizeSvc.exe[220] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0082000A
.text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe[284] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 007D000A
.text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe[284] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 007E000A
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[460] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0061000A
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[460] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0062000A
.text C:\Program Files\iPod Access for Windows\iPAHelper.exe[536] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0084000A
.text C:\Program Files\iPod Access for Windows\iPAHelper.exe[536] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0085000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[580] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 006E000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[580] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 006F000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[620] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 007F000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[620] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0080000A
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[760] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00A3000A
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[760] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00A4000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[796] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0097000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[796] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0098000A
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[864] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00A6000A
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[864] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00A7000A
.text C:\Program Files\iPod\bin\iPodService.exe[1108] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0073000A
.text C:\Program Files\iPod\bin\iPodService.exe[1108] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0074000A
.text C:\WINDOWS\system32\spoolsv.exe[1156] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0096000A
.text C:\WINDOWS\system32\spoolsv.exe[1156] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0097000A
.text C:\WINDOWS\System32\nvsvc32.exe[1192] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 006B000A
.text C:\WINDOWS\System32\nvsvc32.exe[1192] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 006C000A
.text C:\WINDOWS\system32\winlogon.exe[1272] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\winlogon.exe[1272] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\services.exe[1320] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 006F000A
.text C:\WINDOWS\system32\services.exe[1320] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0070000A
.text C:\WINDOWS\system32\lsass.exe[1340] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 006E000A
.text C:\WINDOWS\system32\lsass.exe[1340] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0071000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1676] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 006D000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1676] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 006E000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1696] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0071000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1696] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0072000A
.text C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe[1772] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00CC000A
.text C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe[1772] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00CD000A
.text C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe[1808] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00A0000A
.text C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe[1808] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00A1000A
.text C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe[1836] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 010C000A
.text C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe[1836] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 010D000A
.text C:\WINDOWS\System32\CTsvcCDA.EXE[1888] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 006A000A
.text C:\WINDOWS\System32\CTsvcCDA.EXE[1888] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 006B000A
.text C:\Program Files\Microsoft Hardware\Keyboard\type32.exe[2020] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00C8000A
.text C:\Program Files\Microsoft Hardware\Keyboard\type32.exe[2020] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00C9000A
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[2096] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00AE000A
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[2096] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00AF000A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2128] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00CA000A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2128] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00CB000A
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2152] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00A5000A
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2152] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00A6000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[2164] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00D7000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[2164] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00D8000A
.text C:\WINDOWS\system32\rundll32.exe[2172] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00A6000A
.text C:\WINDOWS\system32\rundll32.exe[2172] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00A7000A
.text C:\Program Files\iTunes\iTunesHelper.exe[2192] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00BA000A
.text C:\Program Files\iTunes\iTunesHelper.exe[2192] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00BB000A
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe[2236] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00A2000A
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe[2236] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00A3000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2248] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00AB000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2248] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00AC000A
.text C:\WINDOWS\System32\SLEE503.exe[2296] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 007A000A
.text C:\WINDOWS\System32\SLEE503.exe[2296] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 007B000A
.text C:\Program Files\SlimServer\server\slim.exe[2320] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00BA000A
.text C:\Program Files\SlimServer\server\slim.exe[2320] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00BB000A
.text C:\WINDOWS\System32\UAService7.exe[2368] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 007B000A
.text C:\WINDOWS\System32\UAService7.exe[2368] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 007C000A
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2688] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00A7000A
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2688] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00A8000A
.text C:\WINDOWS\System32\alg.exe[2716] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 006E000A
.text C:\WINDOWS\System32\alg.exe[2716] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 006F000A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2792] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00A4000A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2792] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00A5000A
.text C:\Program Files\IPMonitor\IPMonitor.exe[2872] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00E4000A
.text C:\Program Files\IPMonitor\IPMonitor.exe[2872] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00E5000A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[2884] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00A3000A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[2884] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00A4000A
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2900] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00B1000A
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2900] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00B2000A
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2964] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00E7000A
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2964] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00E8000A
.text C:\WINDOWS\system32\ctfmon.exe[3096] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0098000A
.text C:\WINDOWS\system32\ctfmon.exe[3096] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0099000A
.text C:\WINDOWS\Explorer.EXE[3252] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00BE000A
.text C:\WINDOWS\Explorer.EXE[3252] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00BF000A
.text C:\WINDOWS\notepad.exe[3332] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00A7000A
.text C:\WINDOWS\notepad.exe[3332] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00A8000A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3372] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00A6000A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3372] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00A7000A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3472] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00A3000A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3472] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00A4000A
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3604] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00A2000A
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3604] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00A3000A
.text C:\WINDOWS\system32\CTHELPER.EXE[3692] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 009A000A
.text C:\WINDOWS\system32\CTHELPER.EXE[3692] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 009B000A
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3788] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0097000A
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3788] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0098000A
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3892] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0096000A
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3892] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0097000A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3996] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0098000A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3996] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0099000A
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[4048] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0095000A
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[4048] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0096000A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[4084] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00A6000A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[4084] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00A7000A
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[4132] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 009A000A
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[4132] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 009B000A
.text C:\Documents and Settings\Ferlin\Desktop\m9ggm7gm.exe[5896] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00AE000A
.text C:\Documents and Settings\Ferlin\Desktop\m9ggm7gm.exe[5896] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00AF000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[6100] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00AF000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[6100] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00B0000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[6100] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[6100] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 430A1764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[6100] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 430A179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[6100] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 430A1720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[6100] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 430A16AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[6100] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 430A16E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[6100] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 430A17DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[6100] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[6100] WININET.dll!HttpAddRequestHeadersA 7805FB35 5 Bytes JMP 00ED000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[6100] WININET.dll!HttpAddRequestHeadersW 780CCF65 5 Bytes JMP 00F5000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[6100] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00F6FC50 \\?\globalroot\systemroot\system32\UACtymoetfd.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[6100] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00F70B00 \\?\globalroot\systemroot\system32\UACtymoetfd.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[6100] WS2_32.dll!send 71AB428A 5 Bytes JMP 00F709E0 \\?\globalroot\systemroot\system32\UACtymoetfd.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[6100] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 00F70000 \\?\globalroot\systemroot\system32\UACtymoetfd.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[6100] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00F70230 \\?\globalroot\systemroot\system32\UACtymoetfd.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[6100] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00F70CC0 \\?\globalroot\systemroot\system32\UACtymoetfd.dll

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT aic78xx.sys[SCSIPORT.SYS!ScsiPortNotification] 82F8A018
IAT aic78xx.sys[SCSIPORT.SYS!ScsiPortInitialize] 82F8A008

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 82F8649C
Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)

Device \Driver\Cdrom \Device\CdRom0 82B5B250
Device \FileSystem\Rdbss \Device\FsWrap 82B67314
Device \Driver\Cdrom \Device\CdRom1 82B5B250
Device \Driver\atapi \Device\Ide\IdePort0 82BBD928
Device \Driver\atapi \Device\Ide\IdePort1 82BBD928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 82BBD928
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 82BBD928
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 82BBD928
Device \Driver\BTHUSB \Device\000000c0 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\000000c2 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \FileSystem\Srv \Device\LanmanServer FF3B5F5C

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82BB274C
Device \FileSystem\MRxSmb \Device\LanmanRedirector 82BB274C
Device \FileSystem\Npfs \Device\NamedPipe 82BF1C6C
Device \FileSystem\Msfs \Device\Mailslot 82C0C514
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 82A48008
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 82A48008
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 82C23AAC
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 82C23AAC
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 82C23AAC
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 82C23AAC
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 82C23AAC
Device \FileSystem\Cdfs \Cdfs 82965B4C

---- Modules - GMER 1.0.15 ----

Module _________ F84D5000-F84ED000 (98304 bytes)
Module \systemroot\system32\drivers\UACmmukcqtw.sys (*** hidden *** ) F8675000-F8684000 (61440 bytes)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Program Files\FolderSize\FolderSizeSvc.exe [220] 0x00BF0000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [284] 0x00BB0000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [288] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\WINDOWS\system32\inetsrv\inetinfo.exe [460] 0x00940000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Program Files\iPod Access for Windows\iPAHelper.exe [536] 0x00C20000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jqs.exe [580] 0x00AD0000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [620] 0x00CD0000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [760] 0x00E20000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [796] 0x00D60000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Program Files\Alwil Software\Avast4\ashServ.exe [864] 0x00E50000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Program Files\iPod\bin\iPodService.exe [1108] 0x00B20000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1156] 0x00C80000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\WINDOWS\System32\nvsvc32.exe [1192] 0x00AA0000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [1272] 0x00870000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\WINDOWS\system32\services.exe [1320] 0x00A10000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\WINDOWS\system32\lsass.exe [1340] 0x00A20000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1520] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1584] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [1676] 0x00AC0000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Program Files\Bonjour\mDNSResponder.exe [1696] 0x00B00000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1728] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe [1772] 0x00E80000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [1808] 0x00DE0000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [1836] 0x01180000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\WINDOWS\System32\CTsvcCDA.EXE [1888] 0x00A90000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1920] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1980] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Program Files\Microsoft Hardware\Keyboard\type32.exe [2020] 0x00E40000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2096] 0x00EC0000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jusched.exe [2128] 0x00E60000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe [2152] 0x00E40000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE [2164] 0x01150000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\WINDOWS\system32\rundll32.exe [2172] 0x00C80000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Program Files\iTunes\iTunesHelper.exe [2192] 0x00D60000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [2236] 0x00E00000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2248] 0x00F90000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\WINDOWS\System32\SLEE503.exe [2296] 0x00B90000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Program Files\SlimServer\server\slim.exe [2320] 0x00F90000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [2348] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\WINDOWS\System32\UAService7.exe [2368] 0x00BA0000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2688] 0x00E50000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [2716] 0x00A00000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2792] 0x00E30000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Program Files\IPMonitor\IPMonitor.exe [2872] 0x01000000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe [2884] 0x00E10000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2900] 0x00EF0000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2964] 0x01030000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\WINDOWS\system32\ctfmon.exe [3096] 0x00CA0000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [3252] 0x00CF0000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\WINDOWS\notepad.exe [3332] 0x00D90000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe [3372] 0x00E50000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [3472] 0x00E20000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [3604] 0x00E00000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\WINDOWS\system32\CTHELPER.EXE [3692] 0x00D90000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\PROGRA~1\MICROS~3\rapimgr.exe [3788] 0x00D50000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [3892] 0x00D50000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [3996] 0x00D70000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe [4048] 0x00D40000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [4084] 0x00E50000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe [4132] 0x00D80000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Documents and Settings\Ferlin\Desktop\m9ggm7gm.exe [5896] 0x00ED0000
Library \\?\globalroot\systemroot\system32\UACtymoetfd.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [6100] 0x00F60000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\UACmmukcqtw.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272b28a8b
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272b28a8b@0021fe0e1045 0x14 0xAB 0x57 0x33 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272b28a8b@0017b02e01e2 0x12 0x3B 0xAD 0x84 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACmmukcqtw.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACmmukcqtw.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACfjedpbpk.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACevqfxhwy.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UAChhosfddj.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UAChgidruqh.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACedqtwbar.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACtymoetfd.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACmiyhavos.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACwpukmohm.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACwyxvoxbx.log
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272b28a8b
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272b28a8b@0021fe0e1045 0x14 0xAB 0x57 0x33 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272b28a8b@0017b02e01e2 0x12 0x3B 0xAD 0x84 ...
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACmmukcqtw.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACmmukcqtw.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACfjedpbpk.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACevqfxhwy.dat
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UAChhosfddj.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UAChgidruqh.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACedqtwbar.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACtymoetfd.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACmiyhavos.log
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACwpukmohm.log
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACwyxvoxbx.log

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Ferlin\Local Settings\Temp\UAC9edd.tmp 343040 bytes executable

---- EOF - GMER 1.0.15 ----

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:38 AM

Posted 03 April 2009 - 02:59 PM

One of your issues sounds like it's related to running two antivirus programs that are conflicting. You should never run more than one antivirus program for that very reason. Please uninstall either Bit Defender or Avast before proceeding with this next step.



Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 fuzzywz

fuzzywz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 03 April 2009 - 09:51 PM

I uninstalled bitdefender then disabled Avast. I downloaded ComboFix but unfortunately it won't run. Hourglass shows then disappears. Check out task manager and combofix.exe process is evident but nothing comes up. ????

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:38 AM

Posted 04 April 2009 - 11:03 AM

Ok, delete combofix.exe off your desktop.
Download it again, but this time change the name when you save it to combo-fix.exe (with the hyphen).
See if it will run properly that way.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 fuzzywz

fuzzywz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 04 April 2009 - 12:48 PM

It worked and ran! :thumbup2:

Here is the log file from Combo-Fix:-

ComboFix 09-04-03.01 - Ferlin 2009-04-04 11:13:55.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.512.160 [GMT -6:00]
Running from: c:\documents and settings\Ferlin\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1335 [VPS 090403-0] *On-access scanning disabled* (Updated)
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
FW: BitDefender Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\windows\Readme.txt
c:\windows\system32\AdCache
c:\windows\system32\AdCache\B_291_0_1_511300.GIF
c:\windows\system32\AdCache\B_291_0_2_520700.GIF
c:\windows\system32\AdCache\B_291_0_2_564300.GIF
c:\windows\system32\AdCache\B_291_0_2_566000.GIF
c:\windows\system32\AdCache\B_291_0_2_566100.GIF
c:\windows\system32\AdCache\B_291_0_2_670600.GIF
c:\windows\system32\AdCache\B_291_0_2_677100.GIF
c:\windows\system32\AdCache\B_291_0_2_694000.GIF
c:\windows\system32\AdCache\B_291_0_3_570600.GIF
c:\windows\system32\AdCache\B_291_0_3_570700.GIF
c:\windows\system32\AdCache\B_291_0_3_576900.GIF
c:\windows\system32\AdCache\B_291_0_3_619700.GIF
c:\windows\system32\AdCache\B_291_0_3_622600.GIF
c:\windows\system32\AdCache\B_291_0_3_627800.GIF
c:\windows\system32\AdCache\B_291_0_3_685900.GIF
c:\windows\system32\AdCache\B_291_0_3_686200.GIF
c:\windows\system32\AdCache\B_291_0_3_719700.GIF
c:\windows\system32\AdCache\B_291_0_3_732000.GIF
c:\windows\system32\AdCache\B_291_0_3_732300.GIF
c:\windows\system32\AdCache\B_291_0_3_733300.GIF
c:\windows\system32\AdCache\B_291_0_3_734500.GIF
c:\windows\system32\AdCache\B_291_0_4_506300.GIF
c:\windows\system32\AdCache\B_291_0_4_521400.GIF
c:\windows\system32\AdCache\B_291_0_4_521600.GIF
c:\windows\system32\AdCache\B_291_0_4_521800.GIF
c:\windows\system32\AdCache\B_291_0_4_522300.GIF
c:\windows\system32\AdCache\B_291_0_4_523200.GIF
c:\windows\system32\AdCache\B_291_0_4_523600.GIF
c:\windows\system32\AdCache\B_291_0_4_523700.GIF
c:\windows\system32\AdCache\B_291_0_4_524100.GIF
c:\windows\system32\AdCache\B_291_0_4_524200.GIF
c:\windows\system32\AdCache\B_291_0_4_524600.GIF
c:\windows\system32\AdCache\B_291_0_4_524900.GIF
c:\windows\system32\AdCache\B_291_0_4_525400.GIF
c:\windows\system32\AdCache\B_291_0_4_525700.GIF
c:\windows\system32\AdCache\B_291_0_4_526400.GIF
c:\windows\system32\AdCache\B_291_0_4_527900.GIF
c:\windows\system32\AdCache\B_291_0_4_620300.GIF
c:\windows\system32\AdCache\B_291_0_4_627200.GIF
c:\windows\system32\AdCache\B_291_0_4_627600.GIF
c:\windows\system32\AdCache\B_291_0_4_627700.GIF
c:\windows\system32\AdCache\B_291_0_4_628100.GIF
c:\windows\system32\AdCache\B_291_0_4_628700.GIF
c:\windows\system32\AdCache\B_291_0_4_630300.GIF
c:\windows\system32\AdCache\B_291_0_4_654900.GIF
c:\windows\system32\AdCache\B_291_0_4_655200.GIF
c:\windows\system32\AdCache\B_291_0_4_655500.GIF
c:\windows\system32\AdCache\B_291_0_4_655900.GIF
c:\windows\system32\AdCache\B_291_0_4_656100.GIF
c:\windows\system32\AdCache\B_291_0_4_764400.GIF
c:\windows\system32\AdCache\B_510800.HTM
c:\windows\system32\AdCache\B_521500.HTM
c:\windows\system32\AdCache\B_599700.HTM
c:\windows\system32\AdCache\B_624800.HTM
c:\windows\system32\AdCache\B_624900.HTM
c:\windows\system32\AdCache\B_650200.HTM
c:\windows\system32\AdCache\B_659800.HTM
c:\windows\system32\AdCache\B_672800.HTM
c:\windows\system32\AdCache\B_686100.HTM
c:\windows\system32\AdCache\B_689100.HTM
c:\windows\system32\AdCache\B_732800.HTM
c:\windows\system32\AdCache\B_753900.HTM
c:\windows\system32\AdCache\B_754000.HTM
c:\windows\system32\AdCache\B_754400.HTM
c:\windows\system32\AdCache\B_754500.HTM
c:\windows\system32\AdCache\B_771100.HTM
c:\windows\system32\AdCache\B_771400.HTM
c:\windows\system32\AdCache\B_771500.HTM
c:\windows\system32\AdCache\B_771600.HTM
c:\windows\system32\AdCache\B_771900.HTM
c:\windows\system32\Cache
c:\windows\system32\drivers\UACmmukcqtw.sys
c:\windows\system32\mdm.exe
c:\windows\system32\UACedqtwbar.dll
c:\windows\system32\UACevqfxhwy.dat
c:\windows\system32\UACfjedpbpk.dll
c:\windows\system32\UAChgidruqh.dll
c:\windows\system32\UAChhosfddj.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACmiyhavos.log
c:\windows\system32\UACtymoetfd.dll
c:\windows\system32\UACwpukmohm.log
c:\windows\system32\UACwyxvoxbx.log
F:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-03-04 to 2009-04-04 )))))))))))))))))))))))))))))))
.

2009-04-01 23:00 . 2009-04-01 23:48 <DIR> d-------- C:\HJT
2009-04-01 21:15 . 2009-04-01 21:15 <DIR> d-------- c:\program files\CCleaner
2009-04-01 21:09 . 2009-04-01 21:09 <DIR> d-------- c:\program files\Alwil Software
2009-04-01 20:48 . 2009-04-01 20:49 563 --a------ c:\windows\system32\BDUpdateV1.xml
2009-04-01 20:16 . 2009-04-03 20:27 81,984 --a------ c:\windows\system32\bdod.bin
2009-03-26 23:12 . 2009-03-26 23:12 850 --a------ c:\windows\system32\ProductTweaks.xml
2009-03-26 23:12 . 2009-03-26 23:12 385 --a------ c:\windows\system32\user_gensett.xml
2009-03-26 22:57 . 2009-03-26 22:57 <DIR> d-------- c:\windows\system32\logs
2009-03-26 22:56 . 2009-03-26 22:57 <DIR> d-------- c:\program files\BitDefender
2009-03-26 22:49 . 2009-03-26 22:56 <DIR> d-------- c:\program files\Common Files\BitDefender

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-27 09:35 --------- d-----w c:\program files\Kazaa
2009-03-27 04:52 --------- d-----w c:\documents and settings\Ferlin\Application Data\Lavasoft
2009-03-19 06:09 --------- d-----w c:\program files\Google
2009-03-13 03:15 --------- d-----w c:\documents and settings\Ferlin\Application Data\Vso
2009-03-11 02:15 --------- d-----w c:\documents and settings\Ferlin\Application Data\Steganos Security Suite 6
2009-02-19 17:25 --------- d-----w c:\program files\Java
2009-02-19 07:06 --------- d-----w c:\documents and settings\Ferlin\Application Data\PC Suite
2007-01-13 04:45 87,608 ----a-w c:\documents and settings\Ferlin\Application Data\ezpinst.exe
2007-01-13 04:45 47,360 ----a-w c:\documents and settings\Ferlin\Application Data\pcouffin.sys
2006-05-14 16:00 24,192 ----a-w c:\documents and settings\Ferlin\usbsermptxp.sys
2006-05-14 16:00 22,768 ----a-w c:\documents and settings\Ferlin\usbsermpt.sys
2005-05-05 03:23 1,806 ---ha-w c:\documents and settings\Ferlin\hpothb07.dat
2005-05-05 03:23 0 ---ha-w c:\documents and settings\Alvin\hpothb07.dat
2003-12-31 22:56 38,056 ----a-w c:\documents and settings\Sylvia\Application Data\GDIPFONTCACHEV1.DAT
2003-04-27 00:53 30,696 ----a-w c:\documents and settings\Ferlin\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IP Monitor"="c:\program files\IPMonitor\IPMonitor.exe" [2004-12-02 492032]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1207080]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-19 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTStartup"="c:\program files\Creative\SBAudigy\Program\CTEaxSpl.EXE" [2001-06-04 28672]
"UpdReg"="c:\windows\Updreg.exe" [2000-05-11 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-09-29 180269]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"POINTER"="c:\program files\Microsoft Hardware\Mouse\point32.exe" [2002-04-11 176128]
"Palm MulitUser Config"="c:\program files\Palm\Configtool.exe" [2002-08-09 28672]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-07-28 4841472]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-21 94208]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"Jet Detection"="c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-04-20 28672]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-19 136600]
"EPSON Stylus Photo RX500"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE" [2003-06-02 99840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-01-04 399504]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"WINDVDPatch"="CTHELPER.EXE" [2003-10-06 c:\windows\system32\CTHELPER.EXE]
"nwiz"="nwiz.exe" [2003-07-28 c:\windows\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
"SSS6_Suite"="c:\program files\Steganos Security Suite 6\sss.exe" [2003-09-22 823296]
"SSS6_SAFE"="c:\program files\Steganos Security Suite 6\safe.exe" [2003-09-15 204800]
"SSS6_SPM"="c:\program files\Steganos Security Suite 6\spm.exe" [2003-09-15 176128]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-07-28 49152]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2005-06-28 25214]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2002-10-19 110592]
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-05-29 323646]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Quicken Scheduled Updates.lnk - c:\program files\QUICKENW\bagent.exe [2004-10-17 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\windows\System32\ctmp3.acm
"VIDC.I263"= i263_32.drv
"MSACM.CEGSM"= mobilev.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Mirc\\mirc.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9000:TCP"= 9000:TCP:SlimServer 9000 tcp
"3483:UDP"= 3483:UDP:SlimServer 3483 udp
"3483:TCP"= 3483:TCP:SlimServer 3483 tcp
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [2004-05-15 140800]
R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [2004-05-15 5504]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-04-01 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-04-01 20560]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-01-07 170640]
R2 nvTUNEP;nVidia WDM TVTuner;c:\windows\system32\drivers\NVTUNEP.SYS [2002-10-10 16064]
R2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\drivers\NVTVSND.SYS [2002-10-10 14048]
R2 SLEE_503_DRIVER;Steganos Live Encryption Engine (Version 503) [Driver];c:\windows\system32\drivers\slee503.sys [2002-11-28 12:10:02 84736]
R2 VPCAppSv;Virtual PC Application Services;c:\windows\system32\drivers\vpcappsv.sys [2003-03-14 10374]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-01-07 15504]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-01-06 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-01-06 8320]
S3 pohci13F;pohci13F;\??\c:\docume~1\Ferlin\LOCALS~1\Temp\pohci13F.sys --> c:\docume~1\Ferlin\LOCALS~1\Temp\pohci13F.sys [?]
S3 UBFWNet;Unibrain 1394 FireNet Adapter NT Driver;c:\windows\system32\drivers\ubfwnet.sys [2002-10-11 32016]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [2002-10-10 72576]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PHIME2002ASync - c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE
HKLM-Run-PHIME2002A - c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE
HKLM-Run-MSPY2002 - c:\windows\System32\IME\PINTLGNT\ImScInst.exe
HKLM-Run-BJCFD - c:\program files\BroadJump\Client Foundation\CFD.exe
HKLM-Run-NWEReboot - (no file)
HKU-Default-Run-Norton SystemWorks - c:\program files\Norton SystemWorks\cfgwiz.exe
HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar =
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
IE: Send To &Bluetooth - c:\program files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://207.188.7.150/26bbe1d0a90c56503b03/netzip/RdxIE601.cab
DPF: {99888952-AC62-437C-AFC6-7B5CF05A7F2F} - hxxp://download.ourgame.com/IEDown.cab
FF - ProfilePath - c:\documents and settings\Ferlin\Application Data\Mozilla\Firefox\Profiles\default.lqm\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\Ferlin\Application Data\Mozilla\Firefox\Profiles\default.lqm\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Ferlin\Application Data\Mozilla\Firefox\Profiles\default.lqm\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-04 11:29:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = c:\program files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run????????????x??????s$????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????@5????wd??w????????\???\??? ???$??????w-??w\???\??? ?????`????????w\???\??????s????\??????s\????@5?A??s?@5????w???

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/Mirc/Download/MOVE/Jeff/VBNET Course/CMPP348/FinalProject348 Data Given/mysql/bin/mysqld-nt.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/Mirc/Download/MOVE/Jeff/VBNET Course/CMPP348/FinalProject348 Data Given/mysql/bin/mysqld-nt.exe"
.
Completion time: 2009-04-04 11:36:43
ComboFix-quarantined-files.txt 2009-04-04 17:36:39

Pre-Run: 34,282,885,120 bytes free
Post-Run: 36,087,922,688 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

285 --- E O F --- 2008-11-26 03:09:29

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:38 AM

Posted 04 April 2009 - 06:52 PM

Looking much better. Let's run a scan with Malwarebytes now.
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform quick scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


=================


Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.


How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 fuzzywz

fuzzywz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 05 April 2009 - 04:02 AM

Ran Malwarebytes and another 5 files were infected and removed. Also ran JavaRe and re-installed the latest JRE with no problems.

One issue I've noticed is that Firefox doesn't want to run anymore. I don't think the process even shows up. I may uninstall and re-install it later. Do you have any reasons why this might be happening?

Everything else looks good (my 1 Tb USB drive can back with the valid partition too!) - again I can't thank you enough for helping me restore my computer back to normal. =) Is there anything else to run?

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:38 AM

Posted 05 April 2009 - 08:50 AM

Problems with Firefox are usually associated with addons and plugins, so I would start there.


Let's remove Combofix now that we're done with it and clean up a few other things.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image



==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbup2: :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 fuzzywz

fuzzywz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 05 April 2009 - 10:39 PM

I was able to get Firefox to start up again. Had to back up my bookmarks, uninstall, delete Profile folder (in Documents and Settings folder\ etc.) and re-install, then it worked!

In the end, what virus/trojan did I have?

Question: I do have a computer operating on Windows Server 2003 R2 on the network that I was afraid might have the same malware. :) I was surfing with Firefox with it and it suddenly page redirected me to some random site. I ran MalwareBytes with one file being infected and deleted - didn't look the same type of file. I was wondering if you could quickly look at the OTList2 and GMER log - no evidence of rootkits I think (couldn't run dds on Server 2003):-

Thank you for your invaluable advice! Your rock! :thumbup2:

+++++++++++++++++++++++++++++++++++++++++

OTListIt logfile created on: 4/5/2009 10:39:20 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.9.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows Server 2003 Enterprise Edition Service Pack 1 (Version = 5.2.3790) - Type = NTServer
Internet Explorer (Version = 6.0.3790.1830)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

543.55 Mb Total Physical Memory | 265.02 Mb Available Physical Memory | 48.76% Memory free
1.31 Gb Paging File | 1.11 Gb Available in Paging File | 85.32% Paging File free
Paging file location(s): C:\pagefile.sys 816 1632;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 7.81 Gb Total Space | 4.11 Gb Free Space | 52.57% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 0.95 Gb Free Space | 1.94% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 4.84 Gb Free Space | 3.25% Space Free | Partition Type: NTFS
Drive F: | 372.60 Gb Total Space | 364.92 Gb Free Space | 97.94% Space Free | Partition Type: NTFS
Drive G: | 137.48 Gb Total Space | 12.13 Gb Free Space | 8.82% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KSERVER01
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2005/11/30 06:00:00 | 00,207,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2005/11/30 06:00:00 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/03/09 00:26:44 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2005/11/30 06:00:00 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oobechk.exe
PRC - [2005/11/30 06:00:00 | 00,168,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe
PRC - [2009/03/09 00:26:44 | 00,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2005/11/30 06:00:00 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2005/11/30 06:00:00 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/11/30 06:00:00 | 00,509,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logon.scr
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/04/02 20:46:24 | 00,499,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2005/11/30 06:00:00 | 00,164,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Dfssvc.exe -- (Dfs [On_Demand | Stopped])
SRV - [2005/11/30 06:00:00 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/11/30 06:00:00 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ismserv.exe -- (IsmServ [Disabled | Stopped])
SRV - [2005/11/30 06:00:00 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\llssrv.exe -- (LicenseService [Disabled | Stopped])
SRV - [2005/11/30 06:00:00 | 00,791,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs [On_Demand | Stopped])
SRV - [2005/11/30 06:00:00 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\RSoPProv.exe -- (RSoPProv [On_Demand | Stopped])
SRV - [2005/11/30 06:00:00 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr [On_Demand | Stopped])
SRV - [2005/11/30 06:00:00 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr [Disabled | Stopped])
SRV - [2005/11/30 06:00:00 | 00,071,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tssdis.exe -- (Tssdis [Disabled | Stopped])
SRV - [2005/11/30 06:00:00 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2003/03/24 15:15:58 | 00,038,528 | ---- | M] (ADMtek Incorporated.) -- C:\WINDOWS\system32\DRIVERS\AN983.sys -- (AN983 [On_Demand | Running])
DRV - [2003/03/24 15:54:02 | 00,327,040 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys -- (ati2mtaa [On_Demand | Running])
DRV - [2005/11/30 06:00:00 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\ClusDisk.sys -- (ClusDisk [Disabled | Stopped])
DRV - [2005/11/30 06:00:00 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Dfs.sys -- (DfsDriver [Boot | Running])
DRV - [2001/10/02 12:27:00 | 00,022,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\HPT366.sys -- (HPT366 [Boot | Running])
DRV - [2005/11/30 06:00:00 | 00,020,480 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/11/30 06:00:00 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2003/03/27 06:35:00 | 00,027,648 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\Ultra.sys -- (ultra [Boot | Running])
DRV - [2007/07/16 17:35:20 | 00,114,944 | ---- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\system32\drivers\viamraid.sys -- (viamraid [Boot | Running])
DRV - [2005/11/30 06:00:00 | 00,169,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\wlbs.sys -- (WLBS [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8


FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/09 00:26:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/05 10:25:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/05 10:25:57 | 00,000,000 | ---D | M]

[2009/03/08 23:18:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions
[2009/03/08 23:18:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/05 10:38:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ry32l3gn.default\extensions
[2009/04/05 10:38:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ry32l3gn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/04/05 10:37:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/08 23:17:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/09 00:27:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/05 10:37:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/05 10:25:49 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/05 10:25:49 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/19 13:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/19 13:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/19 13:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/19 13:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/19 13:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/19 13:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/02/19 13:33:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1236574625445 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/08 23:24:22 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/03/04 00:10:25 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/03/08 17:21:02 | 00,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[7 C:\WINDOWS\*.tmp files]
[2009/04/05 10:39:09 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\m9ggm7gm.exe
[2009/04/05 10:38:59 | 00,499,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
[2009/03/09 23:29:54 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/03/09 00:39:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\mIRC
[2009/03/09 00:39:53 | 00,000,000 | ---D | C] -- C:\Program Files\mIRC
[2009/03/09 00:35:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Azureus Downloads
[2009/03/09 00:32:26 | 00,012,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/09 00:32:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/03/09 00:32:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Azureus
[2009/03/09 00:31:48 | 00,001,505 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vuze.lnk
[2009/03/09 00:30:56 | 00,000,000 | ---D | C] -- C:\Program Files\Vuze
[2009/03/09 00:28:55 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/03/09 00:26:37 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/03/09 00:26:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2009/03/08 23:40:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2009/03/08 23:40:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/03/08 23:40:42 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/08 23:38:18 | 00,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/03/08 23:37:35 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bhp018.dll
[2009/03/08 23:37:34 | 00,174,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xenrx86.dll
[2009/03/08 23:37:34 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2009/03/08 23:37:33 | 00,506,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xenria64.dll
[2009/03/08 23:37:14 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmswmiproppage.dll
[2009/03/08 23:37:11 | 01,150,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmswizardres.dll
[2009/03/08 23:37:08 | 00,206,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmswizard.exe
[2009/03/08 23:37:06 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsunicastsinkproppage.dll
[2009/03/08 23:37:03 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmssrvmk.dll
[2009/03/08 23:37:01 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmssnmp.dll
[2009/03/08 23:36:58 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsserverupgrade.exe
[2009/03/08 23:36:56 | 00,352,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsservertypelib.dll
[2009/03/08 23:36:53 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsserverresourceres.dll
[2009/03/08 23:36:50 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsserverresource.dll
[2009/03/08 23:36:48 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsserverconfig.exe
[2009/03/08 23:36:44 | 03,098,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsserver.dll
[2009/03/08 23:36:42 | 00,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsscriptproppage.dll
[2009/03/08 23:36:40 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmspluginres.dll
[2009/03/08 23:36:37 | 00,537,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsplaylistres.dll
[2009/03/08 23:36:35 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsplaylist.dll
[2009/03/08 23:36:32 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsperfmon.exe
[2009/03/08 23:36:30 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsperf.dll
[2009/03/08 23:36:28 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsnetworkdatasourceproppage.dll
[2009/03/08 23:36:25 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsmulticastsinkproppage.dll
[2009/03/08 23:36:22 | 01,852,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsmonitorres.dll
[2009/03/08 23:36:20 | 00,546,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsmonitor.dll
[2009/03/08 23:36:18 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmslogproppages.dll
[2009/03/08 23:36:16 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmslf.dll
[2009/03/08 23:36:14 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsiphlp.dll
[2009/03/08 23:36:12 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsipaccessproppage.dll
[2009/03/08 23:36:10 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsiislog.dll
[2009/03/08 23:36:08 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmshttpsyscfg.exe
[2009/03/08 23:36:06 | 00,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmshttpcontrolproppage.dll
[2009/03/08 23:36:04 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmshttpauthenproppage.dll
[2009/03/08 23:36:01 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmserver.exe
[2009/03/08 23:35:59 | 00,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmserror.dll
[2009/03/08 23:35:57 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmserr.dll
[2009/03/08 23:35:55 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmseditor.exe
[2009/03/08 23:35:53 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdigestauthenproppage.dll
[2009/03/08 23:35:51 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsbrowseres.dll
[2009/03/08 23:35:49 | 00,122,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsbrowse.dll
[2009/03/08 23:35:47 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsaspadmin.dll
[2009/03/08 23:35:45 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsarchivesinkv1proppage.dll
[2009/03/08 23:35:43 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsanonauthenproppage.dll
[2009/03/08 23:35:41 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsadminres.dll
[2009/03/08 23:35:39 | 00,273,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsadmin.dll
[2009/03/08 23:35:37 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsactscrpt.dll
[2009/03/08 23:35:35 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsaclcheckproppage.dll
[2009/03/08 23:35:25 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmilistener.dll
[2009/03/08 23:35:22 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmibridge.dll
[2009/03/08 23:35:19 | 00,154,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2009/03/08 23:35:19 | 00,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wizchain.dll
[2009/03/08 23:35:18 | 00,651,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winssnap.dll
[2009/03/08 23:35:17 | 00,154,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2009/03/08 23:35:17 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bhp021.dll
[2009/03/08 23:35:16 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsevnt.dll
[2009/03/08 23:35:16 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsmib.dll
[2009/03/08 23:35:15 | 00,154,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2009/03/08 23:35:15 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wins.exe
[2009/03/08 23:35:15 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsctrs.dll
[2009/03/08 23:35:14 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpop.exe
[2009/03/08 23:35:12 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2009/03/08 23:35:12 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2009/03/08 23:35:11 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2009/03/08 23:35:06 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg.dll
[2009/03/08 23:35:06 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps.dll
[2009/03/08 23:35:05 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam.dll
[2009/03/08 23:35:04 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2009/03/08 23:35:04 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3isapi.dll
[2009/03/08 23:35:04 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3tp.dll
[2009/03/08 23:35:04 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3wp.exe
[2009/03/08 23:35:03 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3dt.dll
[2009/03/08 23:35:03 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs.dll
[2009/03/08 23:35:03 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrlps.dll
[2009/03/08 23:35:02 | 00,348,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3core.dll
[2009/03/08 23:35:02 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3comlog.dll
[2009/03/08 23:35:01 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3cache.dll
[2009/03/08 23:34:59 | 00,261,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2009/03/08 23:34:59 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2009/03/08 23:34:58 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bhp017.dll
[2009/03/08 23:34:46 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlauth.dll
[2009/03/08 23:34:45 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bhp045.dll
[2009/03/08 23:34:44 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2009/03/08 23:34:43 | 00,197,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W98_unidrv.dll
[2009/03/08 23:34:41 | 00,197,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W95_unidrv.dll
[2009/03/08 23:34:41 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2009/03/08 23:34:40 | 00,114,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2009/03/08 23:34:36 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bhp016.dll
[2009/03/08 23:34:35 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tls236.dll
[2009/03/08 23:34:35 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2009/03/08 23:34:34 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2009/03/08 23:34:34 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2009/03/08 23:34:33 | 01,413,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgs.imd
[2009/03/08 23:34:33 | 00,574,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2009/03/08 23:34:32 | 00,455,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgl.imd
[2009/03/08 23:34:32 | 00,171,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgc.imd
[2009/03/08 23:34:31 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2009/03/08 23:34:30 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tftpd.exe
[2009/03/08 23:34:29 | 00,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bhp015.dll
[2009/03/08 23:34:18 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext.dll
[2009/03/08 23:34:14 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmtest.exe
[2009/03/08 23:34:12 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc.dll
[2009/03/08 23:34:08 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2009/03/08 23:34:08 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snprfdll.dll
[2009/03/08 23:34:07 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2009/03/08 23:34:07 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2009/03/08 23:34:07 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2009/03/08 23:34:06 | 00,359,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2009/03/08 23:34:06 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2009/03/08 23:34:06 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2009/03/08 23:34:05 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2009/03/08 23:34:05 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2009/03/08 23:34:05 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bhp014.dll
[2009/03/08 23:34:04 | 00,482,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2009/03/08 23:34:03 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpctrs.dll
[2009/03/08 23:34:03 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpapi.dll
[2009/03/08 23:34:02 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2009/03/08 23:34:02 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2009/03/08 23:34:02 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2009/03/08 23:34:01 | 00,240,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2009/03/08 23:34:01 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smef.dll
[2009/03/08 23:34:00 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bhp013.dll
[2009/03/08 23:34:00 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slbs.dll
[2009/03/08 23:33:59 | 00,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sis.sys
[2009/03/08 23:33:59 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2009/03/08 23:33:49 | 00,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seva.dll
[2009/03/08 23:33:49 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setupcl.exe
[2009/03/08 23:33:47 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_strap.exe
[2009/03/08 23:33:46 | 00,219,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seo.dll
[2009/03/08 23:33:46 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seos.dll
[2009/03/08 23:33:45 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwviewer.exe
[2009/03/08 23:33:44 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwserviceext.dll
[2009/03/08 23:33:44 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwsceext.dll
[2009/03/08 23:33:44 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwsddlanalysis.dll
[2009/03/08 23:33:43 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwiisext.dll
[2009/03/08 23:33:43 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwhlp.dll
[2009/03/08 23:33:43 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwregistryext.dll
[2009/03/08 23:33:42 | 00,247,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwfirewallext.dll
[2009/03/08 23:33:42 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwengf.dll
[2009/03/08 23:33:41 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwengb.dll
[2009/03/08 23:33:41 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwcmd.exe
[2009/03/08 23:33:40 | 00,977,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scw.exe
[2009/03/08 23:33:40 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwauditext.dll
[2009/03/08 23:33:39 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scss.exe
[2009/03/08 23:33:39 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scshost.exe
[2009/03/08 23:33:38 | 00,147,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrdia64.dll
[2009/03/08 23:33:38 | 00,067,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrdw2k.dll
[2009/03/08 23:33:38 | 00,056,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrdx86.dll
[2009/03/08 23:33:37 | 00,056,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrdenrl.dll
[2009/03/08 23:33:33 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bhp022.dll
[2009/03/08 23:33:33 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwnh.dll
[2009/03/08 23:33:32 | 00,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rstask.dll
[2009/03/08 23:33:32 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rssubps.dll
[2009/03/08 23:33:32 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rstore.exe
[2009/03/08 23:33:31 | 00,507,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rssub.dll
[2009/03/08 23:33:31 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rsshell.dll
[2009/03/08 23:33:31 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rsservps.dll
[2009/03/08 23:33:30 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rss.exe
[2009/03/08 23:33:30 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rsserv.exe
[2009/03/08 23:33:29 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rsmover.dll
[2009/03/08 23:33:29 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rslnk.exe
[2009/03/08 23:33:29 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rslaunch.exe
[2009/03/08 23:33:28 | 00,547,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rsjob.dll
[2009/03/08 23:33:28 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rsidb.dll
[2009/03/08 23:33:27 | 00,528,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rsfsa.dll
[2009/03/08 23:33:27 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rsfilter.sys
[2009/03/08 23:33:27 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rsengps.dll
[2009/03/08 23:33:27 | 00,006,331 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rsess.vbs
[2009/03/08 23:33:26 | 00,414,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rscommon.dll
[2009/03/08 23:33:26 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rseng.dll
[2009/03/08 23:33:26 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rsconn.dll
[2009/03/08 23:33:25 | 00,858,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rsadmin.dll
[2009/03/08 23:33:25 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rscli.dll
[2009/03/08 23:33:24 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rqs.exe
[2009/03/08 23:33:24 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rqsinst.dll
[2009/03/08 23:33:23 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcproxy.dll
[2009/03/08 23:33:23 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2009/03/08 23:33:22 | 00,188,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\riprep.exe
[2009/03/08 23:33:22 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\risetup.exe
[2009/03/08 23:33:22 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2009/03/08 23:33:21 | 00,026,417 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rfeed.vbs
[2009/03/08 23:33:21 | 00,012,400 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rgroup.vbs
[2009/03/08 23:33:20 | 00,010,571 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rexpire.vbs
[2009/03/08 23:33:19 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regtrace.exe
[2009/03/08 23:33:18 | 00,011,781 | ---- | C] () -- C:\WINDOWS\System32\dllcache\regfilt.vbs
[2009/03/08 23:33:15 | 00,003,912 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rcancel.vbs
[2009/03/08 23:33:11 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2009/03/08 23:33:06 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2009/03/08 23:33:06 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2009/03/08 23:33:05 | 00,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bhp012.dll
[2009/03/08 23:33:05 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3svc.exe
[2009/03/08 23:33:05 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmpppoe.dll
[2009/03/08 23:33:04 | 00,136,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3snap.dll
[2009/03/08 23:33:04 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3msg.dll
[2009/03/08 23:33:04 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3perf.dll
[2009/03/08 23:33:03 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2009/03/08 23:33:03 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3auth.dll
[2009/03/08 23:33:03 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3evt.dll
[2009/03/08 23:33:01 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\playlisttransformproppage.dll
[2009/03/08 23:33:00 | 00,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2009/03/08 23:32:53 | 10,011,497 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgs.imd
[2009/03/08 23:32:53 | 00,733,292 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgr.imd
[2009/03/08 23:32:52 | 00,535,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2009/03/08 23:32:52 | 00,208,744 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgl.imd
[2009/03/08 23:32:51 | 01,004,904 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgix.imd
[2009/03/08 23:32:51 | 00,948,656 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgi.imd
[2009/03/08 23:32:50 | 00,867,242 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgdx.imd
[2009/03/08 23:32:49 | 00,825,038 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgd.imd
[2009/03/08 23:32:49 | 00,487,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsk.dic
[2009/03/08 23:32:49 | 00,188,140 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgc.imd
[2009/03/08 23:32:49 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2009/03/08 23:32:48 | 00,174,803 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsd.dic
[2009/03/08 23:32:48 | 00,117,248 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2009/03/08 23:32:47 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2009/03/08 23:32:47 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bhp046.dll
[2009/03/08 23:32:45 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\parser.dll
[2009/03/08 23:32:44 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\p3store.dll
[2009/03/08 23:32:44 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2009/03/08 23:32:44 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2009/03/08 23:32:44 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2009/03/08 23:32:44 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2009/03/08 23:32:43 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\p3admin.dll
[2009/03/08 23:32:42 | 00,052,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\owsrmadm.exe
[2009/03/08 23:32:42 | 00,027,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\owsadm.exe
[2009/03/08 23:32:41 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oschoice.exe
[2009/03/08 23:32:33 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntfsdrv.dll
[2009/03/08 23:32:28 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsneterr.dll
[2009/03/08 23:32:27 | 00,600,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nntpsvc.dll
[2009/03/08 23:32:26 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nntpfs.dll
[2009/03/08 23:32:26 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nntpapi.dll
[2009/03/08 23:32:26 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nntpctrs.dll
[2009/03/08 23:32:25 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmsupp.dll
[2009/03/08 23:32:23 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmapi.dll
[2009/03/08 23:32:20 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2009/03/08 23:32:18 | 00,647,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netmon.exe
[2009/03/08 23:32:17 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bhp011.dll
[2009/03/08 23:32:15 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bhp010.dll
[2009/03/08 23:32:14 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bhp009.dll
[2009/03/08 23:32:12 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\namespace.dll
[2009/03/08 23:32:11 | 00,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2009/03/08 23:32:10 | 00,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2009/03/08 23:32:10 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\muisetup.exe
[2009/03/08 23:32:06 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_msvcp60.dll
[2009/03/08 23:32:03 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bhp008.dll
[2009/03/08 23:31:57 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiregmv.exe
[2009/03/08 23:31:56 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2009/03/08 23:31:56 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2009/03/08 23:31:55 | 00,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll
[2009/03/08 23:31:28 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2009/03/08 23:31:25 | 00,139,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\microsoft.windowsmediaservices.dll
[2009/03/08 23:31:22 | 00,234,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metadata.dll
[2009/03/08 23:31:20 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mcast.dll
[2009/03/08 23:31:19 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mailmsg.dll
[2009/03/08 23:31:19 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bhp007.dll
[2009/03/08 23:31:17 | 00,349,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lserver.exe
[2009/03/08 23:31:16 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bhp020.dll
[2009/03/08 23:31:16 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2009/03/08 23:31:15 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2009/03/08 23:31:15 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2009/03/08 23:31:15 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2009/03/08 23:31:14 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bhp019.dll
[2009/03/08 23:31:12 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2009/03/08 23:31:11 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bhp006.dll
[2009/03/08 23:31:10 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bhp025.dll
[2009/03/08 23:31:10 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bhp023.dll
[2009/03/08 23:31:09 | 00,116,756 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2009/03/08 23:31:08 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/03/08 23:31:08 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2009/03/08 23:31:07 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kerbprsr.dll
[2009/03/08 23:31:07 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2009/03/08 23:31:06 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2009/03/08 23:31:06 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2009/03/08 23:31:05 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2009/03/08 23:31:05 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2009/03/08 23:31:04 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2009/03/08 23:31:04 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2009/03/08 23:31:03 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2009/03/08 23:31:03 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2009/03/08 23:31:02 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2009/03/08 23:31:02 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2009/03/08 23:31:02 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2009/03/08 23:31:01 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2009/03/08 23:31:01 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2009/03/08 23:31:00 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2009/03/08 23:31:00 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2009/03/08 23:30:59 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2009/03/08 23:30:58 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2009/03/08 23:30:57 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2009/03/08 23:30:57 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2009/03/08 23:30:57 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2009/03/08 23:30:56 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2009/03/08 23:30:56 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2009/03/08 23:30:55 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2009/03/08 23:30:54 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2009/03/08 23:30:54 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2009/03/08 23:30:53 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2009/03/08 23:30:53 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2009/03/08 23:30:52 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2009/03/08 23:30:51 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2009/03/08 23:30:51 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2009/03/08 23:30:51 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2009/03/08 23:30:50 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2009/03/08 23:30:50 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2009/03/08 23:30:49 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2009/03/08 23:30:49 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2009/03/08 23:30:49 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2009/03/08 23:30:47 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2009/03/08 23:30:47 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isrpc.dll
[2009/03/08 23:30:46 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bhp005.dll
[2009/03/08 23:30:46 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2009/03/08 23:30:44 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2009/03/08 23:30:40 | 00,069,632 | ---- | C] ( ) -- C:\WINDOWS\System32\dllcache\interop_msxml.dll
[2009/03/08 23:30:38 | 01,499,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_instmsiw.exe
[2009/03/08 23:30:37 | 01,489,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_instmsia.exe
[2009/03/08 23:30:36 | 00,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2009/03/08 23:30:36 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2009/03/08 23:30:35 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetinfo.exe
[2009/03/08 23:30:34 | 00,394,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2009/03/08 23:30:34 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2009/03/08 23:30:34 | 00,061,952 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009/03/08 23:30:33 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2009/03/08 23:30:33 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2009/03/08 23:30:28 | 09,206,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpzp.dic
[2009/03/08 23:30:28 | 00,234,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2009/03/08 23:30:28 | 00,179,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2009/03/08 23:30:28 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2009/03/08 23:30:27 | 00,854,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjptk.dic
[2009/03/08 23:30:19 | 14,694,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpst.dic
[2009/03/08 23:30:18 | 00,137,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpsb.dic
[2009/03/08 23:30:18 | 00,113,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2009/03/08 23:30:12 | 10,660,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpnm.dic
[2009/03/08 23:30:12 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2009/03/08 23:30:11 | 00,993,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpln.dic
[2009/03/08 23:30:11 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2009/03/08 23:30:10 | 00,815,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpgn.grm
[2009/03/08 23:30:10 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2009/03/08 23:30:10 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2009/03/08 23:30:10 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2009/03/08 23:30:09 | 00,647,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2009/03/08 23:30:09 | 00,342,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2009/03/08 23:30:09 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2009/03/08 23:30:08 | 00,695,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2009/03/08 23:30:08 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcd.dic
[2009/03/08 23:30:08 | 00,055,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpch.dic
[2009/03/08 23:30:07 | 00,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2009/03/08 23:30:07 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2009/03/08 23:30:07 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2009/03/08 23:30:07 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2009/03/08 23:30:07 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2009/03/08 23:30:06 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009/03/08 23:30:06 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2009/03/08 23:30:06 | 00,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2009/03/08 23:30:05 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiswmi.dll
[2009/03/08 23:30:05 | 00,050,900 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iisweb.vbs
[2009/03/08 23:30:04 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisw3adm.dll
[2009/03/08 23:30:04 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisutil.dll
[2009/03/08 23:30:04 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisuiobj.dll
[2009/03/08 23:30:04 | 00,034,604 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iisvdir.vbs
[2009/03/08 23:30:03 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisres.dll
[2009/03/08 23:30:03 | 00,039,103 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iisschlp.wsc
[2009/03/08 23:30:02 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog.dll
[2009/03/08 23:30:02 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iispwchg.dll
[2009/03/08 23:30:02 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2009/03/08 23:30:01 | 00,060,121 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iisftp.vbs
[2009/03/08 23:30:01 | 00,052,093 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iiscnfg.vbs
[2009/03/08 23:30:01 | 00,034,518 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iisext.vbs
[2009/03/08 23:30:01 | 00,032,887 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iisftpdr.vbs
[2009/03/08 23:30:00 | 01,133,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscfg.dll
[2009/03/08 23:30:00 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2009/03/08 23:30:00 | 00,035,074 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iisback.vbs
[2009/03/08 23:29:59 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2009/03/08 23:29:59 | 00,013,877 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iisapp.vbs
[2009/03/08 23:29:58 | 00,009,709 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IIS_iis_switch.vbs
[2009/03/08 23:29:48 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2009/03/08 23:29:41 | 11,091,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2009/03/08 23:29:35 | 10,100,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2009/03/08 23:29:34 | 00,241,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2009/03/08 23:29:34 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpodbc.dll
[2009/03/08 23:29:34 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmib.dll
[2009/03/08 23:29:33 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2009/03/08 23:29:31 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hexedit.dll
[2009/03/08 23:29:30 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2009/03/08 23:29:30 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2009/03/08 23:29:29 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\grovel.exe
[2009/03/08 23:29:29 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2009/03/08 23:29:29 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\grovmsg.dll
[2009/03/08 23:29:24 | 00,405,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsxp32.dll
[2009/03/08 23:29:24 | 00,398,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2009/03/08 23:29:23 | 00,398,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsxp32.dll
[2009/03/08 23:29:22 | 00,084,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2009/03/08 23:29:22 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxswzrd.dll
[2009/03/08 23:29:21 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2009/03/08 23:29:21 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsui.dll
[2009/03/08 23:29:21 | 00,084,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxswzrd.dll
[2009/03/08 23:29:19 | 00,392,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2009/03/08 23:29:19 | 00,392,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxstiff.dll
[2009/03/08 23:29:19 | 00,387,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxstiff.dll
[2009/03/08 23:29:18 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2009/03/08 23:29:18 | 00,210,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2009/03/08 23:29:18 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30p.dll
[2009/03/08 23:29:17 | 00,561,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2009/03/08 23:29:16 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxssend.exe
[2009/03/08 23:29:15 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsrtmtd.dll
[2009/03/08 23:29:15 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2009/03/08 23:29:15 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxssend.exe
[2009/03/08 23:29:14 | 00,737,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2009/03/08 23:29:14 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2009/03/08 23:29:13 | 00,737,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsres.dll
[2009/03/08 23:29:13 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2009/03/08 23:29:13 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2009/03/08 23:29:12 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsext32.dll
[2009/03/08 23:29:12 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2009/03/08 23:29:11 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2009/03/08 23:29:11 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsext32.dll
[2009/03/08 23:29:10 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\NT4_fxsdrv4.dll
[2009/03/08 23:29:09 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsdrv32.dll
[2009/03/08 23:29:09 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2009/03/08 23:29:08 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2009/03/08 23:29:08 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxscover.exe
[2009/03/08 23:29:07 | 00,286,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2009/03/08 23:29:07 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxscover.exe
[2009/03/08 23:29:07 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2009/03/08 23:29:06 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsclntr.dll
[2009/03/08 23:29:05 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2009/03/08 23:29:05 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsclntr.dll
[2009/03/08 23:29:04 | 00,148,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2009/03/08 23:29:04 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsclnt.exe
[2009/03/08 23:29:03 | 00,148,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsclnt.exe
[2009/03/08 23:29:03 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2009/03/08 23:29:02 | 00,491,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsapi.dll
[2009/03/08 23:29:00 | 00,467,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2009/03/08 23:29:00 | 00,466,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\NT4_fxsapi.dll
[2009/03/08 23:28:59 | 00,467,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsapi.dll
[2009/03/08 23:28:59 | 00,259,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsadmin.dll
[2009/03/08 23:28:59 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsvc2.dll
[2009/03/08 23:28:58 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2009/03/08 23:28:58 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2009/03/08 23:28:58 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2009/03/08 23:28:57 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bhp004.dll
[2009/03/08 23:28:56 | 00,100,936 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2009/03/08 23:28:56 | 00,027,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2009/03/08 23:28:55 | 01,379,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp5awel.dll
[2009/03/08 23:28:54 | 00,944,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp5autl.dll
[2009/03/08 23:28:54 | 00,040,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp5avss.dll
[2009/03/08 23:28:53 | 00,142,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp5amsft.dll
[2009/03/08 23:28:51 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fcachdll.dll
[2009/03/08 23:28:51 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2009/03/08 23:28:50 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2009/03/08 23:28:49 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2009/03/08 23:28:49 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2009/03/08 23:28:49 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2009/03/08 23:28:45 | 00,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
[2009/03/08 23:28:36 | 00,187,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsprov.dll
[2009/03/08 23:28:36 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsperf.dll
[2009/03/08 23:28:35 | 00,873,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsmgr.dll
[2009/03/08 23:28:35 | 00,442,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dns.exe
[2009/03/08 23:28:27 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddrop.dll
[2009/03/08 23:28:25 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2009/03/08 23:28:24 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2009/03/08 23:28:24 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcprox.dll
[2009/03/08 23:28:16 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2009/03/08 23:28:15 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2009/03/08 23:28:15 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2009/03/08 23:28:12 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\complianceextensions.dll
[2009/03/08 23:28:09 | 00,001,844 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IIS_clusweb.vbs
[2009/03/08 23:28:08 | 00,001,849 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IIS_clusftp.vbs
[2009/03/08 23:28:07 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cleanri.exe
[2009/03/08 23:28:05 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2009/03/08 23:28:04 | 00,409,168 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgu.imd
[2009/03/08 23:28:04 | 00,102,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlguc.imd
[2009/03/08 23:28:04 | 00,102,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgsi.imd
[2009/03/08 23:28:04 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgs.imd
[2009/03/08 23:28:03 | 00,427,138 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgie.imd
[2009/03/08 23:28:03 | 00,024,080 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgl.imd
[2009/03/08 23:28:03 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2009/03/08 23:28:02 | 00,543,708 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgb.imd
[2009/03/08 23:28:02 | 00,279,894 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgd.imd
[2009/03/08 23:28:02 | 00,199,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2009/03/08 23:28:01 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/03/08 23:28:00 | 00,462,929 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskdic.dic
[2009/03/08 23:28:00 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2009/03/08 23:28:00 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2009/03/08 23:27:59 | 00,841,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2009/03/08 23:27:58 | 01,682,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2009/03/08 23:27:58 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2009/03/08 23:27:57 | 00,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certsrv.exe
[2009/03/08 23:27:56 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certobj.dll
[2009/03/08 23:27:55 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certdb.dll
[2009/03/08 23:27:55 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certenc.dll
[2009/03/08 23:27:53 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2009/03/08 23:27:52 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2009/03/08 23:27:49 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2009/03/08 23:27:45 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bhp003.dll
[2009/03/08 23:27:44 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2009/03/08 23:27:44 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2009/03/08 23:27:44 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bhp002.dll
[2009/03/08 23:27:43 | 00,365,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bomsnap.dll
[2009/03/08 23:27:43 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitssrv.dll
[2009/03/08 23:27:42 | 00,088,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsmgr.dll
[2009/03/08 23:27:42 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2009/03/08 23:27:42 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bhsupp.dll
[2009/03/08 23:27:41 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\backsnap.dll
[2009/03/08 23:27:39 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\au_accnt.dll
[2009/03/08 23:27:38 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bhp024.dll
[2009/03/08 23:27:37 | 00,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bhp001.dll
[2009/03/08 23:27:37 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2009/03/08 23:27:36 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp.dll
[2009/03/08 23:27:35 | 00,246,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asfarchiver.dll
[2009/03/08 23:27:34 | 00,501,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2009/03/08 23:27:34 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqadmin.dll
[2009/03/08 23:27:32 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2009/03/08 23:27:31 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2009/03/08 23:27:31 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2009/03/08 23:27:31 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2009/03/08 23:27:30 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2009/03/08 23:27:30 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2009/03/08 23:27:28 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiisex.dll
[2009/03/08 23:27:27 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\addusr.exe
[2009/03/08 23:27:27 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2009/03/08 23:27:26 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acwebsvc.dll
[2009/03/08 23:27:25 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\activesockets.dll
[2009/03/08 23:27:23 | 00,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2009/03/08 23:27:14 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2009/03/08 23:27:11 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2009/03/08 23:27:10 | 02,086,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsnap.dll
[2009/03/08 23:27:10 | 00,179,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpadm.dll
[2009/03/08 23:27:09 | 00,027,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2009/03/08 23:26:55 | 02,663,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nntpsnap.dll
[2009/03/08 23:26:55 | 00,187,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nntpadm.dll
[2009/03/08 23:26:53 | 00,254,005 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_msvcrt.dll
[2009/03/08 23:26:50 | 01,163,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_mfc42u.dll
[2009/03/08 23:26:48 | 01,160,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_mfc42.dll
[2009/03/08 23:26:46 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2009/03/08 23:26:45 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2009/03/08 23:26:45 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2009/03/08 23:26:45 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2009/03/08 23:26:44 | 01,057,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2009/03/08 23:26:44 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2009/03/08 23:26:44 | 00,141,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2009/03/08 23:26:43 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2009/03/08 23:26:43 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2009/03/08 23:26:43 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2009/03/08 23:26:43 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2009/03/08 23:26:42 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext.dll
[2009/03/08 23:26:41 | 00,400,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2009/03/08 23:26:41 | 00,199,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2009/03/08 23:26:40 | 00,097,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2009/03/08 23:26:40 | 00,027,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2009/03/08 23:26:38 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2009/03/08 23:26:38 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2009/03/08 23:26:37 | 00,105,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2009/03/08 23:26:36 | 00,297,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2009/03/08 23:26:36 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2009/03/08 23:26:36 | 00,027,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2009/03/08 23:26:35 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis.dll
[2009/03/08 23:26:34 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2009/03/08 23:26:34 | 00,027,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2009/03/08 23:26:25 | 00,000,000 | ---D | C] -- C:\wmpub
[2009/03/08 23:26:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\windows media
[2009/03/08 23:26:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\rpcproxy
[2009/03/08 23:26:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\reminst
[2009/03/08 23:26:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\pop3server
[2009/03/08 23:26:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\netmon
[2009/03/08 23:26:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\certsrv
[2009/03/08 23:24:51 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2009/03/08 23:24:51 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\c_20005.nls
[2009/03/08 23:24:51 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2009/03/08 23:24:51 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\c_20003.nls
[2009/03/08 23:24:51 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2009/03/08 23:24:51 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\c_20932.nls
[2009/03/08 23:24:51 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2009/03/08 23:24:51 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\c_20004.nls
[2009/03/08 23:24:51 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2009/03/08 23:24:51 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2009/03/08 23:24:51 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_20936.nls
[2009/03/08 23:24:51 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_20002.nls
[2009/03/08 23:24:51 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2009/03/08 23:24:51 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_720.nls
[2009/03/08 23:24:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009/03/08 23:24:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2009/03/08 23:24:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_708.nls
[2009/03/08 23:24:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21027.nls
[2009/03/08 23:24:50 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2009/03/08 23:24:50 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\c_1361.nls
[2009/03/08 23:24:50 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2009/03/08 23:24:50 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\c_20001.nls
[2009/03/08 23:24:50 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2009/03/08 23:24:50 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\c_20000.nls
[2009/03/08 23:24:50 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2009/03/08 23:24:50 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2009/03/08 23:24:50 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2009/03/08 23:24:50 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2009/03/08 23:24:50 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20108.nls
[2009/03/08 23:24:50 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20107.nls
[2009/03/08 23:24:50 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20106.nls
[2009/03/08 23:24:50 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20105.nls
[2009/03/08 23:24:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2009/03/08 23:24:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009/03/08 23:24:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2009/03/08 23:24:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2009/03/08 23:24:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2009/03/08 23:24:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2009/03/08 23:24:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2009/03/08 23:24:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2009/03/08 23:24:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_870.nls
[2009/03/08 23:24:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28596.nls
[2009/03/08 23:24:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21025.nls
[2009/03/08 23:24:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20924.nls
[2009/03/08 23:24:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20880.nls
[2009/03/08 23:24:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20871.nls
[2009/03/08 23:24:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20838.nls
[2009/03/08 23:24:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20269.nls
[2009/03/08 23:24:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2009/03/08 23:24:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2009/03/08 23:24:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2009/03/08 23:24:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2009/03/08 23:24:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2009/03/08 23:24:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2009/03/08 23:24:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2009/03/08 23:24:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2009/03/08 23:24:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2009/03/08 23:24:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2009/03/08 23:24:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2009/03/08 23:24:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2009/03/08 23:24:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2009/03/08 23:24:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20833.nls
[2009/03/08 23:24:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20424.nls
[2009/03/08 23:24:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20423.nls
[2009/03/08 23:24:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20420.nls
[2009/03/08 23:24:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20297.nls
[2009/03/08 23:24:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20290.nls
[2009/03/08 23:24:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20285.nls
[2009/03/08 23:24:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20284.nls
[2009/03/08 23:24:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20280.nls
[2009/03/08 23:24:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20278.nls
[2009/03/08 23:24:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20277.nls
[2009/03/08 23:24:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20273.nls
[2009/03/08 23:24:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1149.nls
[2009/03/08 23:24:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2009/03/08 23:24:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2009/03/08 23:24:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2009/03/08 23:24:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2009/03/08 23:24:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2009/03/08 23:24:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2009/03/08 23:24:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2009/03/08 23:24:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2009/03/08 23:24:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2009/03/08 23:24:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2009/03/08 23:24:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1148.nls
[2009/03/08 23:24:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1147.nls
[2009/03/08 23:24:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1146.nls
[2009/03/08 23:24:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1145.nls
[2009/03/08 23:24:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1144.nls
[2009/03/08 23:24:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1143.nls
[2009/03/08 23:24:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1142.nls
[2009/03/08 23:24:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1141.nls
[2009/03/08 23:24:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1140.nls
[2009/03/08 23:24:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1047.nls
[2009/03/08 23:24:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009/03/08 23:24:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10021.nls
[2009/03/08 23:24:45 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2009/03/08 23:24:45 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_10008.nls
[2009/03/08 23:24:44 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2009/03/08 23:24:44 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\c_10002.nls
[2009/03/08 23:24:44 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2009/03/08 23:24:44 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_10003.nls
[2009/03/08 23:24:44 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2009/03/08 23:24:44 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_10001.nls
[2009/03/08 23:24:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009/03/08 23:24:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009/03/08 23:24:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10005.nls
[2009/03/08 23:24:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10004.nls
[2009/03/08 23:24:43 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009/03/08 23:24:43 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009/03/08 23:24:43 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2009/03/08 23:24:43 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_864.nls
[2009/03/08 23:24:43 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_862.nls
[2009/03/08 23:24:43 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_858.nls
[2009/03/08 23:24:41 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2009/03/08 23:24:41 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_g18030.dll
[2009/03/08 23:24:22 | 00,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/03/08 23:24:22 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/03/08 23:24:22 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/03/08 23:24:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2009/03/08 23:24:22 | 00,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2009/03/08 23:24:21 | 00,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2009/03/08 23:24:05 | 00,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2009/03/08 23:23:57 | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/03/08 23:23:56 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/03/08 23:23:38 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2009/03/08 23:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MicrosoftPassport
[2009/03/08 23:23:31 | 00,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2009/03/08 23:19:54 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2009/03/08 23:19:53 | 00,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2009/03/08 23:19:24 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/03/08 23:19:24 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/03/08 23:19:24 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/03/08 23:19:24 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/03/08 23:19:24 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/03/08 23:19:24 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/03/08 23:19:05 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2009/03/08 23:19:01 | 00,001,411 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Security Configuration Wizard.lnk
[2009/03/08 23:19:01 | 00,000,099 | -HS- | C] () -- C:\Documents and Settings\All Users\Desktop\desktop.ini
[2009/03/08 23:18:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/03/08 23:18:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2009/03/08 23:18:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2009/03/08 23:18:30 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sausrmsg.dll
[2009/03/08 23:18:30 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sasitare.dll
[2009/03/08 23:18:30 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\satservr.dll
[2009/03/08 23:18:30 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\satelnet.dll
[2009/03/08 23:18:30 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sasysinf.dll
[2009/03/08 23:18:29 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sanic.dll
[2009/03/08 23:18:29 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sacore.dll
[2009/03/08 23:18:29 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sakitmsg.dll
[2009/03/08 23:18:29 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\saloclui.dll
[2009/03/08 23:18:29 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sashutdn.dll
[2009/03/08 23:18:29 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sanicgbl.dll
[2009/03/08 23:18:29 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\salogs.dll
[2009/03/08 23:18:29 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sagenmsg.dll
[2009/03/08 23:18:29 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\saslfcrt.dll
[2009/03/08 23:18:28 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sadattim.dll
[2009/03/08 23:18:28 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sagnlset.dll
[2009/03/08 23:18:28 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sadvceid.dll
[2009/03/08 23:18:28 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\saevent.dll
[2009/03/08 23:18:28 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\saalteml.dll
[2009/03/08 23:18:28 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\saadmweb.dll
[2009/03/08 23:18:28 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\saadmcfg.dll
[2009/03/08 23:18:28 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\salog.dll
[2009/03/08 23:18:28 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sahelp.dll
[2009/03/08 23:18:28 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sachglng.dll
[2009/03/08 23:18:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ServerAppliance
[2009/03/08 23:18:22 | 04,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2009/03/08 23:18:10 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oobebaln.exe
[2009/03/08 23:18:10 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoobe.exe
[2009/03/08 23:18:10 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobdl.dll
[2009/03/08 23:18:07 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe
[2009/03/08 23:18:07 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2009/03/08 23:18:07 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrcdlg.dll
[2009/03/08 23:18:07 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brpinfo.dll
[2009/03/08 23:18:07 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atrace.dll
[2009/03/08 23:18:07 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2009/03/08 23:18:07 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hcappres.dll
[2009/03/08 23:18:06 | 00,049,104 | -HS- | C] () -- C:\WINDOWS\lanmannt.bmp
[2009/03/08 23:18:06 | 00,049,104 | -HS- | C] () -- C:\WINDOWS\lanma256.bmp
[2009/03/08 23:18:06 | 00,000,002 | ---- | C] () -- C:\WINDOWS\System32\desktop.ini
[2009/03/08 23:18:06 | 00,000,002 | ---- | C] () -- C:\WINDOWS\desktop.ini
[2009/03/08 23:18:02 | 00,004,639 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2009/03/08 23:18:01 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acctres.dll
[2009/03/08 23:18:01 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2009/03/08 23:18:00 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2009/03/08 23:17:57 | 00,065,593 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csapi3t1.dll
[2009/03/08 23:17:56 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2009/03/08 23:17:56 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icfgnt5.dll
[2009/03/08 23:17:56 | 00,000,065 | RH-- | C] () -- C:\WINDOWS\tasks\desktop.ini
[2009/03/08 23:17:56 | 00,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2009/03/08 23:17:55 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2009/03/08 23:17:55 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2009/03/08 23:17:55 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll
[2009/03/08 23:17:55 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2009/03/08 23:17:54 | 00,097,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieinfo5.ocx
[2009/03/08 23:17:52 | 00,723,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srchui.dll
[2009/03/08 23:17:52 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srchctls.dll
[2009/03/08 23:17:51 | 03,167,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgr3en.dll
[2009/03/08 23:17:51 | 00,850,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2009/03/08 23:17:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2009/03/08 23:17:48 | 00,819,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe
[2009/03/08 23:17:48 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpband.dll
[2009/03/08 23:17:48 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpenc.exe
[2009/03/08 23:17:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2009/03/08 23:17:47 | 00,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migrate.exe
[2009/03/08 23:17:47 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpvis.dll
[2009/03/08 23:17:47 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmlaunch.exe
[2009/03/08 23:17:47 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2009/03/08 23:17:47 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll
[2009/03/08 23:17:46 | 00,202,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuweb.dll
[2009/03/08 23:17:46 | 00,202,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2009/03/08 23:17:46 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2009/03/08 23:17:46 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng1.dll
[2009/03/08 23:17:46 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2009/03/08 23:17:46 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2009/03/08 23:17:46 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauserv.dll
[2009/03/08 23:17:46 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauserv.dll
[2009/03/08 23:17:46 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2009/03/08 23:17:45 | 01,232,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll
[2009/03/08 23:17:45 | 01,232,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2009/03/08 23:17:45 | 00,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2009/03/08 23:17:45 | 00,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt1.exe
[2009/03/08 23:17:45 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl
[2009/03/08 23:17:45 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2009/03/08 23:17:45 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt.exe
[2009/03/08 23:17:45 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2009/03/08 23:17:45 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2009/03/08 23:17:45 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2009/03/08 23:17:45 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2009/03/08 23:17:45 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups2.dll
[2009/03/08 23:17:44 | 00,436,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2009/03/08 23:17:44 | 00,436,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2009/03/08 23:17:44 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgr.dll
[2009/03/08 23:17:44 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgr.dll
[2009/03/08 23:17:44 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2009/03/08 23:17:44 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgrprxy.dll
[2009/03/08 23:17:44 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx2.dll
[2009/03/08 23:17:44 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2009/03/08 23:17:44 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx3.dll
[2009/03/08 23:17:44 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2009/03/08 23:17:43 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobmain.dll
[2009/03/08 23:17:43 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobcomm.dll
[2009/03/08 23:17:43 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobshel.dll
[2009/03/08 23:17:43 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobweb.dll
[2009/03/08 23:17:42 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uploadm.exe
[2009/03/08 23:17:41 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2009/03/08 23:17:41 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\racpldlg.dll
[2009/03/08 23:17:41 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2009/03/08 23:17:41 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrslv.dll
[2009/03/08 23:17:41 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pchsvc.dll
[2009/03/08 23:17:41 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2009/03/08 23:17:41 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrdm.dll
[2009/03/08 23:17:40 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pchshell.dll
[2009/03/08 23:17:39 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2009/03/08 23:17:39 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconfig.exe
[2009/03/08 23:17:38 | 00,796,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpctr.exe
[2009/03/08 23:17:38 | 00,762,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2009/03/08 23:17:38 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hscupd.exe
[2009/03/08 23:17:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\PCHealth
[2009/03/08 23:17:35 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fltMgr.sys
[2009/03/08 23:17:35 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmgr.sys
[2009/03/08 23:17:34 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2009/03/08 23:17:34 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ils.dll
[2009/03/08 23:17:34 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2009/03/08 23:17:34 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmevtmsg.dll
[2009/03/08 23:17:33 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msh261.drv
[2009/03/08 23:17:33 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg723.acm
[2009/03/08 23:17:33 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2009/03/08 23:17:33 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconf.dll
[2009/03/08 23:17:33 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcap32.dll
[2009/03/08 23:17:33 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2009/03/08 23:17:33 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmdd.dll
[2009/03/08 23:17:33 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmsrvc.exe
[2009/03/08 23:17:33 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmsrvc.exe
[2009/03/08 23:17:33 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2009/03/08 23:17:33 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmmkcert.dll
[2009/03/08 23:17:32 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\callcont.dll
[2009/03/08 23:17:32 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmas.dll
[2009/03/08 23:17:32 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rrcm.dll
[2009/03/08 23:17:32 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\h323cc.dll
[2009/03/08 23:17:32 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmasnt.dll
[2009/03/08 23:17:31 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst120.dll
[2009/03/08 23:17:31 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nac.dll
[2009/03/08 23:17:31 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmcom.dll
[2009/03/08 23:17:31 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst123.dll
[2009/03/08 23:17:31 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\confmrsl.dll
[2009/03/08 23:17:30 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmwb.dll
[2009/03/08 23:17:30 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmoldwb.dll
[2009/03/08 23:17:30 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmft.dll
[2009/03/08 23:17:30 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmchat.dll
[2009/03/08 23:17:30 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wb32.exe
[2009/03/08 23:17:29 | 01,036,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\conf.exe
[2009/03/08 23:17:29 | 00,255,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2009/03/08 23:17:29 | 00,255,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoeacct.dll
[2009/03/08 23:17:29 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2009/03/08 23:17:29 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoert2.dll
[2009/03/08 23:17:29 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2009/03/08 23:17:29 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe
[2009/03/08 23:17:29 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cb32.exe
[2009/03/08 23:17:29 | 00,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2009/03/08 23:17:28 | 00,506,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32.dll
[2009/03/08 23:17:28 | 00,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32res.dll
[2009/03/08 23:17:28 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabimp.dll
[2009/03/08 23:17:28 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabfind.dll
[2009/03/08 23:17:28 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabmig.exe
[2009/03/08 23:17:27 | 00,681,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcomm.dll
[2009/03/08 23:17:27 | 00,681,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/03/08 23:17:27 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\directdb.dll
[2009/03/08 23:17:27 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msimn.exe
[2009/03/08 23:17:27 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2009/03/08 23:17:27 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetres.dll
[2009/03/08 23:17:27 | 00,000,000 | ---D | C] -- C:\Software
[2009/03/08 23:17:26 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oeimport.dll
[2009/03/08 23:17:25 | 02,480,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoeres.dll
[2009/03/08 23:17:25 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/03/08 23:17:24 | 00,302,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstask.dll
[2009/03/08 23:17:24 | 00,302,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstask.dll
[2009/03/08 23:17:24 | 00,202,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\schedsvc.dll
[2009/03/08 23:17:24 | 00,202,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schedsvc.dll
[2009/03/08 23:17:24 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup50.exe
[2009/03/08 23:17:24 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemig50.exe
[2009/03/08 23:17:24 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemiglib.dll
[2009/03/08 23:17:24 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2009/03/08 23:17:24 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstinit.exe
[2009/03/08 23:17:24 | 00,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2009/03/08 23:17:23 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2009/03/08 23:17:23 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcfg.dll
[2009/03/08 23:17:23 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2009/03/08 23:17:23 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll
[2009/03/08 23:17:23 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2009/03/08 23:17:23 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdial.dll
[2009/03/08 23:17:23 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2009/03/08 23:17:23 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwphbk.dll
[2009/03/08 23:17:22 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwutil.dll
[2009/03/08 23:17:22 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdl.dll
[2009/03/08 23:17:22 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwrmind.exe
[2009/03/08 23:17:21 | 00,561,179 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dao360.dll
[2009/03/08 23:17:21 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn1.exe
[2009/03/08 23:17:21 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwhelp.dll
[2009/03/08 23:17:21 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn2.exe
[2009/03/08 23:17:21 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn.dll
[2009/03/08 23:17:21 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetwiz.exe
[2009/03/08 23:17:20 | 00,491,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32.dll
[2009/03/08 23:17:20 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqlxmlx.dll
[2009/03/08 23:17:20 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32r.dll
[2009/03/08 23:17:19 | 00,315,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasql.dll
[2009/03/08 23:17:19 | 00,212,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaps.dll
[2009/03/08 23:17:19 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatl3.dll
[2009/03/08 23:17:19 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaosp.dll
[2009/03/08 23:17:19 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxactps.dll
[2009/03/08 23:17:19 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatt.dll
[2009/03/08 23:17:19 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasqlr.dll
[2009/03/08 23:17:19 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaurl.dll
[2009/03/08 23:17:19 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasc.dll
[2009/03/08 23:17:18 | 00,266,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaora.dll
[2009/03/08 23:17:18 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll
[2009/03/08 23:17:18 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll
[2009/03/08 23:17:18 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadrh15.dll
[2009/03/08 23:17:18 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msador15.dll
[2009/03/08 23:17:18 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaorar.dll
[2009/03/08 23:17:18 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaer.dll
[2009/03/08 23:17:18 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaenum.dll
[2009/03/08 23:17:18 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdadc.dll
[2009/03/08 23:17:17 | 00,598,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2009/03/08 23:17:17 | 00,212,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll
[2009/03/08 23:17:17 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado27.tlb
[2009/03/08 23:17:17 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado26.tlb
[2009/03/08 23:17:17 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado25.tlb
[2009/03/08 23:17:17 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado21.tlb
[2009/03/08 23:17:17 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado20.tlb
[2009/03/08 23:17:17 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msader15.dll
[2009/03/08 23:17:16 | 00,212,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprst.dll
[2009/03/08 23:17:16 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadds.dll
[2009/03/08 23:17:16 | 00,139,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdarem.dll
[2009/03/08 23:17:16 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdfmap.dll
[2009/03/08 23:17:16 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaddsr.dll
[2009/03/08 23:17:16 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaremr.dll
[2009/03/08 23:17:16 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprsr.dll
[2009/03/08 23:17:15 | 00,356,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2009/03/08 23:17:15 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadco.dll
[2009/03/08 23:17:15 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcf.dll
[2009/03/08 23:17:15 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcs.dll
[2009/03/08 23:17:15 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcer.dll
[2009/03/08 23:17:15 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcor.dll
[2009/03/08 23:17:15 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcfr.dll
[2009/03/08 23:17:14 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/03/08 23:17:14 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/03/08 23:17:14 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hmmapi.dll
[2009/03/08 23:17:14 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedw.exe
[2009/03/08 23:17:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2009/03/08 23:17:13 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2009/03/08 23:17:12 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/03/08 23:17:05 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/03/08 23:13:40 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/03/08 23:13:31 | 00,021,160 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/03/08 23:13:14 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2009/03/08 23:13:11 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2009/03/08 23:13:11 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2009/03/08 23:12:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2009/03/08 23:11:12 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2009/03/08 23:11:12 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2009/03/08 23:11:01 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2009/03/08 23:11:01 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2009/03/08 23:11:00 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2009/03/08 23:11:00 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2009/03/08 23:11:00 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2009/03/08 23:11:00 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2009/03/08 23:11:00 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2009/03/08 23:11:00 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2009/03/08 23:11:00 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2009/03/08 23:11:00 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2009/03/08 23:10:59 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clipbrd.exe
[2009/03/08 23:10:59 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2009/03/08 23:10:59 | 00,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2009/03/08 23:10:59 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2009/03/08 23:10:59 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2009/03/08 23:10:59 | 00,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2009/03/08 23:10:59 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2009/03/08 23:10:58 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2009/03/08 23:10:58 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2009/03/08 23:10:58 | 00,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2009/03/08 23:10:58 | 00,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2009/03/08 23:10:58 | 00,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2009/03/08 23:10:58 | 00,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2009/03/08 23:10:58 | 00,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2009/03/08 23:10:58 | 00,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2009/03/08 23:10:57 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2009/03/08 23:10:57 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2009/03/08 23:10:57 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cluadmmc.dll
[2009/03/08 23:10:56 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vsstskex.dll
[2009/03/08 23:10:56 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vsstask.dll
[2009/03/08 23:10:56 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clussprt.dll
[2009/03/08 23:10:56 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ClusSprt.dll
[2009/03/08 23:10:56 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshclus.dll
[2009/03/08 23:10:55 | 01,489,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\instmsia.exe
[2009/03/08 23:10:54 | 01,499,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\instmsiw.exe
[2009/03/08 23:10:52 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\register.exe
[2009/03/08 23:10:52 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2009/03/08 23:10:52 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aciniupd.exe
[2009/03/08 23:10:52 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acregl.exe
[2009/03/08 23:10:52 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acsr.exe
[2009/03/08 23:10:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\Application Compatibility Scripts
[2009/03/08 23:10:51 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2009/03/08 23:10:51 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscupgrd.exe
[2009/03/08 23:10:51 | 00,042,109 | ---- | C] () -- C:\WINDOWS\System32\tsmmc.msc
[2009/03/08 23:10:51 | 00,041,732 | ---- | C] () -- C:\WINDOWS\System32\tscc.msc
[2009/03/08 23:10:51 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2009/03/08 23:10:51 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cprofile.exe
[2009/03/08 23:10:51 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2009/03/08 23:10:51 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdsaddin.exe
[2009/03/08 23:10:51 | 00,012,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdpipe.sys
[2009/03/08 23:10:51 | 00,012,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdpipe.sys
[2009/03/08 23:10:51 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2009/03/08 23:10:51 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe
[2009/03/08 23:10:50 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2009/03/08 23:10:50 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe
[2009/03/08 23:10:50 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2009/03/08 23:10:50 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2009/03/08 23:10:50 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe
[2009/03/08 23:10:50 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe
[2009/03/08 23:10:50 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2009/03/08 23:10:50 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe
[2009/03/08 23:10:50 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2009/03/08 23:10:50 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe
[2009/03/08 23:10:50 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2009/03/08 23:10:50 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe
[2009/03/08 23:10:50 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2009/03/08 23:10:50 | 00,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2009/03/08 23:10:50 | 00,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2009/03/08 23:10:49 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2009/03/08 23:10:49 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe
[2009/03/08 23:10:49 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtsadmin.tlb
[2009/03/08 23:10:49 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2009/03/08 23:10:49 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe
[2009/03/08 23:10:49 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2009/03/08 23:10:49 | 00,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2009/03/08 23:10:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2009/03/08 23:10:48 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.dll
[2009/03/08 23:10:48 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2009/03/08 23:10:48 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comaddin.dll
[2009/03/08 23:10:48 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2009/03/08 23:10:48 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2009/03/08 23:10:48 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxlegih.dll
[2009/03/08 23:10:48 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2009/03/08 23:10:48 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxdm.dll
[2009/03/08 23:10:48 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comclust.exe
[2009/03/08 23:10:48 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comclust.exe
[2009/03/08 23:10:48 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.exe
[2009/03/08 23:10:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcomcnfg.exe
[2009/03/08 23:10:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrereg.exe
[2009/03/08 23:10:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2009/03/08 23:10:48 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2009/03/08 23:10:48 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxex.dll
[2009/03/08 23:10:47 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrvps.dll
[2009/03/08 23:10:47 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2009/03/08 23:10:43 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipdskq.dll
[2009/03/08 23:10:43 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipsess.dll
[2009/03/08 23:10:42 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2009/03/08 23:10:42 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.tlb
[2009/03/08 23:10:42 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licwmi.dll
[2009/03/08 23:10:42 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemsvc.dll
[2009/03/08 23:10:42 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipdfs.dll
[2009/03/08 23:10:42 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wminet_utils.dll
[2009/03/08 23:10:42 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmtr.dll
[2009/03/08 23:10:42 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiapres.dll
[2009/03/08 23:10:41 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vsavb7rtui.dll
[2009/03/08 23:10:40 | 01,032,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vsavb7rt.dll
[2009/03/08 23:10:40 | 00,737,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbc.exe
[2009/03/08 23:10:40 | 00,131,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbc7ui.dll
[2009/03/08 23:10:40 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\togac.exe
[2009/03/08 23:10:39 | 02,056,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.windows.forms.dll
[2009/03/08 23:10:39 | 01,355,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.xml.dll
[2009/03/08 23:10:39 | 00,819,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.web.mobile.dll
[2009/03/08 23:10:39 | 00,573,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.web.services.dll
[2009/03/08 23:10:39 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.windows.forms.tlb
[2009/03/08 23:10:39 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.web.regularexpressions.dll
[2009/03/08 23:10:38 | 01,261,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.web.dll
[2009/03/08 23:10:38 | 00,372,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.management.dll
[2009/03/08 23:10:38 | 00,323,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.runtime.remoting.dll
[2009/03/08 23:10:38 | 00,241,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.messaging.dll
[2009/03/08 23:10:38 | 00,131,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.runtime.serialization.formatters.soap.dll
[2009/03/08 23:10:38 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.serviceprocess.dll
[2009/03/08 23:10:38 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.security.dll
[2009/03/08 23:10:38 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.tlb
[2009/03/08 23:10:38 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.enterpriseservices.thunk.dll
[2009/03/08 23:10:38 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.enterpriseservices.tlb
[2009/03/08 23:10:37 | 01,228,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\Sy52106.dll
[2009/03/08 23:10:37 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.drawing.dll
[2009/03/08 23:10:37 | 00,241,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.enterpriseservices.dll
[2009/03/08 23:10:37 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.directoryservices.dll
[2009/03/08 23:10:37 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.drawing.design.dll
[2009/03/08 23:10:37 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.drawing.tlb
[2009/03/08 23:10:36 | 01,703,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.design.dll
[2009/03/08 23:10:36 | 01,298,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.data.dll
[2009/03/08 23:10:36 | 00,319,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sos.dll
[2009/03/08 23:10:36 | 00,303,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.data.oracleclient.dll
[2009/03/08 23:10:36 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.configuration.install.dll
[2009/03/08 23:10:35 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shfusion.dll
[2009/03/08 23:10:35 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shfusres.dll
[2009/03/08 23:10:35 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dllcache\setregni.exe
[2009/03/08 23:10:35 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regcode.dll
[2009/03/08 23:10:35 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regasm.exe
[2009/03/08 23:10:35 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regsvcs.exe
[2009/03/08 23:10:34 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvcr71.dll
[2009/03/08 23:10:34 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perfcounter.dll
[2009/03/08 23:10:34 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ngen.exe
[2009/03/08 23:10:34 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netfxperf.dll
[2009/03/08 23:10:34 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxoci8.dll
[2009/03/08 23:10:34 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netuires.dll
[2009/03/08 23:10:33 | 02,506,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscorwks.dll
[2009/03/08 23:10:33 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscortim.dll
[2009/03/08 23:10:32 | 02,519,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscorsvr.dll
[2009/03/08 23:10:32 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscorrc.dll
[2009/03/08 23:10:32 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscorsec.dll
[2009/03/08 23:10:32 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscorsn.dll
[2009/03/08 23:10:32 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscorpe.dll
[2009/03/08 23:10:32 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscorsecr.dll
[2009/03/08 23:10:31 | 02,138,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscorlib.dll
[2009/03/08 23:10:31 | 00,471,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscorlib.tlb
[2009/03/08 23:10:31 | 00,315,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscorjit.dll
[2009/03/08 23:10:31 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscories.dll
[2009/03/08 23:10:31 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscorld.dll
[2009/03/08 23:10:31 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscorie.dll
[2009/03/08 23:10:31 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscorier.dll
[2009/03/08 23:10:31 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2009/03/08 23:10:30 | 01,564,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscorcfg.dll
[2009/03/08 23:10:30 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscordbi.dll
[2009/03/08 23:10:30 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscoree.dll
[2009/03/08 23:10:30 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscordbc.dll
[2009/03/08 23:10:30 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migpolwin.exe
[2009/03/08 23:10:30 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migpol.exe
[2009/03/08 23:10:30 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\microsoft.vsa.dll
[2009/03/08 23:10:30 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\microsoft.visualbasic.vsa.dll
[2009/03/08 23:10:30 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\microsoft.vsa.tlb
[2009/03/08 23:10:30 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscoree.tlb
[2009/03/08 23:10:30 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\microsoft.vsa.vb.codedomprocessor.dll
[2009/03/08 23:10:30 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\microsoft_vsavb.dll
[2009/03/08 23:10:30 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\microsoft.vsa.vb.codedomprocessor.tlb
[2009/03/08 23:10:30 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\microsoft.visualc.dll
[2009/03/08 23:10:29 | 00,720,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\microsoft.jscript.dll
[2009/03/08 23:10:29 | 00,299,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\microsoft.visualbasic.dll
[2009/03/08 23:10:29 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\microsoft.jscript.tlb
[2009/03/08 23:10:29 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsc.exe
[2009/03/08 23:10:29 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\installutillib.dll
[2009/03/08 23:10:29 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isymwrapper.dll
[2009/03/08 23:10:29 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\installutil.exe
[2009/03/08 23:10:28 | 00,798,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\eventlogmessages.dll
[2009/03/08 23:10:28 | 00,524,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\diasymreader.dll
[2009/03/08 23:10:28 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fusion.dll
[2009/03/08 23:10:28 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ilasm.exe
[2009/03/08 23:10:28 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gacutil.exe
[2009/03/08 23:10:28 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iehost.dll
[2009/03/08 23:10:28 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieexecremote.dll
[2009/03/08 23:10:28 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieexec.exe
[2009/03/08 23:10:28 | 00,004,608 | ---- | C] ( ) -- C:\WINDOWS\System32\dllcache\iiehost.dll
[2009/03/08 23:10:27 | 00,626,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cscomp.dll
[2009/03/08 23:10:27 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cscompui.dll
[2009/03/08 23:10:27 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csc.exe
[2009/03/08 23:10:27 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custommarshalers.dll
[2009/03/08 23:10:27 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cv60450.exe
[2009/03/08 23:10:27 | 00,012,288 | ---- | C] ( ) -- C:\WINDOWS\System32\dllcache\cscompmgd.dll
[2009/03/08 23:10:26 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspnet_isapi.dll
[2009/03/08 23:10:26 | 00,219,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cg18030.dll
[2009/03/08 23:10:26 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\caspol.exe
[2009/03/08 23:10:26 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corperfmonext.dll
[2009/03/08 23:10:26 | 00,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\dllcache\configwizards.exe
[2009/03/08 23:10:26 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspnet_rc.dll
[2009/03/08 23:10:26 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspnet_wp.exe
[2009/03/08 23:10:26 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspnet_state.exe
[2009/03/08 23:10:26 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspnet_filter.dll
[2009/03/08 23:10:26 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspnet_regiis.exe
[2009/03/08 23:10:25 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\alink.dll
[2009/03/08 23:10:25 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\alinkui.dll
[2009/03/08 23:10:25 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\accessibility.dll
[2009/03/08 23:10:14 | 00,343,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2009/03/08 23:10:14 | 00,343,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2009/03/08 23:10:14 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/03/08 23:10:14 | 00,186,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\accwiz.exe
[2009/03/08 23:10:14 | 00,186,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2009/03/08 23:10:14 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2009/03/08 23:10:14 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2009/03/08 23:10:14 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\access.cpl
[2009/03/08 23:10:14 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2009/03/08 23:10:14 | 00,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2009/03/08 23:10:13 | 00,283,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lrwizdll.dll
[2009/03/08 23:10:13 | 00,283,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lrwizdll.dll
[2009/03/08 23:10:13 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2009/03/08 23:10:13 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2009/03/08 23:10:13 | 00,141,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2009/03/08 23:10:13 | 00,141,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndrec32.exe
[2009/03/08 23:10:13 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2009/03/08 23:10:13 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2009/03/08 23:10:13 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr.exe
[2009/03/08 23:10:13 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr.exe
[2009/03/08 23:10:12 | 00,873,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clcfgsrv.dll
[2009/03/08 23:10:12 | 00,111,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cluswmi.dll
[2009/03/08 23:10:12 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqclus.dll
[2009/03/08 23:10:12 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clnetrex.dll
[2009/03/08 23:10:12 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\debugex.dll
[2009/03/08 23:10:11 | 00,443,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cluadmin.exe
[2009/03/08 23:10:11 | 00,318,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cladmwiz.dll
[2009/03/08 23:10:11 | 00,176,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cluadmex.dll
[2009/03/08 23:10:11 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\resrcmon.exe
[2009/03/08 23:10:11 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clnetres.dll
[2009/03/08 23:10:10 | 00,838,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clussvc.exe
[2009/03/08 23:10:10 | 00,476,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clusres.dll
[2009/03/08 23:10:10 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ClusNet.sys
[2009/03/08 23:10:10 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clusnet.sys
[2009/03/08 23:10:10 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ClusDisk.sys
[2009/03/08 23:10:10 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clusdisk.sys
[2009/03/08 23:10:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cluster
[2009/03/08 23:10:09 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstsmmc.dll
[2009/03/08 23:10:09 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstsmmc.dll
[2009/03/08 23:10:09 | 00,152,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpwd.sys
[2009/03/08 23:10:09 | 00,152,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2009/03/08 23:10:09 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstsmhst.dll
[2009/03/08 23:10:09 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstsmhst.dll
[2009/03/08 23:10:09 | 00,023,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdtcp.sys
[2009/03/08 23:10:09 | 00,023,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdtcp.sys
[2009/03/08 23:10:08 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\quser.exe
[2009/03/08 23:10:08 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2009/03/08 23:10:08 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2009/03/08 23:10:08 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chgport.exe
[2009/03/08 23:10:08 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\flattemp.exe
[2009/03/08 23:10:08 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2009/03/08 23:10:08 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsprof.exe
[2009/03/08 23:10:08 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2009/03/08 23:10:08 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2009/03/08 23:10:08 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2009/03/08 23:10:08 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chgusr.exe
[2009/03/08 23:10:08 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chglogon.exe
[2009/03/08 23:10:08 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\query.exe
[2009/03/08 23:10:08 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2009/03/08 23:10:08 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2009/03/08 23:10:08 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\change.exe
[2009/03/08 23:10:07 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscc.dll
[2009/03/08 23:10:07 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscc.dll
[2009/03/08 23:10:07 | 00,283,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsadmin.exe
[2009/03/08 23:10:07 | 00,283,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsadmin.exe
[2009/03/08 23:10:07 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2009/03/08 23:10:07 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscfgwmi.dll
[2009/03/08 23:10:07 | 00,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tssdis.exe
[2009/03/08 23:10:07 | 00,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tssdis.exe
[2009/03/08 23:10:07 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tssdjet.dll
[2009/03/08 23:10:07 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tssdjet.dll
[2009/03/08 23:10:06 | 00,753,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstscax.dll
[2009/03/08 23:10:06 | 00,753,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2009/03/08 23:10:06 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstsc.exe
[2009/03/08 23:10:06 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstsc.exe
[2009/03/08 23:10:06 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sessmgr.exe
[2009/03/08 23:10:06 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sessmgr.exe
[2009/03/08 23:10:06 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2009/03/08 23:10:06 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdshost.exe
[2009/03/08 23:10:06 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\remotepg.dll
[2009/03/08 23:10:06 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\remotepg.dll
[2009/03/08 23:10:05 | 00,244,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\termsrv.dll
[2009/03/08 23:10:05 | 00,244,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\termsrv.dll
[2009/03/08 23:10:05 | 00,137,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2009/03/08 23:10:05 | 00,137,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdchost.dll
[2009/03/08 23:10:05 | 00,104,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2009/03/08 23:10:05 | 00,104,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwsx.dll
[2009/03/08 23:10:05 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2009/03/08 23:10:05 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpclip.exe
[2009/03/08 23:10:05 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2009/03/08 23:10:05 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qwinsta.exe
[2009/03/08 23:10:05 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2009/03/08 23:10:05 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qprocess.exe
[2009/03/08 23:10:05 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2009/03/08 23:10:05 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qappsrv.exe
[2009/03/08 23:10:05 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tlsbln.exe
[2009/03/08 23:10:05 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tlsbln.exe
[2009/03/08 23:10:05 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2009/03/08 23:10:05 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcfgex.dll
[2009/03/08 23:10:04 | 00,466,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2009/03/08 23:10:04 | 00,466,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcprx.dll
[2009/03/08 23:10:04 | 00,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2009/03/08 23:10:04 | 00,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcuiu.dll
[2009/03/08 23:10:04 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2009/03/08 23:10:04 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxoci.dll
[2009/03/08 23:10:04 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgbkend.dll
[2009/03/08 23:10:04 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2009/03/08 23:10:04 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2009/03/08 23:10:04 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msg.exe
[2009/03/08 23:10:04 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2009/03/08 23:10:04 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icaapi.dll
[2009/03/08 23:10:03 | 01,008,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2009/03/08 23:10:03 | 01,008,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtctm.dll
[2009/03/08 23:10:03 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2009/03/08 23:10:03 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtclog.dll
[2009/03/08 23:10:03 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2009/03/08 23:10:03 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xolehlp.dll
[2009/03/08 23:10:03 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtc.exe
[2009/03/08 23:10:03 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtc.exe
[2009/03/08 23:10:02 | 00,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comadmin.dll
[2009/03/08 23:10:02 | 00,104,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clbcatex.dll
[2009/03/08 23:10:02 | 00,104,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2009/03/08 23:10:02 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2009/03/08 23:10:02 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stclient.dll
[2009/03/08 23:10:02 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2009/03/08 23:10:02 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2009/03/08 23:10:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2009/03/08 23:10:01 | 01,248,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsvcs.dll
[2009/03/08 23:10:01 | 01,248,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2009/03/08 23:10:01 | 00,622,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrvut.dll
[2009/03/08 23:10:01 | 00,622,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2009/03/08 23:10:01 | 00,596,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comuid.dll
[2009/03/08 23:10:01 | 00,596,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2009/03/08 23:10:01 | 00,279,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrv.dll
[2009/03/08 23:10:01 | 00,279,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2009/03/08 23:10:00 | 00,514,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clbcatq.dll
[2009/03/08 23:10:00 | 00,514,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatq.dll
[2009/03/08 23:10:00 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsnap.dll
[2009/03/08 23:10:00 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2009/03/08 23:10:00 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmi2xml.dll
[2009/03/08 23:09:57 | 00,095,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiutils.dll
[2009/03/08 23:09:57 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmitimep.dll
[2009/03/08 23:09:56 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/03/08 23:09:56 | 00,207,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/03/08 23:09:56 | 00,162,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipcima.dll
[2009/03/08 23:09:56 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprov.dll
[2009/03/08 23:09:56 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmisvc.dll
[2009/03/08 23:09:56 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipicmp.dll
[2009/03/08 23:09:56 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipjobj.dll
[2009/03/08 23:09:56 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipiprt.dll
[2009/03/08 23:09:55 | 00,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmic.exe
[2009/03/08 23:09:55 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiadap.exe
[2009/03/08 23:09:55 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmidcprv.dll
[2009/03/08 23:09:55 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiapsrv.exe
[2009/03/08 23:09:55 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiaprpl.dll
[2009/03/08 23:09:55 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmicookr.dll
[2009/03/08 23:09:55 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmt.exe
[2009/03/08 23:09:54 | 00,509,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcore.dll
[2009/03/08 23:09:54 | 00,278,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemess.dll
[2009/03/08 23:09:54 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcntl.dll
[2009/03/08 23:09:54 | 00,181,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.dll
[2009/03/08 23:09:54 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viewprov.dll
[2009/03/08 23:09:54 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemtest.exe
[2009/03/08 23:09:54 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcons.dll
[2009/03/08 23:09:54 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemprox.dll
[2009/03/08 23:09:53 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\repdrvfs.dll
[2009/03/08 23:09:53 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stdprov.dll
[2009/03/08 23:09:53 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrcons.exe
[2009/03/08 23:09:53 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpcons.dll
[2009/03/08 23:09:53 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unsecapp.exe
[2009/03/08 23:09:52 | 00,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntevt.dll
[2009/03/08 23:09:52 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\provthrd.dll
[2009/03/08 23:09:52 | 00,124,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofd.dll
[2009/03/08 23:09:52 | 00,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\policman.dll
[2009/03/08 23:09:52 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ncprov.dll
[2009/03/08 23:09:52 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\krnlprov.dll
[2009/03/08 23:09:52 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofcomp.exe
[2009/03/08 23:09:51 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/03/08 23:09:51 | 00,256,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\esscli.dll
[2009/03/08 23:09:51 | 00,178,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\framedyn.dll
[2009/03/08 23:09:51 | 00,125,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprov.dll
[2009/03/08 23:09:50 | 01,372,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cimwin32.dll
[2009/03/08 23:09:50 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2009/03/08 23:09:50 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\servdeps.dll
[2009/03/08 23:09:50 | 00,041,914 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2009/03/08 23:09:50 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2009/03/08 23:09:50 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mmfutil.dll
[2009/03/08 23:09:49 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmprops.dll
[2009/03/08 23:09:49 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2009/03/08 23:09:44 | 00,201,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpdr.sys
[2009/03/08 23:09:43 | 00,041,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\termdd.sys
[2009/03/08 23:01:33 | 01,130,540 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/03/08 22:55:02 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\r2repair.exe
[2009/03/08 22:55:02 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\r2icons.dll
[2009/03/08 22:55:00 | 00,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\puiapi.dll
[2009/03/08 22:55:00 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fsrrole.dll
[2009/03/08 22:55:00 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cyswss.dll
[2009/03/08 22:55:00 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fsrres.dll
[2009/03/08 22:55:00 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\printrole.dll
[2009/03/08 22:54:43 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MMCFxCommon.dll
[2009/03/08 22:54:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/03/08 22:54:42 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MMCEx.dll
[2009/03/08 22:54:42 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Microsoft.ManagementConsole.dll
[2009/03/08 22:54:42 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MMCPerf.exe
[2009/03/08 22:54:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\corebins
[2009/03/08 22:53:52 | 00,022,752 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2009/03/08 22:43:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2009/03/08 22:43:25 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\Administrator\My Documents\desktop.ini
[2009/03/08 22:43:17 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini
[2009/03/08 22:43:17 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2009/03/08 22:43:17 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2009/03/08 22:43:17 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2009/03/08 15:47:52 | 00,114,944 | ---- | C] (VIA Technologies inc,.ltd) -- C:\WINDOWS\System32\drivers\viamraid.sys
[2009/03/08 15:44:17 | 00,022,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Hpt366.sys
[2009/03/08 15:07:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\lls
[2009/03/08 15:07:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\cpl.cfg
[2009/03/08 15:06:50 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\audstub.sys
[2009/03/08 15:06:18 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\redbook.sys
[2009/03/08 15:05:42 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\crcdisk.sys
[2009/03/08 15:05:29 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2009/03/08 15:05:21 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\AGP440.SYS
[2009/03/08 15:01:08 | 00,003,376 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/03/08 15:00:56 | 00,416,044 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/08 15:00:55 | 00,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2009/03/08 15:00:53 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/03/08 15:00:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2009/03/08 15:00:49 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll
[2009/03/08 15:00:49 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll
[2009/03/08 15:00:48 | 01,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2009/03/08 15:00:48 | 00,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2009/03/08 15:00:47 | 00,790,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spttseng.dll
[2009/03/08 15:00:47 | 00,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2009/03/08 15:00:47 | 00,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2009/03/08 15:00:47 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.cpl
[2009/03/08 15:00:47 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2009/03/08 15:00:46 | 00,749,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.dll
[2009/03/08 15:00:46 | 00,000,000 | R--D | C] -- C:\Program Files
[2009/03/08 15:00:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2009/03/08 15:00:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2009/03/08 15:00:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files
[2009/03/08 15:00:44 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt041f.dll
[2009/03/08 15:00:43 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2009/03/08 15:00:43 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2009/03/08 15:00:43 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuq.dll
[2009/03/08 15:00:43 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuf.dll
[2009/03/08 15:00:43 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2009/03/08 15:00:43 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdazel.dll
[2009/03/08 15:00:42 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls
[2009/03/08 15:00:42 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2009/03/08 15:00:42 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
[2009/03/08 15:00:42 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls
[2009/03/08 15:00:42 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2009/03/08 15:00:42 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2009/03/08 15:00:42 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0419.dll
[2009/03/08 15:00:40 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2009/03/08 15:00:40 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2009/03/08 15:00:40 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru1.dll
[2009/03/08 15:00:40 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdaze.dll
[2009/03/08 15:00:40 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2009/03/08 15:00:40 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2009/03/08 15:00:40 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2009/03/08 15:00:40 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2009/03/08 15:00:40 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2009/03/08 15:00:40 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2009/03/08 15:00:40 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2009/03/08 15:00:40 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2009/03/08 15:00:40 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2009/03/08 15:00:40 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2009/03/08 15:00:40 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycc.dll
[2009/03/08 15:00:40 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbduzb.dll
[2009/03/08 15:00:40 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdur.dll
[2009/03/08 15:00:40 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtat.dll
[2009/03/08 15:00:40 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru.dll
[2009/03/08 15:00:40 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmon.dll
[2009/03/08 15:00:40 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkyr.dll
[2009/03/08 15:00:40 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkaz.dll
[2009/03/08 15:00:40 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbu.dll
[2009/03/08 15:00:40 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdblr.dll
[2009/03/08 15:00:39 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
[2009/03/08 15:00:39 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls
[2009/03/08 15:00:39 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls
[2009/03/08 15:00:39 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2009/03/08 15:00:39 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2009/03/08 15:00:39 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2009/03/08 15:00:39 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0408.dll
[2009/03/08 15:00:37 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls
[2009/03/08 15:00:37 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls
[2009/03/08 15:00:37 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2009/03/08 15:00:37 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2009/03/08 15:00:37 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls
[2009/03/08 15:00:37 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
[2009/03/08 15:00:37 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls
[2009/03/08 15:00:37 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2009/03/08 15:00:37 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2009/03/08 15:00:37 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2009/03/08 15:00:37 | 00,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2009/03/08 15:00:37 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhept.dll
[2009/03/08 15:00:37 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2009/03/08 15:00:37 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela3.dll
[2009/03/08 15:00:37 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2009/03/08 15:00:37 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2009/03/08 15:00:37 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela2.dll
[2009/03/08 15:00:37 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgkl.dll
[2009/03/08 15:00:37 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2009/03/08 15:00:37 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2009/03/08 15:00:37 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2009/03/08 15:00:37 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe319.dll
[2009/03/08 15:00:37 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe220.dll
[2009/03/08 15:00:37 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe.dll
[2009/03/08 15:00:35 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls
[2009/03/08 15:00:35 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls
[2009/03/08 15:00:35 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2009/03/08 15:00:35 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2009/03/08 15:00:35 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
[2009/03/08 15:00:35 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
[2009/03/08 15:00:35 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2009/03/08 15:00:35 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2009/03/08 15:00:35 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2009/03/08 15:00:35 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2009/03/08 15:00:35 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2009/03/08 15:00:35 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv1.dll
[2009/03/08 15:00:35 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv.dll
[2009/03/08 15:00:35 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdest.dll
[2009/03/08 15:00:35 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2009/03/08 15:00:35 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2009/03/08 15:00:35 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt1.dll
[2009/03/08 15:00:35 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt.dll
[2009/03/08 15:00:34 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040e.dll
[2009/03/08 15:00:34 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0415.dll
[2009/03/08 15:00:34 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0405.dll
[2009/03/08 15:00:33 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2009/03/08 15:00:33 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl1.dll
[2009/03/08 15:00:32 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls
[2009/03/08 15:00:32 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2009/03/08 15:00:32 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls
[2009/03/08 15:00:32 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls
[2009/03/08 15:00:32 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls
[2009/03/08 15:00:32 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2009/03/08 15:00:32 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2009/03/08 15:00:32 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2009/03/08 15:00:32 | 00,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2009/03/08 15:00:32 | 00,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2009/03/08 15:00:32 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz2.dll
[2009/03/08 15:00:32 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz.dll
[2009/03/08 15:00:32 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2009/03/08 15:00:32 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2009/03/08 15:00:32 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2009/03/08 15:00:32 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2009/03/08 15:00:32 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2009/03/08 15:00:32 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2009/03/08 15:00:32 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2009/03/08 15:00:32 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycl.dll
[2009/03/08 15:00:32 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl.dll
[2009/03/08 15:00:32 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl.dll
[2009/03/08 15:00:32 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu.dll
[2009/03/08 15:00:32 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz1.dll
[2009/03/08 15:00:32 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcr.dll
[2009/03/08 15:00:32 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdal.dll
[2009/03/08 15:00:32 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2009/03/08 15:00:32 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl1.dll
[2009/03/08 15:00:32 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2009/03/08 15:00:32 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2009/03/08 15:00:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdro.dll
[2009/03/08 15:00:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu1.dll
[2009/03/08 15:00:28 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
[2009/03/08 15:00:28 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2009/03/08 15:00:26 | 00,019,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2009/03/08 15:00:26 | 00,013,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2009/03/08 15:00:26 | 00,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2009/03/08 15:00:26 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2009/03/08 15:00:26 | 00,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2009/03/08 15:00:26 | 00,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2009/03/08 15:00:26 | 00,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2009/03/08 15:00:26 | 00,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2009/03/08 15:00:25 | 00,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2009/03/08 15:00:25 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2009/03/08 15:00:25 | 00,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2009/03/08 15:00:25 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2009/03/08 15:00:25 | 00,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2009/03/08 15:00:25 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2009/03/08 15:00:25 | 00,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2009/03/08 15:00:25 | 00,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2009/03/08 15:00:25 | 00,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2009/03/08 15:00:25 | 00,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2009/03/08 15:00:24 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINSPOOL.DRV
[2009/03/08 15:00:24 | 00,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2009/03/08 15:00:24 | 00,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2009/03/08 15:00:24 | 00,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL
[2009/03/08 15:00:24 | 00,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2009/03/08 15:00:24 | 00,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2009/03/08 15:00:23 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NOTEPAD.EXE
[2009/03/08 15:00:14 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2009/03/08 15:00:03 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2009/03/08 15:00:03 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2009/03/08 14:59:45 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[2009/03/08 14:59:45 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
[2009/03/08 14:59:45 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009/03/08 14:59:43 | 00,110,048 | ---- | C] () -- C:\WINDOWS\System32\dllcache\UDDI.CAT
[2009/03/08 14:59:43 | 00,063,257 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NETFX.CAT
[2009/03/08 14:59:43 | 00,027,109 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SCW.CAT
[2009/03/08 14:59:43 | 00,020,591 | ---- | C] () -- C:\WINDOWS\System32\dllcache\admt.cat
[2009/03/08 14:59:42 | 00,079,098 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sasetup.CAT
[2009/03/08 14:59:42 | 00,064,105 | ---- | C] () -- C:\WINDOWS\System32\dllcache\adminpak.CAT
[2009/03/08 14:59:42 | 00,019,383 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FXSCAT.CAT
[2009/03/08 14:59:42 | 00,008,571 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/03/08 14:59:42 | 00,007,379 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/03/08 14:59:42 | 00,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2009/03/08 14:59:41 | 00,311,588 | ---- | C] () -- C:\WINDOWS\System32\dllcache\WMSocm.CAT
[2009/03/08 14:59:41 | 00,064,721 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP5.CAT
[2009/03/08 14:59:41 | 00,064,351 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/03/08 14:59:41 | 00,012,843 | ---- | C] () -- C:\WINDOWS\System32\dllcache\INS.CAT
[2009/03/08 14:59:41 | 00,011,683 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2009/03/08 14:59:40 | 01,182,996 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP1.CAT
[2009/03/08 14:59:40 | 01,103,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NTPRINT.CAT
[2009/03/08 14:59:38 | 01,885,957 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2009/03/08 14:59:38 | 00,648,896 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2009/03/08 14:59:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2009/03/08 14:59:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2009/03/08 14:59:07 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/03/08 14:58:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings
[2009/03/08 14:58:40 | 00,090,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/08 14:56:37 | 00,000,720 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/03/08 14:48:17 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009/03/08 14:42:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\OemDir
[2009/03/08 14:42:45 | 00,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2009/03/08 14:42:45 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2009/03/08 14:42:45 | 00,000,000 | R--D | C] -- C:\WINDOWS\Web
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\TAPI
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\clients
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\administration
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\system32
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\system
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\security
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\repair
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\mui
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\Media
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\java
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\inf
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\ime
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\Help
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\Config
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\addins
[2009/03/08 14:42:45 | 00,000,000 | ---D | C] -- C:\WINDOWS

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[7 C:\WINDOWS\*.tmp files]
[2009/04/02 20:46:37 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\m9ggm7gm.exe
[2009/04/02 20:46:24 | 00,499,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
[2009/04/01 23:45:45 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/01 23:42:27 | 01,130,540 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/03/09 00:32:26 | 00,012,328 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/09 00:31:48 | 00,001,505 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vuze.lnk
[2009/03/08 23:40:22 | 00,090,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/08 23:38:43 | 00,000,720 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/03/08 23:24:33 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[2009/03/08 23:24:33 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini
[2009/03/08 23:24:22 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/03/08 23:24:22 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/03/08 23:24:22 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/03/08 23:24:22 | 00,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2009/03/08 23:24:22 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/03/08 23:24:21 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/03/08 23:24:17 | 00,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/08 23:24:05 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/03/08 23:23:57 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/03/08 23:23:56 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/03/08 23:23:39 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/03/08 23:19:24 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/03/08 23:19:24 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/03/08 23:19:24 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/03/08 23:19:24 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/03/08 23:19:24 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/03/08 23:19:24 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/03/08 23:19:01 | 00,001,411 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Security Configuration Wizard.lnk
[2009/03/08 23:19:01 | 00,000,099 | -HS- | M] () -- C:\Documents and Settings\All Users\Desktop\desktop.ini
[2009/03/08 23:18:51 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/03/08 23:17:12 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/03/08 23:13:30 | 00,021,160 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/03/08 23:13:11 | 00,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2009/03/08 23:13:11 | 00,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2009/03/08 23:07:37 | 00,416,044 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/08 23:07:37 | 00,366,272 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/08 23:07:37 | 00,044,504 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/08 23:03:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/08 23:03:12 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/08 22:54:48 | 00,003,376 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/08 22:43:35 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\Administrator\My Documents\desktop.ini
[2009/03/08 15:07:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\cpl.cfg
[2009/03/08 15:00:45 | 00,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/08 14:59:45 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
[2009/03/08 14:59:45 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009/03/08 14:59:45 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
< End of report >

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-05 13:28:58
Windows 5.2.3790 Service Pack 1


---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\mshta.exe[4492] @ C:\WINDOWS\system32\iphlpapi.dll [PSAPI.DLL!GetModuleBaseNameW] [76B71CB2] C:\WINDOWS\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation)
IAT C:\WINDOWS\system32\mshta.exe[4492] @ C:\WINDOWS\system32\iphlpapi.dll [PSAPI.DLL!GetModuleFileNameExW] [76B71BCD] C:\WINDOWS\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat Dfs.sys (Distributed File System Filter Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???!?!???!????2??!??????????????????\;PRN12:0\tsclient\PRN12?????!?!?!?!?!?!?????????!????????????\??!??????z?????0?@??????????????????????? ????????????????????!?!?!?!?!?!????? ??????????????????? ??????????????????? ???????????????????????!???0???????????????????????!???#???????#???#?#?"?#?#?$?$??????CSCFlags=0?MaxUses=4294967295?Path=E:\Warez?Permissions=0?Remark=?Type=0????192.168.1.254????????!???L???????\??192.168.1.254???C:\Program Files\Java\jre6\bin\jqs.exe?p\1??? ?????????????!?????!????????????~1?????????J???????????_??????????? ???????!???????????"??????????N?mp????em?????!?&???????????C???~???????????L?????s1\???????!???_??su??LegacyDriver?M????N??"???1????DLS~??? ???????m?????unp???????????!??????????????\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1\temp_00.unp??\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1\temp_00.unp??\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1\temp_00.unp??\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1\temp_00.unp??\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1\temp_00.unp??\??\C:\DOCUME~1\ADMINI~1\

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ry32l3gn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} 0 bytes
File C:\Documents and Settings\Administrator\Local Settings\Temp\2\etilqs_v2tI9lORHv4Qbm32AtAI 0 bytes

---- EOF - GMER 1.0.15 ----

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:38 AM

Posted 06 April 2009 - 04:09 PM

You had a common rootkit infection that's been going around a lot lately.

I'll be glad to take a look at your other computer also, but you need to start a new thread for it. There's just too much information that can get mixed up by combining logs from two separate computers in one thread.

Just send me a PM when you have the new topic started and posted your logs and I'll take a look at it for you.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 fuzzywz

fuzzywz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 06 April 2009 - 09:56 PM

Will do. Thx!

#14 fuzzywz

fuzzywz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 07 April 2009 - 09:40 AM

Unfortunately I think I've been hit again.

SYMPTOMS:
- was on the suspect website (DON'T worry not going there again) earlier; didn't d/l anything but I might have had the page opened all day
- was re-directed when I clicked on a specific link
- got blue screen with memory dump
- mdm.exe is running as a process (trojan?), which I think was deleted last time in combofix

Am I safe to proceed with combofix? Anyways here is the dds, otlist2 and GMER:-


DDS (Ver_09-03-16.01) - NTFSx86
Run by Ferlin at 8:33:45.15 on Tue 04/07/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.512.57 [GMT -6:00]

AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
AV: avast! antivirus 4.8.1335 [VPS 090407-0] *On-access scanning enabled* (Updated)
FW: BitDefender Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\iPod Access for Windows\iPAHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\SLEE503.exe
C:\Program Files\SlimServer\server\slim.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IPMonitor\IPMonitor.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Ferlin\Desktop\dds.PIF

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mSearch Bar =
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [IP Monitor] c:\program files\ipmonitor\IPMonitor.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [CTStartup] c:\program files\creative\sbaudigy\program\CTEaxSpl.EXE /run
mRun: [WINDVDPatch] CTHELPER.EXE
mRun: [UpdReg] c:\windows\Updreg.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [POINTER] c:\program files\microsoft hardware\mouse\point32.exe
mRun: [Palm MulitUser Config] c:\program files\palm\Configtool.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [IntelliType] "c:\program files\microsoft hardware\keyboard\type32.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [Jet Detection] c:\program files\creative\sbaudigy\program\ADGJDet.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [EPSON Stylus Photo RX500] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB002" /M "Stylus Photo RX500"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Malwarebytes Piracy] "c:\program files\malwarebytes' anti-malware\mbam.exe" /piracy
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [SSS6_Suite] "c:\program files\steganos security suite 6\sss.exe" /booting
dRun: [SSS6_SAFE] "c:\program files\steganos security suite 6\safe.exe" /booting
dRun: [SSS6_SPM] "c:\program files\steganos security suite 6\spm.exe" /booting
dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quickenw\bagent.exe
uPolicies-explorer: <NO NAME> =
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download with GetRight - c:\program files\getright\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\getright\GRbrowse.htm
IE: Send To &Bluetooth - c:\program files\iogear\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\iogear\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\MSMSGS.EXE
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15009/CTSUEng.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {33363249-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/i263_32.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20021017/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} - hxxp://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://207.188.7.150/26bbe1d0a90c56503b03/netzip/RdxIE601.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186420284296
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186420268609
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxp://transfers.one.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - hxxp://toolbar.google.com/data/GoogleActivate.cab
DPF: {99888952-AC62-437C-AFC6-7B5CF05A7F2F} - hxxp://download.ourgame.com/IEDown.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37967.9649768519
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?316
DPF: {EF58E341-49C3-4156-A3C4-5FFCA7C1EAB7} - hxxp://www.euras.com/euras/router.CAB
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15009/CTPID.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ferlin\applic~1\mozilla\firefox\profiles\unvsj5yk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll

============= SERVICES / DRIVERS ===============

R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [2004-5-15 140800]
R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [2004-5-15 5504]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-1 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-1 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-4-1 138680]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
R2 nvTUNEP;nVidia WDM TVTuner;c:\windows\system32\drivers\NVTUNEP.SYS [2002-10-10 16064]
R2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\drivers\NVTVSND.SYS [2002-10-10 14048]
R2 SLEE_503_DRIVER;Steganos Live Encryption Engine (Version 503) [Driver];c:\windows\system32\drivers\slee503.sys [2002-11-28 84736]
R2 VPCAppSv;Virtual PC Application Services;c:\windows\system32\drivers\vpcappsv.sys [2003-3-14 10374]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-4-1 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-4-1 352920]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-1-6 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-1-6 8320]
S3 pohci13F;pohci13F;\??\c:\docume~1\ferlin\locals~1\temp\pohci13f.sys --> c:\docume~1\ferlin\locals~1\temp\pohci13F.sys [?]
S3 UBFWNet;Unibrain 1394 FireNet Adapter NT Driver;c:\windows\system32\drivers\ubfwnet.sys [2002-10-11 32016]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [2002-10-10 72576]

=============== Created Last 30 ================

2009-04-05 18:24 7,139 a------- C:\bookmarks.html
2009-04-05 10:16 <DIR> --d----- C:\Combo-Fix
2009-04-04 10:47 <DIR> a-dshr-- C:\cmdcons
2009-04-04 10:45 73,728 a------- C:\pv.exe
2009-04-01 23:00 <DIR> --d----- C:\HJT
2009-04-01 21:15 <DIR> --d----- c:\program files\CCleaner
2009-04-01 20:48 563 a------- c:\windows\system32\BDUpdateV1.xml
2009-04-01 20:16 81,984 a------- c:\windows\system32\bdod.bin
2009-03-26 23:12 850 a------- c:\windows\system32\ProductTweaks.xml
2009-03-26 23:12 385 a------- c:\windows\system32\user_gensett.xml
2009-03-26 22:57 <DIR> --d----- c:\windows\system32\logs
2009-03-26 22:56 <DIR> --d----- c:\program files\BitDefender
2009-03-26 22:49 <DIR> --d----- c:\program files\common files\BitDefender

==================== Find3M ====================

2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2007-01-12 22:45 87,608 a------- c:\docume~1\ferlin\applic~1\ezpinst.exe
2007-01-12 22:45 47,360 a------- c:\docume~1\ferlin\applic~1\pcouffin.sys
2006-05-14 10:00 24,192 a------- c:\documents and settings\ferlin\usbsermptxp.sys
2006-05-14 10:00 22,768 a------- c:\documents and settings\ferlin\usbsermpt.sys
2005-05-04 21:23 1,806 a---h--- c:\documents and settings\ferlin\hpothb07.dat
2003-04-26 18:53 30,696 a------- c:\docume~1\ferlin\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 8:34:48.73 ===============

Attached Files



#15 fuzzywz

fuzzywz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 07 April 2009 - 09:42 AM

OTLIST2:

OTListIt logfile created on: 4/6/2009 9:07:26 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.9.1 Folder = C:\Documents and Settings\Ferlin\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.53 Mb Total Physical Memory | 176.69 Mb Available Physical Memory | 34.54% Memory free
1.22 Gb Paging File | 0.74 Gb Available in Paging File | 60.42% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 38.57 Gb Free Space | 51.76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 97.65 Gb Total Space | 8.19 Gb Free Space | 8.38% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 566.77 Gb Free Space | 60.84% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive T: | 149.05 Gb Total Space | 4.20 Gb Free Space | 2.82% Space Free | Partition Type: NTFS

Computer Name: KANGFERLIN
Current User Name: Ferlin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/02/05 14:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/05 14:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE
PRC - [2007/11/14 22:46:00 | 00,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe
PRC - [2008/10/28 17:42:30 | 00,156,968 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2004/08/04 01:56:52 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2007/04/05 22:35:40 | 01,543,614 | ---- | M] () -- C:\Program Files\iPod Access for Windows\iPAHelper.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2002/10/19 09:50:07 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2003/07/28 16:19:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2003/12/11 04:09:34 | 00,046,592 | R--- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\wdsvc.exe
PRC - [2002/11/28 12:10:04 | 00,040,960 | ---- | M] () -- C:\WINDOWS\System32\SLEE503.exe
PRC - [2004/11/15 13:05:24 | 04,251,711 | ---- | M] () -- C:\Program Files\SlimServer\server\slim.exe
PRC - [2005/05/07 01:46:25 | 00,126,976 | ---- | M] () -- C:\WINDOWS\System32\UAService7.exe
PRC - [2004/08/04 01:56:50 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/02/05 14:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/05 14:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2004/08/04 01:56:58 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2003/10/06 15:57:32 | 00,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
PRC - [2002/03/21 22:41:56 | 00,094,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
PRC - [2008/04/23 02:08:13 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
PRC - [2003/06/02 03:00:00 | 00,099,840 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
PRC - [2008/11/20 14:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/10/28 17:42:12 | 00,181,544 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
PRC - [2009/02/05 14:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2004/12/02 17:44:34 | 00,492,032 | ---- | M] (Barefoot Productions, Inc.) -- C:\Program Files\IPMonitor\IPMonitor.exe
PRC - [2006/06/26 16:13:40 | 01,207,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2009/03/19 00:10:40 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/06/26 16:13:24 | 00,187,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/08/03 17:04:00 | 01,345,376 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winamp.exe
PRC - [2004/08/03 23:59:42 | 00,407,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mstsc.exe
PRC - [2004/09/29 00:12:48 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2004/08/04 01:56:58 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe
PRC - [2008/08/22 23:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/04/02 20:46:24 | 00,499,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ferlin\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2005/06/28 22:55:36 | 00,069,632 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/05 14:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/02/05 14:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 14:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/02/05 14:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - File not found -- -- (btwdins [Auto | Stopped])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2007/11/14 22:46:00 | 00,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize [Auto | Running])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/10/28 17:42:30 | 00,156,968 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service [Auto | Running])
SRV - [2009/03/19 00:10:39 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/04 01:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2004/08/04 01:56:52 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN [Auto | Running])
SRV - [2007/04/05 22:35:40 | 01,543,614 | ---- | M] () -- C:\Program Files\iPod Access for Windows\iPAHelper.exe -- (iPAHelper.exe [Auto | Running])
SRV - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2002/10/19 09:50:07 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
SRV - File not found -- -- (MySql [Auto | Stopped])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 16:19:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2002/03/15 14:37:46 | 00,081,920 | R--- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2003/12/11 04:09:34 | 00,046,592 | R--- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\wdsvc.exe -- (RetroWDSvc [Auto | Running])
SRV - [2008/11/11 10:38:06 | 00,620,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2002/11/28 12:10:04 | 00,040,960 | ---- | M] () -- C:\WINDOWS\System32\SLEE503.exe -- (SLEE_503_SERVICE [Auto | Running])
SRV - [2004/11/15 13:05:24 | 04,251,711 | ---- | M] () -- C:\Program Files\SlimServer\server\slim.exe -- (slimsvc [Auto | Running])
SRV - [2004/08/04 01:56:52 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (SMTPSVC [Auto | Running])
SRV - [2002/12/24 12:01:22 | 00,065,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
SRV - [2004/09/22 19:46:10 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
SRV - [2005/05/07 01:46:25 | 00,126,976 | ---- | M] () -- C:\WINDOWS\System32\UAService7.exe -- (UserAccess7 [Auto | Running])
SRV - [2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [1998/06/06 01:00:00 | 00,034,036 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe -- (Visual Studio Analyzer RPC bridge [On_Demand | Stopped])
SRV - [2004/08/04 01:56:52 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2009/02/05 14:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2004/10/07 19:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K [System | Running])
DRV - [1997/04/22 10:16:00 | 00,006,272 | ---- | M] () -- C:\WINDOWS\system32\drivers\aslm75.sys -- (aslm75 [Auto | Running])
DRV - [2005/11/20 23:48:20 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Auto | Running])
DRV - [2009/02/05 14:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/02/05 14:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/02/05 14:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/02/05 14:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/02/05 14:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2003/08/14 12:22:44 | 00,051,848 | ---- | M] (WIDCOMM, Inc.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
DRV - [2004/06/25 18:13:42 | 00,818,816 | ---- | M] (C-Media Inc) -- C:\WINDOWS\system32\drivers\cmuda.sys -- (cmuda [On_Demand | Stopped])
DRV - [2003/10/21 18:22:18 | 00,645,360 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
DRV - [2003/10/08 11:06:04 | 00,366,160 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
DRV - [2003/10/14 12:17:56 | 00,332,800 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
DRV - [2003/10/08 11:08:12 | 00,006,096 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
DRV - [2003/10/08 11:09:10 | 00,130,288 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2006/01/30 03:00:00 | 00,321,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2003/10/13 18:42:12 | 00,145,488 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
DRV - [2004/08/04 02:05:44 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/03/24 20:42:07 | 00,005,248 | ---- | M] () -- C:\WINDOWS\System32\giveio.sys -- (giveio [On_Demand | Stopped])
DRV - [2003/10/21 18:26:08 | 00,904,496 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
DRV - [2003/10/21 18:23:44 | 00,148,432 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\hap16v2k.sys -- (hap16v2k [On_Demand | Stopped])
DRV - [2002/02/15 12:26:22 | 00,050,960 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2002/03/21 11:37:52 | 00,016,112 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2002/03/08 04:49:26 | 00,022,512 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2002/04/11 12:47:52 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\IPFilter.sys -- (IPFilter [On_Demand | Stopped])
DRV - [2003/06/05 20:34:17 | 00,028,276 | ---- | M] (MusicMatch, Inc.) -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k [On_Demand | Running])
DRV - [2008/09/15 08:56:24 | 00,017,664 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])
DRV - [2008/09/15 08:56:24 | 00,022,016 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])
DRV - [2008/02/01 16:17:12 | 00,138,112 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu [On_Demand | Stopped])
DRV - [2008/02/01 16:17:06 | 00,008,320 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc [On_Demand | Stopped])
DRV - [2003/07/28 16:19:00 | 01,341,339 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2002/06/06 20:12:00 | 00,106,012 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvcap.sys -- (nvcap [Auto | Running])
DRV - [2002/06/06 20:12:00 | 00,016,064 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvtunep.sys -- (nvTUNEP [Auto | Running])
DRV - [2002/06/06 20:12:00 | 00,014,048 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvtvsnd.sys -- (nvtvSND [Auto | Running])
DRV - [2002/06/06 20:12:00 | 00,010,398 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVxbar.sys -- (NVXBAR [Auto | Stopped])
DRV - [2003/10/08 11:06:50 | 00,178,672 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2003/04/08 15:14:50 | 00,038,656 | ---- | M] (Motorola Inc) -- C:\WINDOWS\System32\DRIVERS\P2k.sys -- (P2k [On_Demand | Stopped])
DRV - [2003/06/11 18:30:02 | 00,016,772 | R--- | M] (Palm, Inc.) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Stopped])
DRV - [2008/08/26 10:26:12 | 00,018,816 | ---- | M] (Nokia) -- C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])
DRV - [2007/01/12 22:45:03 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
DRV - [2002/01/17 15:23:44 | 00,013,924 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2003/03/05 16:07:46 | 00,015,840 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\PfModNT.sys -- (PfModNT [Auto | Running])
DRV - [2003/07/01 15:56:32 | 00,015,401 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\pivot.sys -- (pivot [System | Running])
DRV - [2003/07/01 15:56:32 | 00,009,260 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou [On_Demand | Stopped])
DRV - [2001/08/23 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/07 17:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/23 06:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2007/01/20 01:11:07 | 00,031,644 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2004/07/17 12:36:38 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2002/07/16 22:25:18 | 00,028,160 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
DRV - [2002/06/28 09:15:14 | 00,005,888 | R--- | M] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\DRIVERS\siside.sys -- (SiSide [Boot | Running])
DRV - [2002/04/15 18:52:04 | 00,032,256 | ---- | M] (SiS Corporation) -- C:\WINDOWS\System32\DRIVERS\sisnic.sys -- (SISNIC [On_Demand | Running])
DRV - [2002/07/16 03:39:12 | 00,009,344 | R--- | M] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf [Boot | Running])
DRV - [2002/11/28 12:10:02 | 00,084,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\SLEE503.sys -- (SLEE_503_DRIVER [Auto | Running])
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2001/07/16 09:14:38 | 00,032,016 | ---- | M] (Unibrain S.A.) -- C:\WINDOWS\System32\DRIVERS\ubfwnet.sys -- (UBFWNet [On_Demand | Stopped])
DRV - [2008/09/15 08:56:24 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])
DRV - [2008/10/01 14:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2004/08/04 00:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2002/02/19 12:34:18 | 00,072,576 | R--- | M] (The LinkSys Group, Inc.) -- C:\WINDOWS\System32\DRIVERS\netusbxp.sys -- (USBNET_XP [On_Demand | Stopped])
DRV - [2004/08/04 02:05:44 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2008/09/15 08:56:34 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])
DRV - [2004/08/04 00:04:34 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
DRV - [2003/03/14 23:43:30 | 00,010,374 | ---- | M] (Connectix Corporation) -- C:\WINDOWS\System32\DRIVERS\VPCAppSv.sys -- (VPCAppSv [Auto | Running])
DRV - [2002/06/27 17:04:54 | 00,035,040 | ---- | M] (Connectix Corporation) -- C:\WINDOWS\System32\DRIVERS\VPCNetS2.sys -- (VPCNetS2 [On_Demand | Stopped])
DRV - [2004/08/04 02:05:44 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\wceusbsh.sys -- (wceusbsh [On_Demand | Stopped])
DRV - [2001/12/27 10:59:34 | 00,067,072 | ---- | M] (WIBU-SYSTEMS AG) -- C:\WINDOWS\SYSTEM32\DRIVERS\Wibukey.sys -- (WIBUKEY [Auto | Running])
DRV - [2003/12/21 17:24:22 | 00,140,800 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\xmasbus.sys -- (xmasbus [Boot | Running])
DRV - [2003/12/20 20:03:42 | 00,005,504 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\xmasscsi.sys -- (xmasscsi [Boot | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.685
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC\ [2009/01/13 00:29:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/01/14 01:01:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/02/19 11:25:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/05 18:29:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/05 18:29:07 | 00,000,000 | ---D | M]

[2009/04/05 18:29:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ferlin\Application Data\mozilla\Extensions
[2009/04/05 18:29:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ferlin\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/05 18:29:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ferlin\Application Data\mozilla\Firefox\Profiles\unvsj5yk.default\extensions
[2009/04/05 18:29:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/05 18:29:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/26 13:11:21 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/26 13:11:22 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/26 12:56:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/26 12:56:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/26 12:56:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/26 12:56:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/26 12:56:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/26 12:56:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/26 12:56:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
O4 - HKLM..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run (Creative Technology Ltd.)
O4 - HKLM..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB002" /M "Stylus Photo RX500" (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe ()
O4 - HKLM..\Run: [Malwarebytes Piracy] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /piracy File not found
O4 - HKLM..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" (Seagate LLC)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install (NVIDIA Corporation)
O4 - HKLM..\Run: [Palm MulitUser Config] C:\Program Files\Palm\Configtool.exe (Palm, Inc.)
O4 - HKLM..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [WINDVDPatch] CTHELPER.EXE (Creative Technology Ltd)
O4 - HKCU..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
O4 - HKCU..\Run: [IP Monitor] C:\Program Files\IPMonitor\IPMonitor.exe (Barefoot Productions, Inc.)
O4 - HKCU..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (Nokia)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\QUICKENW\bagent.exe (Intuit Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [Bluetooth Namespace] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15009/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/i263_32.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akamai.net/7/1540/52/200210...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab (EARTPatchX Class)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} http://207.188.7.150/26bbe1d0a90c56503b03/...ip/RdxIE601.cab (RdxIE Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1186420284296 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1186420268609 (MUWebControl Class)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} http://transfers.one.microsoft.com/FTM/Tra...ransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} http://toolbar.google.com/data/GoogleActivate.cab (Reg Error: Key error.)
O16 - DPF: {99888952-AC62-437C-AFC6-7B5CF05A7F2F} http://download.ourgame.com/IEDown.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...7967.9649768519 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?316 (QDiagHUpdateObj Class)
O16 - DPF: {EF58E341-49C3-4156-A3C4-5FFCA7C1EAB7} http://www.euras.com/euras/router.CAB (Portal.Gateway)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su/ocx/15009/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - Reg Error: Value error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx ()
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/10/10 15:26:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/04 11:40:46 | 00,000,062 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[15 C:\WINDOWS\*.tmp files]
[2009/04/05 18:38:14 | 53,644,9024 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/05 18:29:09 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/04/05 18:29:06 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/04/05 18:24:43 | 00,007,139 | ---- | C] () -- C:\bookmarks.html
[2009/04/05 10:16:08 | 00,000,000 | ---D | C] -- C:\Combo-Fix
[2009/04/05 02:36:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ferlin\Desktop\JavaRa
[2009/04/05 02:35:48 | 00,069,512 | ---- | C] () -- C:\Documents and Settings\Ferlin\Desktop\JavaRa.zip
[2009/04/05 02:31:31 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/04 10:47:35 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/04/04 10:47:28 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/04/04 10:47:19 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/04/04 10:45:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/04 10:45:09 | 00,073,728 | ---- | C] () -- C:\pv.exe
[2009/04/02 20:54:02 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Ferlin\Desktop\m9ggm7gm.exe
[2009/04/02 20:53:40 | 00,499,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ferlin\Desktop\OTListIt2.exe
[2009/04/01 23:01:41 | 00,000,469 | ---- | C] () -- C:\Documents and Settings\Ferlin\Desktop\HijackThis.lnk
[2009/04/01 23:00:07 | 00,000,000 | ---D | C] -- C:\HJT
[2009/04/01 22:58:01 | 00,318,369 | ---- | C] () -- C:\Documents and Settings\Ferlin\Desktop\HiJackThis.zip
[2009/04/01 22:41:42 | 00,360,002 | ---- | C] () -- C:\Documents and Settings\Ferlin\Desktop\dds.PIF
[2009/04/01 21:15:29 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Ferlin\Desktop\CCleaner.lnk
[2009/04/01 21:15:28 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/04/01 21:10:03 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/04/01 21:10:02 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/04/01 21:10:02 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/04/01 21:10:01 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/04/01 21:09:59 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/04/01 21:09:58 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/04/01 21:09:58 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/04/01 21:09:58 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/04/01 21:09:58 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/04/01 21:09:42 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/04/01 21:09:42 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/04/01 21:09:39 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/04/01 20:48:14 | 00,000,563 | ---- | C] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2009/04/01 20:16:41 | 00,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2009/03/31 04:03:30 | 10,082,192 | ---- | C] () -- C:\Documents and Settings\Ferlin\Desktop\Full Siteworks Binder.pdf
[2009/03/30 06:15:19 | 00,769,313 | ---- | C] () -- C:\Documents and Settings\Ferlin\Desktop\1020-S2-Foundation_Plan-1089_V1.pdf
[2009/03/30 00:01:16 | 03,933,971 | ---- | C] () -- C:\Documents and Settings\Ferlin\Desktop\Add4 - Updated Landscaping Binder.pdf
[2009/03/28 10:24:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ferlin\My Documents\Bitdefender
[2009/03/26 23:12:22 | 00,000,850 | ---- | C] () -- C:\WINDOWS\System32\ProductTweaks.xml
[2009/03/26 23:12:16 | 00,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
[2009/03/26 22:57:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\logs
[2009/03/26 22:56:07 | 00,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2009/03/26 22:55:54 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/03/26 22:49:32 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\drivers\*.tmp files]
[2 C:\WINDOWS\System32\*.tmp files]
[15 C:\WINDOWS\*.tmp files]
[2009/04/05 18:39:21 | 00,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/04/05 18:38:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/05 18:38:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/05 18:38:14 | 53,644,9024 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/05 18:37:46 | 00,000,456 | ---- | M] () -- C:\WINDOWS\System32\miniPortInfo.dat
[2009/04/05 18:29:09 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/04/05 18:14:37 | 00,032,184 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000A-00001102-00000004-00511102}.rfx
[2009/04/05 18:14:37 | 00,032,184 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000A-00001102-00000004-00511102}.rfx
[2009/04/05 18:14:37 | 00,030,660 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000A-00001102-00000004-00511102}.rfx
[2009/04/05 18:14:37 | 00,030,660 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000A-00001102-00000004-00511102}.rfx
[2009/04/05 18:14:37 | 00,002,064 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/04/05 18:14:37 | 00,002,064 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/04/05 18:14:37 | 00,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000004-00511102}.dat
[2009/04/05 18:14:37 | 00,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000A-00001102-00000004-00511102}.dat
[2009/04/05 18:13:28 | 00,003,860 | -H-- | M] () -- C:\Documents and Settings\Ferlin\My Documents\Default.rdp
[2009/04/05 10:15:39 | 03,162,278 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000004-00511102}.CDF
[2009/04/05 02:35:51 | 00,069,512 | ---- | M] () -- C:\Documents and Settings\Ferlin\Desktop\JavaRa.zip
[2009/04/04 11:29:40 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/04 10:47:35 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/04/03 20:27:00 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2009/04/03 20:01:21 | 53,650,6368 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009/04/02 20:46:37 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Ferlin\Desktop\m9ggm7gm.exe
[2009/04/02 20:46:24 | 00,499,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ferlin\Desktop\OTListIt2.exe
[2009/04/01 23:01:41 | 00,000,469 | ---- | M] () -- C:\Documents and Settings\Ferlin\Desktop\HijackThis.lnk
[2009/04/01 22:39:35 | 00,360,002 | ---- | M] () -- C:\Documents and Settings\Ferlin\Desktop\dds.PIF
[2009/04/01 21:15:29 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Ferlin\Desktop\CCleaner.lnk
[2009/04/01 21:10:03 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/04/01 21:09:58 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/04/01 21:03:44 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/01 20:49:19 | 00,000,563 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2009/04/01 19:44:45 | 00,318,369 | ---- | M] () -- C:\Documents and Settings\Ferlin\Desktop\HiJackThis.zip
[2009/04/01 08:41:29 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/30 06:42:01 | 00,769,313 | ---- | M] () -- C:\Documents and Settings\Ferlin\Desktop\1020-S2-Foundation_Plan-1089_V1.pdf
[2009/03/26 23:12:22 | 00,000,850 | ---- | M] () -- C:\WINDOWS\System32\ProductTweaks.xml
[2009/03/26 23:12:16 | 00,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
[2009/03/26 15:09:55 | 03,933,971 | ---- | M] () -- C:\Documents and Settings\Ferlin\Desktop\Add4 - Updated Landscaping Binder.pdf
[2009/03/26 12:56:22 | 00,007,139 | ---- | M] () -- C:\bookmarks.html
[2009/03/23 21:51:07 | 00,215,552 | ---- | M] () -- C:\Documents and Settings\Ferlin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/23 08:30:21 | 00,756,336 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/23 08:30:21 | 00,608,342 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/23 08:30:21 | 00,129,030 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/20 10:56:39 | 10,082,192 | ---- | M] () -- C:\Documents and Settings\Ferlin\Desktop\Full Siteworks Binder.pdf
< End of report >


GMER:-

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-07 08:22:40
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xED4B46B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xED4B4574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xED4B4A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xED4B414C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xED4B464E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xED4B408C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xED4B40F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xED4B476E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xED4B472E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xED4B48AE]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT aic78xx.sys[SCSIPORT.SYS!ScsiPortNotification] 82F92860
IAT aic78xx.sys[SCSIPORT.SYS!ScsiPortInitialize] 82F92850

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[1012] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[1012] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 82FD43E4

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \Driver\BTHUSB \Device\0000009b bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer FF63B7FC
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer FF63B7FC
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer FF63B7FC
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer FF63B7FC
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer FF63B7FC
Device \FileSystem\Cdfs \Cdfs 82B8FFAC

---- Modules - GMER 1.0.15 ----

Module _________ F84D5000-F84ED000 (98304 bytes)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272b28a8b
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272b28a8b@0021fe0e1045 0x14 0xAB 0x57 0x33 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272b28a8b@0017b02e01e2 0x12 0x3B 0xAD 0x84 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272b28a8b
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272b28a8b@0021fe0e1045 0x14 0xAB 0x57 0x33 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272b28a8b@0017b02e01e2 0x12 0x3B 0xAD 0x84 ...

---- Files - GMER 1.0.15 ----

File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP161\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-796845957-1229272821-839522115-1008 290816 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP161\snapshot\ComDb.Dat 28392 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP161\snapshot\domain.txt 40 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP161\snapshot\IISDB 237443 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP161\snapshot\Repository 0 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP161\snapshot\Repository\$WinMgmt.CFG 20 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP161\snapshot\Repository\FS 0 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP161\snapshot\Repository\FS\INDEX.BTR 1916928 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP161\snapshot\Repository\FS\INDEX.MAP 1000 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP161\snapshot\Repository\FS\MAPPING.VER 4 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP161\snapshot\Repository\FS\MAPPING1.MAP 4840 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP161\snapshot\Repository\FS\MAPPING2.MAP 4840 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP161\snapshot\Repository\FS\OBJECTS.DATA 7643136 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP161\snapshot\Repository\FS\OBJECTS.MAP 3848 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP161\snapshot\_REGISTRY_MACHINE_SAM 36864 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP161\snapshot\_REGISTRY_MACHINE_SECURITY 69632 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP161\snapshot\_REGISTRY_MACHINE_SOFTWARE 50003968 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP161\snapshot\_REGISTRY_MACHINE_SYSTEM 7614464 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP161\snapshot\_REGISTRY_USER_.DEFAULT 344064 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP161\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18 0 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP161\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19 233472 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP161\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20 233472 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP161\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-796845957-1229272821-839522115-1003 7675904 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP161\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-796845957-1229272821-839522115-1004 1363968 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP161\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-796845957-1229272821-839522115-1005 3584000 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP161\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19 8192 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP161\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20 8192 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP161\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-796845957-1229272821-839522115-1003 491520 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP161\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-796845957-1229272821-839522115-1004 262144 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP161\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-796845957-1229272821-839522115-1005 262144 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP161\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-796845957-1229272821-839522115-1008 262144 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP162\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-796845957-1229272821-839522115-1008 290816 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP162\snapshot\ComDb.Dat 28392 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP162\snapshot\domain.txt 40 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP162\snapshot\IISDB 237441 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP162\snapshot\Repository 0 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP162\snapshot\Repository\$WinMgmt.CFG 20 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP162\snapshot\Repository\FS 0 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP162\snapshot\Repository\FS\INDEX.BTR 1916928 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP162\snapshot\Repository\FS\INDEX.MAP 1000 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP162\snapshot\Repository\FS\MAPPING.VER 4 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP162\snapshot\Repository\FS\MAPPING1.MAP 4840 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP162\snapshot\Repository\FS\MAPPING2.MAP 4840 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP162\snapshot\Repository\FS\OBJECTS.DATA 7643136 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP162\snapshot\Repository\FS\OBJECTS.MAP 3848 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP162\snapshot\_REGISTRY_MACHINE_SAM 36864 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP162\snapshot\_REGISTRY_MACHINE_SECURITY 69632 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP162\snapshot\_REGISTRY_MACHINE_SOFTWARE 50003968 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP162\snapshot\_REGISTRY_MACHINE_SYSTEM 7614464 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP162\snapshot\_REGISTRY_USER_.DEFAULT 344064 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP162\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18 0 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP162\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19 233472 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP162\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20 233472 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP162\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-796845957-1229272821-839522115-1003 7659520 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP162\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-796845957-1229272821-839522115-1004 1363968 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP162\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-796845957-1229272821-839522115-1005 3584000 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP162\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19 8192 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP162\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20 8192 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP162\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-796845957-1229272821-839522115-1003 491520 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP162\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-796845957-1229272821-839522115-1004 262144 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP162\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-796845957-1229272821-839522115-1005 262144 bytes
File C:\System Volume Information\_restore{4008E855-36EA-429A-AB22-078929939BFE}\RP162\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-796845957-1229272821-839522115-1008 262144 bytes

---- EOF - GMER 1.0.15 ----




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users