Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Virtumonde, Very Possible Other Malware Also


  • This topic is locked This topic is locked
25 replies to this topic

#1 mcgi0223

mcgi0223

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 20 April 2009 - 02:35 AM

Alright, first post on this wonderful forum, and it's a bit of a toughie.

Symptoms:

- Clicking links off of Google search results redirect me to non-intended sites
- Sites related to removal of malware are "blocked" (that is, they do not load while other sites work just fine)
- As a result of the root websites being blocked, updating malware removal programs fail
- Various programs (example: 3041093486.exe, reader_s.exe) are loaded automatically
- Even though I am using firefox, instances of iexplore.exe are loaded automatically (no IE windows actually open though)
- System settings are altered. Registry editing is disabled, Folder Options does not appear in Control Panel, Hidden Folders cannot be viewed (I can resolve all of these temporarily, but the revert after a while due to the malware)

I listed this as Virtumonde due to it popping up in a Spybot scan I did, and seeing how I have been infected with it before (and realizing how tough it can be to get rid of), I felt that was the closest kind of malware seen here.

DDS LOG:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Neil McGilloway at 3:00:45.31 on Mon 04/20/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1357 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Generic\Wireless Console\wcourier.exe
C:\Program Files\GENERIC\Power4 Gear\BatteryLife.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\DOCUME~1\NEILMC~1\LOCALS~1\Temp\3041093486.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Keyboard\Keyboard Hotkey\Hotkey.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\MDM.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\Neil McGilloway\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\ntos.exe,
BHO: c:\windows\system32\yaubfh983ind.dll: {a5af42a3-94f3-42bd-f634-0604832c897d} - c:\windows\system32\yaubfh983ind.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\ahead\neroph~2\data\xtras\mssysmgr.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [Diagnostic Manager] c:\docume~1\neilmc~1\locals~1\temp\3041093486.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [HControl] c:\windows\atk0100\HControl.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Wireless Console] c:\program files\generic\wireless console\wcourier.exe
mRun: [Power_Gear] c:\program files\generic\power4 gear\BatteryLife.exe 1
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [McAfee Backup] c:\program files\mcafee\mbk\McAfeeDataBackup.exe
mRun: [MBkLogOnHook] c:\program files\mcafee\mbk\LogOnHook.exe
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
dRun: [<NO NAME>] c:\windows\temp\wcjcl8.exe
dRun: [Windows Resurections] c:\windows\temp\wcjcl8.exe
dRun: [Diagnostic Manager] c:\windows\temp\2056685782.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotkey.lnk - c:\program files\keyboard\keyboard hotkey\Hotkey.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236634939000
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: c:\windows\system32\yaubfh983ind.dll: {a5af42a3-94f3-42bd-f634-0604832c897d} - c:\windows\system32\yaubfh983ind.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli c:\windows\system32\pivehiso.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\neilmc~1\applic~1\mozilla\firefox\profiles\5cfjldav.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
FF - component: c:\documents and settings\neil mcgilloway\application data\mozilla\firefox\profiles\5cfjldav.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 R592;R592;c:\windows\system32\drivers\R592.sys [2009-3-9 57088]
R0 risdpntk;risdpntk;c:\windows\system32\drivers\risdpntk.sys [2009-3-9 27264]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-9 201320]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-3-9 359248]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 119808]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-9 45132]
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [2009-3-9 16269]
R3 ZD1211U(ASUS);ASUS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ASUS);c:\windows\system32\drivers\ZD1211U.sys [2009-3-9 274432]
S1 djg4ebc;djg4ebc;c:\windows\system32\drivers\djg4ebc.sys --> c:\windows\system32\drivers\djg4ebc.sys [?]
S1 fhra8da;fhra8da;c:\windows\system32\drivers\fhra8da.sys --> c:\windows\system32\drivers\fhra8da.sys [?]
S1 hagbfd8;hagbfd8;c:\windows\system32\drivers\hagbfd8.sys --> c:\windows\system32\drivers\hagbfd8.sys [?]
S1 ktf5cdf;ktf5cdf;c:\windows\system32\drivers\ktf5cdf.sys --> c:\windows\system32\drivers\ktf5cdf.sys [?]
S1 lmn3b08;lmn3b08;c:\windows\system32\drivers\lmn3b08.sys --> c:\windows\system32\drivers\lmn3b08.sys [?]
S1 moe351b;moe351b;c:\windows\system32\drivers\moe351b.sys --> c:\windows\system32\drivers\moe351b.sys [?]
S1 pecc2ed;pecc2ed;c:\windows\system32\drivers\pecc2ed.sys --> c:\windows\system32\drivers\pecc2ed.sys [?]
S2 0142641239930246mcinstcleanup;McAfee Application Installer Cleanup (0142641239930246);c:\windows\temp\014264~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\014264~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 DhcpSrv;Dhcp server;c:\windows\dhcp\svchost.exe --> c:\windows\dhcp\svchost.exe [?]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-3-9 79304]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-3-9 35240]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-3-9 33832]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-9 40488]
S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-3-9 695624]

=============== Created Last 30 ================

2009-04-20 01:47 15,000 a------- c:\windows\system32\yaubfh983ind.dll
2009-04-20 01:47 38 a------- C:\1A.tmp
2009-04-20 01:47 0 a------- C:\19.tmp
2009-04-20 01:47 0 a------- C:\18.tmp
2009-04-20 01:47 0 a------- C:\17.tmp
2009-04-20 01:47 0 a------- C:\16.tmp
2009-04-20 01:47 0 a------- C:\15.tmp
2009-04-20 01:47 0 a------- C:\14.tmp
2009-04-20 01:47 0 a------- C:\13.tmp
2009-04-20 01:47 0 a------- C:\D.tmp
2009-04-20 01:47 38 a------- C:\6.tmp
2009-04-20 01:46 52,736 a------- C:\5.tmp
2009-04-20 01:46 0 a------- C:\4.tmp
2009-04-20 00:36 101,196 a------- C:\MGlogs.zip
2009-04-20 00:36 <DIR> --d----- C:\MGtools
2009-04-19 20:23 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-04-19 17:52 <DIR> --d----- c:\docume~1\neilmc~1\applic~1\Malwarebytes
2009-04-19 17:52 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-19 17:52 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-19 17:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-19 17:52 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-19 17:50 1,340,797 a------- C:\MGtools.exe
2009-04-19 15:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-04-19 15:20 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-04-19 15:20 <DIR> --d----- c:\docume~1\neilmc~1\applic~1\SUPERAntiSpyware.com
2009-04-19 15:05 38 a------- C:\12.tmp
2009-04-19 15:05 0 a------- C:\11.tmp
2009-04-19 15:05 0 a------- C:\F.tmp
2009-04-19 15:05 0 a------- C:\10.tmp
2009-04-19 15:05 0 a------- C:\E.tmp
2009-04-19 15:05 0 a------- C:\C.tmp
2009-04-19 15:05 0 a------- C:\B.tmp
2009-04-19 15:05 0 a------- C:\A.tmp
2009-04-19 15:05 0 a------- C:\9.tmp
2009-04-19 15:05 38 a------- C:\8.tmp
2009-04-19 15:05 52,736 a------- C:\7.tmp
2009-04-19 14:48 <DIR> --d----- c:\windows\ERUNT
2009-04-19 14:47 <DIR> --d----- C:\SDFix
2009-04-19 14:09 <DIR> --d----- c:\program files\Trend Micro
2009-04-19 06:31 <DIR> --d----- c:\docume~1\neilmc~1\applic~1\McAfee
2009-04-19 06:03 <DIR> a-dshr-- C:\cmdcons
2009-04-19 05:52 119,296 a------- c:\windows\sed.exe
2009-04-19 05:52 409,600 a------- c:\windows\system32\CF26617.exe
2009-04-19 05:50 182,656 ac------ c:\windows\system32\dllcache\ndis.sys
2009-04-19 04:35 95 a------- c:\windows\wininit.ini
2009-04-19 03:05 0 a------- c:\windows\mqcd.dbt
2009-04-19 03:04 <DIR> --d----- c:\windows\system32\3361
2009-04-19 03:04 108,336 a------- c:\windows\system32\MSWINSCK.OCX
2009-04-19 03:04 <DIR> --d----- c:\windows\dhcp
2009-04-19 03:04 <DIR> --d----- c:\docume~1\neilmc~1\applic~1\pidle
2009-04-19 03:04 <DIR> --dshr-- c:\program files\ThunMail
2009-04-19 03:04 79,360 a------- c:\windows\system32\ashl.nq
2009-04-19 03:04 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2009-04-19 03:03 58,368 a------- c:\windows\system32\ak1.exe
2009-04-18 23:55 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-04-18 23:55 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-18 23:55 <DIR> --d----- c:\program files\iPod
2009-04-18 23:55 <DIR> --d----- c:\program files\iTunes
2009-04-18 23:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-18 23:55 <DIR> --d----- c:\program files\Bonjour
2009-04-16 23:58 <DIR> --d----- c:\program files\common files\DirectX
2009-04-15 18:44 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-15 18:44 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-15 18:44 131,072 -c------ c:\windows\system32\dllcache\services.exe
2009-04-15 18:44 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 18:44 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-15 18:44 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 18:44 248,320 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 18:44 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-15 18:44 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-15 18:43 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 18:43 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 18:43 236,032 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-14 23:21 60,032 ac------ c:\windows\system32\dllcache\usbaudio.sys
2009-04-14 23:21 60,032 a------- c:\windows\system32\drivers\USBAUDIO.sys
2009-04-14 23:21 53,760 ac------ c:\windows\system32\dllcache\vfwwdm32.dll
2009-04-14 23:21 43,008 ac------ c:\windows\system32\dllcache\ksxbar.ax
2009-04-14 23:21 53,760 a------- c:\windows\system32\vfwwdm32.dll
2009-04-14 23:21 43,008 a------- c:\windows\system32\ksxbar.ax
2009-04-14 23:21 91,136 ac------ c:\windows\system32\dllcache\kswdmcap.ax
2009-04-14 23:21 61,952 ac------ c:\windows\system32\dllcache\kstvtune.ax
2009-04-14 23:21 91,136 a------- c:\windows\system32\kswdmcap.ax
2009-04-14 23:21 61,952 a------- c:\windows\system32\kstvtune.ax
2009-04-14 23:17 78,190 a----r-- c:\windows\system32\InstMed.exe
2009-04-14 23:17 2,180,096 a------- c:\windows\system32\drivers\lvsvf2.sys
2009-04-14 23:17 372,736 a------- c:\windows\system32\LVUI2RC.dll
2009-04-14 23:17 204,800 a------- c:\windows\system32\LVUI2.dll
2009-04-14 23:17 204,800 a------- c:\windows\system32\lvcodec2.dll
2009-04-14 23:17 106,496 a------- c:\windows\system32\lvcoinst.dll
2009-04-14 23:17 22,016 a------- c:\windows\system32\drivers\LVUSBSta.sys
2009-04-14 23:17 9,255 a------- c:\windows\system32\lvcoinst.ini
2009-04-14 23:16 <DIR> --d----- c:\program files\common files\Logitech
2009-04-14 23:09 <DIR> --d----- c:\windows\system32\appmgmt
2009-04-05 16:40 <DIR> --d----- C:\AeriaGames
2009-04-03 21:17 5,174 a------- c:\windows\system32\nppt9x.vxd
2009-04-03 21:17 4,682 a------- c:\windows\system32\npptNT2.sys
2009-04-03 21:17 <DIR> --d----- c:\program files\common files\INCA Shared
2009-04-03 21:11 <DIR> --d----- C:\Nexon
2009-04-03 20:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PMB Files
2009-04-03 20:32 <DIR> --d----- c:\program files\Pando Networks
2009-03-24 18:38 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-03-23 12:00 <DIR> --d----- C:\Downloads
2009-03-21 10:06 989,696 -c------ c:\windows\system32\dllcache\kernel32.dll

==================== Find3M ====================

2009-04-20 00:15 182,656 a------- c:\windows\system32\drivers\ndis.sys
2009-04-19 03:03 578,560 a------- c:\windows\system32\user32.DLL
2009-04-19 03:02 75,776 a--sh--- c:\windows\system32\bugadepi.exe
2009-03-20 11:51 86,811 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-10 13:27 385,024 a------- c:\windows\system32\WDBtnMgr.exe
2009-03-09 19:08 5,058 a------- c:\windows\help\hhcolreg.dat
2009-03-09 17:26 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 14:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-09 14:56 67,584 a------- c:\windows\system32\ff_vfw.dll
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-06 07:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 07:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 06:39 55,808 a------- c:\windows\system32\sc.exe
2009-02-06 06:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 15:59 56,832 a------- c:\windows\system32\secur32.dll
1998-12-08 22:53 186,368 a------- c:\program files\common files\IRAREG.DLL
1998-12-08 22:53 99,840 a------- c:\program files\common files\IRAABOUT.DLL
1998-12-08 22:53 70,144 a------- c:\program files\common files\IRAMDMTR.DLL
1998-12-08 22:53 48,640 a------- c:\program files\common files\IRALPTTR.DLL
1998-12-08 22:53 31,744 a------- c:\program files\common files\IRAWEBTR.DLL
1998-12-08 22:53 17,920 a------- c:\program files\common files\IRASRIAL.DLL

============= FINISH: 3:02:07.14 ===============

Attach.txt log is attached below.

Steps I've taken to try and get rid of this problem (based on advice from other forums and own experience in dealing with this stuff):

- Ran scans with the following programs: Spybot Search & Destroy, Malwarebytes' Anti-Malware, McAfee AntiVirus, SuperAntiSpyware. All gave positive hits for malware, and removed them, but infection still remains.
- Attempted to use ComboFix. I had disabled McAfee before starting this (with the Windows Recovery Console method), and it was working OK until restarting the computer. When that happened, a bunch of Mcafee notifications appeared, seemingly quarantining/eliminating parts of ComboFix (I think I may have missed disabling some aspects of McAfee). Since then, whenever I try to restart the process, I get the following message (and ComboFix is deleted right after the message is cleared):

!! ALERT !! It is NOT SAFE to continue!

The contents of the ComboFix package has been compromised.
Please download a fresh copy from:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: You may be infected with a file patching virus (Virut)


HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:32:49 AM, on 4/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Generic\Wireless Console\wcourier.exe
C:\Program Files\GENERIC\Power4 Gear\BatteryLife.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\DOCUME~1\NEILMC~1\LOCALS~1\Temp\3041093486.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Keyboard\Keyboard Hotkey\Hotkey.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\MDM.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: C:\WINDOWS\system32\yaubfh983ind.dll - {A5AF42A3-94F3-42BD-F634-0604832C897D} - C:\WINDOWS\system32\yaubfh983ind.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\Generic\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\GENERIC\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\NEILMC~1\LOCALS~1\Temp\3041093486.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\wcjcl8.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\wcjcl8.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\2056685782.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Hotkey.lnk = C:\Program Files\Keyboard\Keyboard Hotkey\Hotkey.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1236634939000
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: as3iur98wajkef3wgf3 - {A5AF42A3-94F3-42BD-F634-0604832C897D} - C:\WINDOWS\system32\yaubfh983ind.dll
O23 - Service: McAfee Application Installer Cleanup (0142641239930246) (0142641239930246mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\014264~1.EXE (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dhcp server (DhcpSrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10178 bytes


I hope that's enough information to get started with. I'm just at my wit's end on this one. Thankfully, it's not crippling my system or anything, but I imagine it could get worse if not attented to. Of course, any help ANYONE can give on this matter is greatly appreciated. Thanks!

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:51 PM

Posted 21 April 2009 - 05:20 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.

I can tell this one is going to be a struggle, but let's see what we can do.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 mcgi0223

mcgi0223
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 21 April 2009 - 05:45 PM

OK, well here are the reports:

OTListIt2:

Attached as .txt files (had to as the post is too long with them pasted here)





GMER:

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-21 18:26:09
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB8327A2D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB8327958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB832796C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB8327A41]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB8327A6D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB8327AE0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB8327AC5]
Code 898CFDF0 ZwFlushInstructionCache
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB83279D6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB8327B0A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB8327A19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB8327930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB8327944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB83279AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB8327B46]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB8327AAF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB8327A99]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB8327A57]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB8327B32]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB8327B1E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB8327996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB8327982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB8327A83]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB8327A05]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB8327AF4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB83279EC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB83279C0]
Code 8944B096 IofCallDriver
Code 8948D096 IofCompleteRequest
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 804E19BC 5 Bytes JMP 8944B09B
.text ntoskrnl.exe!IofCompleteRequest 804E1DD2 5 Bytes JMP 8948D09B
.text ntoskrnl.exe!ZwYieldExecution 80501E51 7 Bytes JMP B83279C4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80573F1D 5 Bytes JMP B8327A1D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 80574361 7 Bytes JMP B8327A9D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 80579528 5 Bytes JMP B8327A31 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 8057A29E 7 Bytes JMP B8327B4A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 8057A69E 5 Bytes JMP B8327AE4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8057BDC9 5 Bytes JMP B8327986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 8058049E 5 Bytes JMP B83279F0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80580916 7 Bytes JMP B83279DA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 80581C68 5 Bytes JMP B8327934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80581F7D 7 Bytes JMP B83279AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 80584921 7 Bytes JMP B8327A87 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80587653 5 Bytes JMP 898CFDF4
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B5EC 7 Bytes JMP B8327970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 8058CE75 5 Bytes JMP B8327A09 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80590C93 7 Bytes JMP B8327AC9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 80598444 5 Bytes JMP B8327B0E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 80598726 5 Bytes JMP B8327948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 8059B19A 7 Bytes JMP B8327A71 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 8059C6B6 7 Bytes JMP B8327A45 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B4A28 5 Bytes JMP B832795C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 80635CAF 5 Bytes JMP B832799A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 80654F9E 5 Bytes JMP B8327B22 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 80655273 7 Bytes JMP B8327AF8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 80655B40 7 Bytes JMP B8327AB3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 80655F85 7 Bytes JMP B8327A5B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8065647A 5 Bytes JMP B8327B36 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\eHome\ehSched.exe[192] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\WINDOWS\eHome\ehSched.exe[192] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\WINDOWS\eHome\ehSched.exe[192] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\WINDOWS\eHome\ehSched.exe[192] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\WINDOWS\eHome\ehSched.exe[192] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\WINDOWS\eHome\ehSched.exe[192] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[364] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[364] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[364] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[364] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[364] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[364] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\WINDOWS\system32\dllhost.exe[492] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\WINDOWS\system32\dllhost.exe[492] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\WINDOWS\system32\dllhost.exe[492] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\WINDOWS\system32\dllhost.exe[492] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\WINDOWS\system32\dllhost.exe[492] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\WINDOWS\system32\dllhost.exe[492] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\WINDOWS\system32\dllhost.exe[492] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0000
.text C:\WINDOWS\system32\dllhost.exe[492] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0F7D
.text C:\WINDOWS\system32\dllhost.exe[492] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0F98
.text C:\WINDOWS\system32\dllhost.exe[492] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0FB3
.text C:\WINDOWS\system32\dllhost.exe[492] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0070
.text C:\WINDOWS\system32\dllhost.exe[492] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A004E
.text C:\WINDOWS\system32\dllhost.exe[492] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0F51
.text C:\WINDOWS\system32\dllhost.exe[492] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0097
.text C:\WINDOWS\system32\dllhost.exe[492] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A00C5
.text C:\WINDOWS\system32\dllhost.exe[492] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A00B4
.text C:\WINDOWS\system32\dllhost.exe[492] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 001A00D6
.text C:\WINDOWS\system32\dllhost.exe[492] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 001A005F
.text C:\WINDOWS\system32\dllhost.exe[492] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 001A0011
.text C:\WINDOWS\system32\dllhost.exe[492] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 001A0F6C
.text C:\WINDOWS\system32\dllhost.exe[492] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 001A003D
.text C:\WINDOWS\system32\dllhost.exe[492] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 001A0022
.text C:\WINDOWS\system32\dllhost.exe[492] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 001A0F36
.text C:\WINDOWS\system32\dllhost.exe[492] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00280FB0
.text C:\WINDOWS\system32\dllhost.exe[492] msvcrt.dll!system 77C293C7 5 Bytes JMP 0028003B
.text C:\WINDOWS\system32\dllhost.exe[492] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00280FD2
.text C:\WINDOWS\system32\dllhost.exe[492] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00280000
.text C:\WINDOWS\system32\dllhost.exe[492] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00280FC1
.text C:\WINDOWS\system32\dllhost.exe[492] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00280FE3
.text C:\WINDOWS\system32\dllhost.exe[492] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 0029002C
.text C:\WINDOWS\system32\dllhost.exe[492] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 0029006C
.text C:\WINDOWS\system32\dllhost.exe[492] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0029001B
.text C:\WINDOWS\system32\dllhost.exe[492] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00290FEF
.text C:\WINDOWS\system32\dllhost.exe[492] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00290051
.text C:\WINDOWS\system32\dllhost.exe[492] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00290FAF
.text C:\WINDOWS\system32\dllhost.exe[492] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 0029000A
.text C:\WINDOWS\system32\dllhost.exe[492] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00290FC0
.text C:\WINDOWS\system32\dllhost.exe[492] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 0079000A
.text C:\WINDOWS\system32\nvsvc32.exe[516] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\WINDOWS\system32\nvsvc32.exe[516] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\WINDOWS\system32\nvsvc32.exe[516] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\WINDOWS\system32\nvsvc32.exe[516] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\WINDOWS\system32\nvsvc32.exe[516] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\WINDOWS\system32\nvsvc32.exe[516] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[572] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[572] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[572] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[572] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[572] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[572] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\WINDOWS\system32\svchost.exe[584] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\system32\svchost.exe[584] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A00FE5
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A00F83
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A00F94
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A00062
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A00FAF
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A00036
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A000B0
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A0009F
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A00F43
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A000E6
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00A00F32
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00A00051
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00A00FD4
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00A00F68
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00A00025
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00A0000A
.text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00A000CB
.text C:\WINDOWS\system32\svchost.exe[584] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 009F0025
.text C:\WINDOWS\system32\svchost.exe[584] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 009F0F83
.text C:\WINDOWS\system32\svchost.exe[584] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 009F0FCA
.text C:\WINDOWS\system32\svchost.exe[584] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 009F0FE5
.text C:\WINDOWS\system32\svchost.exe[584] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 009F0F94
.text C:\WINDOWS\system32\svchost.exe[584] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 009F0036
.text C:\WINDOWS\system32\svchost.exe[584] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 009F0000
.text C:\WINDOWS\system32\svchost.exe[584] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 009F0FAF
.text C:\WINDOWS\system32\svchost.exe[584] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009E0038
.text C:\WINDOWS\system32\svchost.exe[584] msvcrt.dll!system 77C293C7 5 Bytes JMP 009E0027
.text C:\WINDOWS\system32\svchost.exe[584] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009E0FB7
.text C:\WINDOWS\system32\svchost.exe[584] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009E0FE3
.text C:\WINDOWS\system32\svchost.exe[584] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009E0016
.text C:\WINDOWS\system32\svchost.exe[584] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009E0FD2
.text C:\WINDOWS\system32\svchost.exe[584] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 009C0000
.text C:\WINDOWS\system32\svchost.exe[584] WININET.dll!InternetOpenA 771C6D2A 5 Bytes JMP 009D0FE5
.text C:\WINDOWS\system32\svchost.exe[584] WININET.dll!InternetOpenUrlA 771C6FDD 3 Bytes JMP 009D0FBE
.text C:\WINDOWS\system32\svchost.exe[584] WININET.dll!InternetOpenUrlA + 4 771C6FE1 1 Byte [89]
.text C:\WINDOWS\system32\svchost.exe[584] WININET.dll!InternetOpenW 771D6CF3 5 Bytes JMP 009D0000
.text C:\WINDOWS\system32\svchost.exe[584] WININET.dll!InternetOpenUrlW 771D7304 5 Bytes JMP 009D001B
.text C:\WINDOWS\system32\svchost.exe[664] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\system32\svchost.exe[664] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.text C:\WINDOWS\system32\svchost.exe[664] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\WINDOWS\system32\svchost.exe[664] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\WINDOWS\system32\svchost.exe[664] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\WINDOWS\system32\svchost.exe[664] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\WINDOWS\system32\svchost.exe[664] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\WINDOWS\system32\svchost.exe[664] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\WINDOWS\system32\svchost.exe[664] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00CD0FEF
.text C:\WINDOWS\system32\svchost.exe[664] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00CD0082
.text C:\WINDOWS\system32\svchost.exe[664] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00CD0071
.text C:\WINDOWS\system32\svchost.exe[664] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00CD0F8D
.text C:\WINDOWS\system32\svchost.exe[664] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00CD0FA8
.text C:\WINDOWS\system32\svchost.exe[664] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00CD0FC3
.text C:\WINDOWS\system32\svchost.exe[664] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00CD0F46
.text C:\WINDOWS\system32\svchost.exe[664] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00CD0F61
.text C:\WINDOWS\system32\svchost.exe[664] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00CD00C4
.text C:\WINDOWS\system32\svchost.exe[664] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00CD00A9
.text C:\WINDOWS\system32\svchost.exe[664] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00CD0F06
.text C:\WINDOWS\system32\svchost.exe[664] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00CD004A
.text C:\WINDOWS\system32\svchost.exe[664] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00CD000A
.text C:\WINDOWS\system32\svchost.exe[664] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00CD0F7C
.text C:\WINDOWS\system32\svchost.exe[664] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00CD0FD4
.text C:\WINDOWS\system32\svchost.exe[664] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00CD0025
.text C:\WINDOWS\system32\svchost.exe[664] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00CD0F35
.text C:\WINDOWS\system32\svchost.exe[664] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00CC0040
.text C:\WINDOWS\system32\svchost.exe[664] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00CC0087
.text C:\WINDOWS\system32\svchost.exe[664] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00CC0FEF
.text C:\WINDOWS\system32\svchost.exe[664] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00CC0025
.text C:\WINDOWS\system32\svchost.exe[664] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00CC0FCA
.text C:\WINDOWS\system32\svchost.exe[664] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00CC006C
.text C:\WINDOWS\system32\svchost.exe[664] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00CC000A
.text C:\WINDOWS\system32\svchost.exe[664] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00CC005B
.text C:\WINDOWS\system32\svchost.exe[664] msvcrt.dll!_wsystem 77C2931E 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[664] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CB0022
.text C:\WINDOWS\system32\svchost.exe[664] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CB0FA1
.text C:\WINDOWS\system32\svchost.exe[664] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CB0FBC
.text C:\WINDOWS\system32\svchost.exe[664] msvcrt.dll!_open 77C2F566 3 Bytes JMP 00CB0000
.text C:\WINDOWS\system32\svchost.exe[664] msvcrt.dll!_open + 4 77C2F56A 1 Byte [89]
.text C:\WINDOWS\system32\svchost.exe[664] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CB0011
.text C:\WINDOWS\system32\svchost.exe[664] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CB0FE3
.text C:\WINDOWS\system32\svchost.exe[664] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00C80FE5
.text C:\WINDOWS\system32\svchost.exe[664] WININET.dll!InternetOpenA 771C6D2A 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\system32\svchost.exe[664] WININET.dll!InternetOpenUrlA 771C6FDD 5 Bytes JMP 00CA0FDE
.text C:\WINDOWS\system32\svchost.exe[664] WININET.dll!InternetOpenW 771D6CF3 5 Bytes JMP 00CA000A
.text C:\WINDOWS\system32\svchost.exe[664] WININET.dll!InternetOpenUrlW 771D7304 5 Bytes JMP 00CA0025
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[712] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[712] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[712] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[712] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[712] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[712] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\WINDOWS\system32\winlogon.exe[776] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\WINDOWS\system32\winlogon.exe[776] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\WINDOWS\system32\winlogon.exe[776] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\WINDOWS\system32\winlogon.exe[776] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\WINDOWS\system32\winlogon.exe[776] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\WINDOWS\system32\winlogon.exe[776] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\WINDOWS\system32\services.exe[824] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\WINDOWS\system32\services.exe[824] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\WINDOWS\system32\services.exe[824] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\WINDOWS\system32\services.exe[824] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\WINDOWS\system32\services.exe[824] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\WINDOWS\system32\services.exe[824] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A40FE5
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A40F94
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A40FA5
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A4007D
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A40FC0
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A40051
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A40F43
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A40F5E
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A40F06
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A40F17
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00A400BA
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00A40062
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00A40000
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00A40F79
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00A40036
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00A40025
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00A40F28
.text C:\WINDOWS\system32\services.exe[824] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FE0F92
.text C:\WINDOWS\system32\services.exe[824] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FE0FAD
.text C:\WINDOWS\system32\services.exe[824] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FE000C
.text C:\WINDOWS\system32\services.exe[824] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\services.exe[824] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FE001D
.text C:\WINDOWS\system32\services.exe[824] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FE0FDE
.text C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00FF0FA8
.text C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00FF0F68
.text C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00FF0FC3
.text C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00FF0FD4
.text C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00FF002F
.text C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00FF0F8D
.text C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00FF0014
.text C:\WINDOWS\system32\services.exe[824] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00FD0000
.text C:\WINDOWS\system32\lsass.exe[836] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF9474D
.text C:\WINDOWS\system32\lsass.exe[836] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF947DC
.text C:\WINDOWS\system32\lsass.exe[836] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF947E9
.text C:\WINDOWS\system32\lsass.exe[836] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FF94A63
.text C:\WINDOWS\system32\lsass.exe[836] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF947D2
.text C:\WINDOWS\system32\lsass.exe[836] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FF9482A
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00CE0FEF
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00CE0F5C
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00CE0051
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00CE0040
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00CE002F
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00CE0FA8
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00CE0098
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00CE007D
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00CE00D5
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00CE00BA
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00CE00E6
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00CE0F8D
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00CE000A
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00CE006C
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00CE0FB9
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00CE0FD4
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00CE00A9
.text C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00E1001B
.text C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00E10F8D
.text C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00E1000A
.text C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00E10FDE
.text C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00E10FA8
.text C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00E10040
.text C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00E10FEF
.text C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00E10FB9
.text C:\WINDOWS\system32\lsass.exe[836] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E00FAD
.text C:\WINDOWS\system32\lsass.exe[836] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E00FD2
.text C:\WINDOWS\system32\lsass.exe[836] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E00027
.text C:\WINDOWS\system32\lsass.exe[836] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E00000
.text C:\WINDOWS\system32\lsass.exe[836] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E00042
.text C:\WINDOWS\system32\lsass.exe[836] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E00FE3
.text C:\WINDOWS\system32\lsass.exe[836] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00CF0000
.text C:\WINDOWS\system32\svchost.exe[1004] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\system32\svchost.exe[1004] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A60FEF
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A60063
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A60F6E
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A60F7F
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A60F90
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A60FB2
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A60096
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A60085
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A60F07
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A60F18
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00A600BB
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00A60FA1
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00A60FDE
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00A60074
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00A60FC3
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00A6001E
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00A60F29
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 011B0FB9
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 011B0F8A
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 011B0FD4
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 011B000A
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 011B0047
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 011B0036
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 011B0FE5
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 011B0025
.text C:\WINDOWS\system32\svchost.exe[1004] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01090FAD
.text C:\WINDOWS\system32\svchost.exe[1004] msvcrt.dll!system 77C293C7 5 Bytes JMP 01090038
.text C:\WINDOWS\system32\svchost.exe[1004] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0109001D
.text C:\WINDOWS\system32\svchost.exe[1004] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01090FEF
.text C:\WINDOWS\system32\svchost.exe[1004] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01090FC8
.text C:\WINDOWS\system32\svchost.exe[1004] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0109000C
.text C:\WINDOWS\system32\svchost.exe[1004] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01070FEF
.text C:\WINDOWS\system32\svchost.exe[1004] WININET.dll!InternetOpenA 771C6D2A 5 Bytes JMP 01080000
.text C:\WINDOWS\system32\svchost.exe[1004] WININET.dll!InternetOpenUrlA 771C6FDD 5 Bytes JMP 01080036
.text C:\WINDOWS\system32\svchost.exe[1004] WININET.dll!InternetOpenW 771D6CF3 5 Bytes JMP 01080025
.text C:\WINDOWS\system32\svchost.exe[1004] WININET.dll!InternetOpenUrlW 771D7304 5 Bytes JMP 01080053
.text C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\system32\svchost.exe[1016] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C60FEF
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00C6009B
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00C60080
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00C60F9C
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00C60FB9
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00C6005B
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00C60F5F
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00C60F70
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00C600D3
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00C600C2
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00C60F1F
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00C60FD4
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00C60000
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00C60F8B
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00C60036
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00C60025
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00C60F44
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00C50FCA
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00C50F79
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00C50FDB
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00C50011
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00C50F94
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00C50FAF
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00C50000
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00C5002C
.text C:\WINDOWS\system32\svchost.exe[1016] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C40F9A
.text C:\WINDOWS\system32\svchost.exe[1016] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C40025
.text C:\WINDOWS\system32\svchost.exe[1016] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C40FC6
.text C:\WINDOWS\system32\svchost.exe[1016] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C40FE3
.text C:\WINDOWS\system32\svchost.exe[1016] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C40FAB
.text C:\WINDOWS\system32\svchost.exe[1016] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C40000
.text C:\WINDOWS\system32\svchost.exe[1016] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!InternetOpenA 771C6D2A 5 Bytes JMP 00C30000
.text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!InternetOpenUrlA 771C6FDD 5 Bytes JMP 00C30FBE
.text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!InternetOpenW 771D6CF3 5 Bytes JMP 00C30FDB
.text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!InternetOpenUrlW 771D7304 5 Bytes JMP 00C3001B
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1208] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1208] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1208] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1208] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1208] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1208] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0FEF
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0F47
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A003C
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0F62
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0F7F
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0FAB
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0059
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0F11
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A008F
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A0074
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 001A00AA
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 001A0F90
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 001A0FDE
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 001A0F22
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 001A0FBC
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 001A0FCD
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 001A0EF6
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] MSVCRT.dll!_wsystem 77C2931E 5 Bytes JMP 00280F86
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] MSVCRT.dll!system 77C293C7 5 Bytes JMP 0028001B
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] MSVCRT.dll!_creat 77C2D40F 5 Bytes JMP 00280FC6
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] MSVCRT.dll!_open 77C2F566 5 Bytes JMP 00280FEF
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] MSVCRT.dll!_wcreat 77C2FC9B 5 Bytes JMP 00280FAB
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] MSVCRT.dll!_wopen 77C30055 5 Bytes JMP 00280000
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00290FDB
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00290FA5
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0029002C
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 0029001B
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00290062
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00290FC0
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 0029000A
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00290047
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 003E0FEF
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] WININET.dll!InternetOpenA 771C6D2A 5 Bytes JMP 014D0FEF
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] WININET.dll!InternetOpenUrlA 771C6FDD 5 Bytes JMP 014D0014
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] WININET.dll!InternetOpenW 771D6CF3 5 Bytes JMP 014D0FDE
.text C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE[1224] WININET.dll!InternetOpenUrlW 771D7304 5 Bytes JMP 014D0FC3
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1296] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1296] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1296] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1296] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1296] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1296] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1296] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1296] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\spoolsv.exe[1340] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\WINDOWS\system32\spoolsv.exe[1340] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\WINDOWS\system32\spoolsv.exe[1340] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\WINDOWS\system32\spoolsv.exe[1340] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\WINDOWS\system32\spoolsv.exe[1340] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\WINDOWS\system32\spoolsv.exe[1340] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1424] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\Program Files\Mozilla Firefox\firefox.exe[1424] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\Program Files\Mozilla Firefox\firefox.exe[1424] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\Program Files\Mozilla Firefox\firefox.exe[1424] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\Program Files\Mozilla Firefox\firefox.exe[1424] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\Program Files\Mozilla Firefox\firefox.exe[1424] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\WINDOWS\system32\svchost.exe[1440] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\system32\svchost.exe[1440] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.text C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00930F5C
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00930051
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00930F77
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00930F94
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00930FB9
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00930F26
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00930F41
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00930EF0
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00930F0B
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00930EDF
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00930040
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00930000
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 0093006C
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00930025
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00930FD4
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00930089
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00AC0FA8
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00AC0F5A
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00AC0FB9
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00AC0FD4
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00AC0F6B
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00AC0F86
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00AC0FE5
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00AC0F97
.text C:\WINDOWS\system32\svchost.exe[1440] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00960F90
.text C:\WINDOWS\system32\svchost.exe[1440] msvcrt.dll!system 77C293C7 5 Bytes JMP 0096001B
.text C:\WINDOWS\system32\svchost.exe[1440] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00960000
.text C:\WINDOWS\system32\svchost.exe[1440] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00960FE3
.text C:\WINDOWS\system32\svchost.exe[1440] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00960FAB
.text C:\WINDOWS\system32\svchost.exe[1440] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00960FC6
.text C:\WINDOWS\system32\svchost.exe[1440] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00940000
.text C:\WINDOWS\system32\svchost.exe[1440] WININET.dll!InternetOpenA 771C6D2A 5 Bytes JMP 00950000
.text C:\WINDOWS\system32\svchost.exe[1440] WININET.dll!InternetOpenUrlA 771C6FDD 5 Bytes JMP 00950FBE
.text C:\WINDOWS\system32\svchost.exe[1440] WININET.dll!InternetOpenW 771D6CF3 5 Bytes JMP 00950FDB
.text C:\WINDOWS\system32\svchost.exe[1440] WININET.dll!InternetOpenUrlW 771D7304 5 Bytes JMP 0095001B
.text C:\Program Files\Microsoft Office\Office\1033\wfxmsrvr.exe[1468] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\Program Files\Microsoft Office\Office\1033\wfxmsrvr.exe[1468] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\Program Files\Microsoft Office\Office\1033\wfxmsrvr.exe[1468] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\Program Files\Microsoft Office\Office\1033\wfxmsrvr.exe[1468] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\Program Files\Microsoft Office\Office\1033\wfxmsrvr.exe[1468] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\Program Files\Microsoft Office\Office\1033\wfxmsrvr.exe[1468] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\WINDOWS\ehome\ehtray.exe[1520] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\WINDOWS\ehome\ehtray.exe[1520] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\WINDOWS\ehome\ehtray.exe[1520] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\WINDOWS\ehome\ehtray.exe[1520] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\WINDOWS\ehome\ehtray.exe[1520] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\WINDOWS\ehome\ehtray.exe[1520] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\Program Files\McAfee\VirusScan\McShield.exe[1524] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\Program Files\McAfee\VirusScan\McShield.exe[1524] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\Program Files\McAfee\VirusScan\McShield.exe[1524] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\Program Files\McAfee\VirusScan\McShield.exe[1524] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\Program Files\McAfee\VirusScan\McShield.exe[1524] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\Program Files\McAfee\VirusScan\McShield.exe[1524] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\PROGRA~1\MICROS~2\Office\1033\OLFMOD32.EXE[1648] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\PROGRA~1\MICROS~2\Office\1033\OLFMOD32.EXE[1648] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\PROGRA~1\MICROS~2\Office\1033\OLFMOD32.EXE[1648] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\PROGRA~1\MICROS~2\Office\1033\OLFMOD32.EXE[1648] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\PROGRA~1\MICROS~2\Office\1033\OLFMOD32.EXE[1648] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\PROGRA~1\MICROS~2\Office\1033\OLFMOD32.EXE[1648] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1672] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1672] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1672] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1672] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1672] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1672] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\WINDOWS\System32\svchost.exe[1704] C:\WINDOWS\System32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\System32\svchost.exe[1704] C:\WINDOWS\System32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.text C:\WINDOWS\System32\svchost.exe[1704] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\WINDOWS\System32\svchost.exe[1704] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\WINDOWS\System32\svchost.exe[1704] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\WINDOWS\System32\svchost.exe[1704] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\WINDOWS\System32\svchost.exe[1704] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\WINDOWS\System32\svchost.exe[1704] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02E2000A
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 02E200A2
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 02E20087
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 02E20FAD
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02E20076
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 02E2005B
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 02E200E4
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 02E20F9C
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 02E20F66
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 02E20F77
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 02E20110
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 02E20FD4
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 02E2001B
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 02E200BD
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 02E2004A
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 02E20FEF
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 02E200F5
.text C:\WINDOWS\System32\svchost.exe[1704] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 025A0047
.text C:\WINDOWS\System32\svchost.exe[1704] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 025A0087
.text C:\WINDOWS\System32\svchost.exe[1704] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 025A002C
.text C:\WINDOWS\System32\svchost.exe[1704] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 025A001B
.text C:\WINDOWS\System32\svchost.exe[1704] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 025A0FC0
.text C:\WINDOWS\System32\svchost.exe[1704] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 025A0062
.text C:\WINDOWS\System32\svchost.exe[1704] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 025A0000
.text C:\WINDOWS\System32\svchost.exe[1704] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 025A0FDB
.text C:\WINDOWS\System32\svchost.exe[1704] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01570F7A
.text C:\WINDOWS\System32\svchost.exe[1704] msvcrt.dll!system 77C293C7 5 Bytes JMP 01570F95
.text C:\WINDOWS\System32\svchost.exe[1704] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01570FB7
.text C:\WINDOWS\System32\svchost.exe[1704] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01570FEF
.text C:\WINDOWS\System32\svchost.exe[1704] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01570FA6
.text C:\WINDOWS\System32\svchost.exe[1704] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01570FDE
.text C:\WINDOWS\System32\svchost.exe[1704] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 02590FE5
.text C:\WINDOWS\System32\svchost.exe[1704] WININET.dll!InternetOpenA 771C6D2A 5 Bytes JMP 01550FEF
.text C:\WINDOWS\System32\svchost.exe[1704] WININET.dll!InternetOpenUrlA 771C6FDD 5 Bytes JMP 0155000A
.text C:\WINDOWS\System32\svchost.exe[1704] WININET.dll!InternetOpenW 771D6CF3 5 Bytes JMP 01550FDE
.text C:\WINDOWS\System32\svchost.exe[1704] WININET.dll!InternetOpenUrlW 771D7304 5 Bytes JMP 01550FB7
.text C:\Program Files\Bonjour\mDNSResponder.exe[1748] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\Program Files\Bonjour\mDNSResponder.exe[1748] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\Program Files\Bonjour\mDNSResponder.exe[1748] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\Program Files\Bonjour\mDNSResponder.exe[1748] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\Program Files\Bonjour\mDNSResponder.exe[1748] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\Program Files\Bonjour\mDNSResponder.exe[1748] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\WINDOWS\system32\svchost.exe[1772] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\system32\svchost.exe[1772] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.text C:\WINDOWS\system32\svchost.exe[1772] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\WINDOWS\system32\svchost.exe[1772] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\WINDOWS\system32\svchost.exe[1772] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\WINDOWS\system32\svchost.exe[1772] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\WINDOWS\system32\svchost.exe[1772] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\WINDOWS\system32\svchost.exe[1772] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\WINDOWS\system32\svchost.exe[1772] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008B0FE5
.text C:\WINDOWS\system32\svchost.exe[1772] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008B0F4B
.text C:\WINDOWS\system32\svchost.exe[1772] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008B0040
.text C:\WINDOWS\system32\svchost.exe[1772] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008B0025
.text C:\WINDOWS\system32\svchost.exe[1772] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008B0F68
.text C:\WINDOWS\system32\svchost.exe[1772] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008B0F83
.text C:\WINDOWS\system32\svchost.exe[1772] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008B0089
.text C:\WINDOWS\system32\svchost.exe[1772] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008B006C
.text C:\WINDOWS\system32\svchost.exe[1772] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008B0F01
.text C:\WINDOWS\system32\svchost.exe[1772] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008B0F1C
.text C:\WINDOWS\system32\svchost.exe[1772] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 008B00B5
.text C:\WINDOWS\system32\svchost.exe[1772] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 008B000A
.text C:\WINDOWS\system32\svchost.exe[1772] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 008B0FD4
.text C:\WINDOWS\system32\svchost.exe[1772] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 008B005B
.text C:\WINDOWS\system32\svchost.exe[1772] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 008B0F9E
.text C:\WINDOWS\system32\svchost.exe[1772] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 008B0FAF
.text C:\WINDOWS\system32\svchost.exe[1772] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 008B009A
.text C:\WINDOWS\system32\svchost.exe[1772] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 008A0FC7
.text C:\WINDOWS\system32\svchost.exe[1772] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 008A005B
.text C:\WINDOWS\system32\svchost.exe[1772] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 008A0022
.text C:\WINDOWS\system32\svchost.exe[1772] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 008A0011
.text C:\WINDOWS\system32\svchost.exe[1772] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 008A0F94
.text C:\WINDOWS\system32\svchost.exe[1772] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 008A0FA5
.text C:\WINDOWS\system32\svchost.exe[1772] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 008A0000
.text C:\WINDOWS\system32\svchost.exe[1772] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 008A0FB6
.text C:\WINDOWS\system32\svchost.exe[1772] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00890FAD
.text C:\WINDOWS\system32\svchost.exe[1772] msvcrt.dll!system 77C293C7 5 Bytes JMP 0089002E
.text C:\WINDOWS\system32\svchost.exe[1772] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00890FE3
.text C:\WINDOWS\system32\svchost.exe[1772] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00890000
.text C:\WINDOWS\system32\svchost.exe[1772] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00890FC8
.text C:\WINDOWS\system32\svchost.exe[1772] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0089001D
.text C:\WINDOWS\system32\svchost.exe[1772] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00870FEF
.text C:\WINDOWS\system32\svchost.exe[1772] WININET.dll!InternetOpenA 771C6D2A 5 Bytes JMP 00880FEF
.text C:\WINDOWS\system32\svchost.exe[1772] WININET.dll!InternetOpenUrlA 771C6FDD 5 Bytes JMP 00880FC8
.text C:\WINDOWS\system32\svchost.exe[1772] WININET.dll!InternetOpenW 771D6CF3 5 Bytes JMP 0088000A
.text C:\WINDOWS\system32\svchost.exe[1772] WININET.dll!InternetOpenUrlW 771D7304 5 Bytes JMP 00880025
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1816] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1816] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1816] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1816] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1816] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1816] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\Program Files\Logitech\Video\FxSvr2.exe[1892] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\Program Files\Logitech\Video\FxSvr2.exe[1892] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\Program Files\Logitech\Video\FxSvr2.exe[1892] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\Program Files\Logitech\Video\FxSvr2.exe[1892] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\Program Files\Logitech\Video\FxSvr2.exe[1892] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\Program Files\Logitech\Video\FxSvr2.exe[1892] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\WINDOWS\system32\SearchIndexer.exe[1908] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\WINDOWS\system32\SearchIndexer.exe[1908] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\WINDOWS\system32\SearchIndexer.exe[1908] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\WINDOWS\system32\SearchIndexer.exe[1908] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\WINDOWS\system32\SearchIndexer.exe[1908] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\WINDOWS\system32\SearchIndexer.exe[1908] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\WINDOWS\system32\SearchIndexer.exe[1908] kernel32.dll!WriteFile 7C810F9F 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\eHome\ehRecvr.exe[1940] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\WINDOWS\eHome\ehRecvr.exe[1940] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\WINDOWS\eHome\ehRecvr.exe[1940] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\WINDOWS\eHome\ehRecvr.exe[1940] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\WINDOWS\eHome\ehRecvr.exe[1940] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\WINDOWS\eHome\ehRecvr.exe[1940] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\WINDOWS\Explorer.EXE[1964] Explorer.EXE 0101E26B 4 Bytes [FF, 15, 98, 10]
.text C:\WINDOWS\Explorer.EXE[1964] C:\WINDOWS\Explorer.EXE section is writeable [0x01001000, 0x44689, 0xE0000060]
.reloc C:\WINDOWS\Explorer.EXE[1964] C:\WINDOWS\Explorer.EXE section is executable [0x010FB000, 0x8800, 0xE0000040]
.text C:\WINDOWS\Explorer.EXE[1964] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\WINDOWS\Explorer.EXE[1964] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\WINDOWS\Explorer.EXE[1964] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\WINDOWS\Explorer.EXE[1964] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\WINDOWS\Explorer.EXE[1964] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\WINDOWS\Explorer.EXE[1964] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F40FE5
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00F40058
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00F40047
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F40F6D
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00F40F8A
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00F4002C
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00F40F3C
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00F40084
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00F40F21
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F400BA
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00F400D5
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00F40FA5
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00F4000A
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00F40073
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00F4001B
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00F40FCA
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00F4009F
.text C:\WINDOWS\Explorer.EXE[1964] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F20F9C
.text C:\WINDOWS\Explorer.EXE[1964] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F20FAD
.text C:\WINDOWS\Explorer.EXE[1964] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F2000C
.text C:\WINDOWS\Explorer.EXE[1964] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F20FEF
.text C:\WINDOWS\Explorer.EXE[1964] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F2001D
.text C:\WINDOWS\Explorer.EXE[1964] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F20FDE
.text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00F30033
.text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00F30F98
.text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00F30022
.text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00F30011
.text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00F3005F
.text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00F3004E
.text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00F30000
.text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00F30FC7
.text C:\WINDOWS\Explorer.EXE[1964] WININET.dll!InternetOpenA 771C6D2A 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\Explorer.EXE[1964] WININET.dll!InternetOpenUrlA 771C6FDD 5 Bytes JMP 00CF001B
.text C:\WINDOWS\Explorer.EXE[1964] WININET.dll!InternetOpenW 771D6CF3 5 Bytes JMP 00CF000A
.text C:\WINDOWS\Explorer.EXE[1964] WININET.dll!InternetOpenUrlW 771D7304 5 Bytes JMP 00CF0FC8
.text C:\WINDOWS\Explorer.EXE[1964] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00B9000A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2108] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2108] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2108] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2108] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2108] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2108] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\WINDOWS\ATK0100\HControl.exe[2152] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\WINDOWS\ATK0100\HControl.exe[2152] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\WINDOWS\ATK0100\HControl.exe[2152] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\WINDOWS\ATK0100\HControl.exe[2152] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\WINDOWS\ATK0100\HControl.exe[2152] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\WINDOWS\ATK0100\HControl.exe[2152] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2432] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2432] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2432] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2432] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2432] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2432] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2440] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2440] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2440] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2440] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2440] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2440] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\Program Files\Generic\Wireless Console\wcourier.exe[2452] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\Program Files\Generic\Wireless Console\wcourier.exe[2452] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\Program Files\Generic\Wireless Console\wcourier.exe[2452] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\Program Files\Generic\Wireless Console\wcourier.exe[2452] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\Program Files\Generic\Wireless Console\wcourier.exe[2452] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\Program Files\Generic\Wireless Console\wcourier.exe[2452] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\Documents and Settings\Neil McGilloway\Desktop\gmer\gmer.exe[2468] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\Documents and Settings\Neil McGilloway\Desktop\gmer\gmer.exe[2468] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\Documents and Settings\Neil McGilloway\Desktop\gmer\gmer.exe[2468] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\Documents and Settings\Neil McGilloway\Desktop\gmer\gmer.exe[2468] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\Documents and Settings\Neil McGilloway\Desktop\gmer\gmer.exe[2468] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\Documents and Settings\Neil McGilloway\Desktop\gmer\gmer.exe[2468] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\WINDOWS\System32\svchost.exe[2476] C:\WINDOWS\System32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\System32\svchost.exe[2476] C:\WINDOWS\System32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.text C:\WINDOWS\System32\svchost.exe[2476] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\WINDOWS\System32\svchost.exe[2476] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\WINDOWS\System32\svchost.exe[2476] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\WINDOWS\System32\svchost.exe[2476] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\WINDOWS\System32\svchost.exe[2476] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\WINDOWS\System32\svchost.exe[2476] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\WINDOWS\System32\svchost.exe[2476] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001B000A
.text C:\WINDOWS\System32\svchost.exe[2476] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001B0071
.text C:\WINDOWS\System32\svchost.exe[2476] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001B0F7C
.text C:\WINDOWS\System32\svchost.exe[2476] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001B004A
.text C:\WINDOWS\System32\svchost.exe[2476] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001B0F8D
.text C:\WINDOWS\System32\svchost.exe[2476] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001B0FA8
.text C:\WINDOWS\System32\svchost.exe[2476] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001B0F3F
.text C:\WINDOWS\System32\svchost.exe[2476] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001B0F50
.text C:\WINDOWS\System32\svchost.exe[2476] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001B00C4
.text C:\WINDOWS\System32\svchost.exe[2476] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001B00B3
.text C:\WINDOWS\System32\svchost.exe[2476] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 001B00D5
.text C:\WINDOWS\System32\svchost.exe[2476] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 001B002F
.text C:\WINDOWS\System32\svchost.exe[2476] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\System32\svchost.exe[2476] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 001B0F61
.text C:\WINDOWS\System32\svchost.exe[2476] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 001B0FB9
.text C:\WINDOWS\System32\svchost.exe[2476] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 001B0FDE
.text C:\WINDOWS\System32\svchost.exe[2476] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 001B0098
.text C:\WINDOWS\System32\svchost.exe[2476] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00290FCA
.text C:\WINDOWS\System32\svchost.exe[2476] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 0029004A
.text C:\WINDOWS\System32\svchost.exe[2476] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00290025
.text C:\WINDOWS\System32\svchost.exe[2476] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00290FEF
.text C:\WINDOWS\System32\svchost.exe[2476] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00290F8D
.text C:\WINDOWS\System32\svchost.exe[2476] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00290F9E
.text C:\WINDOWS\System32\svchost.exe[2476] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 0029000A
.text C:\WINDOWS\System32\svchost.exe[2476] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00290FB9
.text C:\WINDOWS\System32\svchost.exe[2476] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003E0FD4
.text C:\WINDOWS\System32\svchost.exe[2476] msvcrt.dll!system 77C293C7 5 Bytes JMP 003E0FEF
.text C:\WINDOWS\System32\svchost.exe[2476] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003E0044
.text C:\WINDOWS\System32\svchost.exe[2476] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003E0000
.text C:\WINDOWS\System32\svchost.exe[2476] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003E0055
.text C:\WINDOWS\System32\svchost.exe[2476] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003E0029
.text C:\WINDOWS\System32\svchost.exe[2476] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 003C0000
.text C:\WINDOWS\System32\svchost.exe[2476] WININET.dll!InternetOpenA 771C6D2A 5 Bytes JMP 006E000A
.text C:\WINDOWS\System32\svchost.exe[2476] WININET.dll!InternetOpenUrlA 771C6FDD 5 Bytes JMP 006E0036
.text C:\WINDOWS\System32\svchost.exe[2476] WININET.dll!InternetOpenW 771D6CF3 5 Bytes JMP 006E0025
.text C:\WINDOWS\System32\svchost.exe[2476] WININET.dll!InternetOpenUrlW 771D7304 5 Bytes JMP 006E0047
.text C:\Program Files\GENERIC\Power4 Gear\BatteryLife.exe[2484] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\Program Files\GENERIC\Power4 Gear\BatteryLife.exe[2484] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\Program Files\GENERIC\Power4 Gear\BatteryLife.exe[2484] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\Program Files\GENERIC\Power4 Gear\BatteryLife.exe[2484] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\Program Files\GENERIC\Power4 Gear\BatteryLife.exe[2484] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\Program Files\GENERIC\Power4 Gear\BatteryLife.exe[2484] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\WINDOWS\system32\rundll32.exe[2508] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\WINDOWS\system32\rundll32.exe[2508] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\WINDOWS\system32\rundll32.exe[2508] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\WINDOWS\system32\rundll32.exe[2508] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\WINDOWS\system32\rundll32.exe[2508] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\WINDOWS\system32\rundll32.exe[2508] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\WINDOWS\system32\WDBtnMgr.exe[2544] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\WINDOWS\system32\WDBtnMgr.exe[2544] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\WINDOWS\system32\WDBtnMgr.exe[2544] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\WINDOWS\system32\WDBtnMgr.exe[2544] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\WINDOWS\system32\WDBtnMgr.exe[2544] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\WINDOWS\system32\WDBtnMgr.exe[2544] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\WINDOWS\system32\LVCOMSX.EXE[2580] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\WINDOWS\system32\LVCOMSX.EXE[2580] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\WINDOWS\system32\LVCOMSX.EXE[2580] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\WINDOWS\system32\LVCOMSX.EXE[2580] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\WINDOWS\system32\LVCOMSX.EXE[2580] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\WINDOWS\system32\LVCOMSX.EXE[2580] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\WINDOWS\ehome\mcrdsvc.exe[2644] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\WINDOWS\ehome\mcrdsvc.exe[2644] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\WINDOWS\ehome\mcrdsvc.exe[2644] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\WINDOWS\ehome\mcrdsvc.exe[2644] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\WINDOWS\ehome\mcrdsvc.exe[2644] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\WINDOWS\ehome\mcrdsvc.exe[2644] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\Program Files\Logitech\Video\LogiTray.exe[2692] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\Program Files\Logitech\Video\LogiTray.exe[2692] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\Program Files\Logitech\Video\LogiTray.exe[2692] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\Program Files\Logitech\Video\LogiTray.exe[2692] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\Program Files\Logitech\Video\LogiTray.exe[2692] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\Program Files\Logitech\Video\LogiTray.exe[2692] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\WINDOWS\system32\taskmgr.exe[2704] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\WINDOWS\system32\taskmgr.exe[2704] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\WINDOWS\system32\taskmgr.exe[2704] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\WINDOWS\system32\taskmgr.exe[2704] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\WINDOWS\system32\taskmgr.exe[2704] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\WINDOWS\system32\taskmgr.exe[2704] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\Program Files\iTunes\iTunesHelper.exe[2720] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\Program Files\iTunes\iTunesHelper.exe[2720] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\Program Files\iTunes\iTunesHelper.exe[2720] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\Program Files\iTunes\iTunesHelper.exe[2720] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\Program Files\iTunes\iTunesHelper.exe[2720] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\Program Files\iTunes\iTunesHelper.exe[2720] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\WINDOWS\ATK0100\ATKOSD.exe[2736] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\WINDOWS\ATK0100\ATKOSD.exe[2736] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\WINDOWS\ATK0100\ATKOSD.exe[2736] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\WINDOWS\ATK0100\ATKOSD.exe[2736] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\WINDOWS\ATK0100\ATKOSD.exe[2736] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\WINDOWS\ATK0100\ATKOSD.exe[2736] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\Program Files\iPod\bin\iPodService.exe[2740] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\Program Files\iPod\bin\iPodService.exe[2740] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\Program Files\iPod\bin\iPodService.exe[2740] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\Program Files\iPod\bin\iPodService.exe[2740] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\Program Files\iPod\bin\iPodService.exe[2740] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\Program Files\iPod\bin\iPodService.exe[2740] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\WINDOWS\RTHDCPL.EXE[2984] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\WINDOWS\RTHDCPL.EXE[2984] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\WINDOWS\RTHDCPL.EXE[2984] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\WINDOWS\RTHDCPL.EXE[2984] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\WINDOWS\RTHDCPL.EXE[2984] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\WINDOWS\RTHDCPL.EXE[2984] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3036] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3036] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3036] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3036] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3036] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3036] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\WINDOWS\ALCMTR.EXE[3052] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\WINDOWS\ALCMTR.EXE[3052] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\WINDOWS\ALCMTR.EXE[3052] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\WINDOWS\ALCMTR.EXE[3052] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\WINDOWS\ALCMTR.EXE[3052] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\WINDOWS\ALCMTR.EXE[3052] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe[3072] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe[3072] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe[3072] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe[3072] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe[3072] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe[3072] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\WINDOWS\system32\ctfmon.exe[3088] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\WINDOWS\system32\ctfmon.exe[3088] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\WINDOWS\system32\ctfmon.exe[3088] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\WINDOWS\system32\ctfmon.exe[3088] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\WINDOWS\system32\ctfmon.exe[3088] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\WINDOWS\system32\ctfmon.exe[3088] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\WINDOWS\System32\alg.exe[3540] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\WINDOWS\System32\alg.exe[3540] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\WINDOWS\System32\alg.exe[3540] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\WINDOWS\System32\alg.exe[3540] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\WINDOWS\System32\alg.exe[3540] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\WINDOWS\System32\alg.exe[3540] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A
.text C:\Program Files\Keyboard\Keyboard Hotkey\Hotkey.exe[3660] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA474D
.text C:\Program Files\Keyboard\Keyboard Hotkey\Hotkey.exe[3660] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA47DC
.text C:\Program Files\Keyboard\Keyboard Hotkey\Hotkey.exe[3660] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA47E9
.text C:\Program Files\Keyboard\Keyboard Hotkey\Hotkey.exe[3660] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4A63
.text C:\Program Files\Keyboard\Keyboard Hotkey\Hotkey.exe[3660] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47D2
.text C:\Program Files\Keyboard\Keyboard Hotkey\Hotkey.exe[3660] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA482A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- Threads - GMER 1.0.15 ----

Thread System [4:648] 89383470

---- EOF - GMER 1.0.15 ----



Now, as far as what is happening...at the moment, not much at all, thankfully. Security sites are still blocked, but after taking a couple potshots at it again myself (and repairing my Windows installation, NOT formatting yet), no extra programs are showing up in task manager.

When using Spybot (the only program I can update for the time being), only Win32.Delf.uc shows up in their search. Looking through the report myself, I saw an entry for ashl.nq, which is apparently associated with some sort of Trojan. Hope that helps!

Attached Files



#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:51 PM

Posted 21 April 2009 - 06:47 PM

OTListIt logfile created on: 4/21/2009 6:28:15 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Neil McGilloway\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.46% Memory free
3.85 Gb Paging File | 3.39 Gb Available in Paging File | 88.13% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 22.24 Gb Free Space | 39.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NEIL
Current User Name: Neil McGilloway
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2004/08/10 04:04:40 | 00,215,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2004/08/10 08:00:00 | 01,052,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/08/10 04:04:42 | 00,123,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2005/06/21 00:10:30 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\McShield.exe
PRC - [2005/07/26 05:02:00 | 00,147,523 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/01/04 17:38:08 | 00,045,132 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2004/08/10 04:04:42 | 00,079,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2005/07/06 23:26:24 | 00,122,880 | R--- | M] () -- C:\WINDOWS\ATK0100\HControl.exe
PRC - [2004/12/22 02:23:00 | 00,118,874 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/12/22 02:23:00 | 00,708,698 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/07/22 15:36:52 | 00,077,824 | ---- | M] () -- C:\Program Files\Generic\Wireless Console\wcourier.exe
PRC - [2004/04/09 18:15:08 | 00,102,400 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\GENERIC\Power4 Gear\BatteryLife.exe
PRC - [2009/03/10 13:27:34 | 00,385,024 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe
PRC - [2005/07/19 17:32:18 | 00,241,664 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/08/05 13:27:08 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2005/06/08 15:14:44 | 00,237,568 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2005/04/12 11:21:00 | 14,180,864 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2005/04/11 21:10:00 | 00,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
PRC - [2005/02/25 20:28:03 | 00,233,472 | ---- | M] (Ahead Software) -- C:\Program Files\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe
PRC - [2003/02/14 15:36:10 | 00,821,248 | ---- | M] (ASUS) -- C:\Program Files\Keyboard\Keyboard Hotkey\Hotkey.exe
PRC - [2005/07/05 10:45:00 | 02,007,040 | R--- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2005/06/08 14:44:56 | 00,212,992 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2007/07/18 12:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2009/04/08 16:33:46 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2004/08/10 08:00:00 | 00,156,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe
PRC - [1998/12/16 17:09:20 | 00,077,873 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
PRC - [1998/11/11 23:26:24 | 00,497,152 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\1033\wfxmsrvr.exe
PRC - [1998/11/18 20:45:12 | 00,618,496 | ---- | M] (Microsoft) -- C:\Program Files\Microsoft Office\Office\1033\OLFMOD32.EXE
PRC - [2009/04/21 18:27:50 | 00,522,240 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Neil McGilloway\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (0142641239930246mcinstcleanup [Auto | Stopped])
SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - File not found -- -- (DhcpSrv [Auto | Stopped])
SRV - [2004/08/10 04:04:40 | 00,215,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2004/08/10 04:04:42 | 00,123,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2004/08/10 08:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2005/06/17 17:09:24 | 00,890,880 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv [Auto | Stopped])
SRV - [2005/06/17 17:09:24 | 00,890,880 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR [Auto | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2004/08/04 00:56:44 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2005/06/21 00:10:30 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2007/11/07 09:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2005/08/05 13:27:08 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\McShield.exe -- (McShield [Unknown | Running])
SRV - [2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - [2004/08/10 05:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2007/07/18 12:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [On_Demand | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - File not found -- -- (npkcmsvc [Disabled | Stopped])
SRV - [2005/07/26 05:02:00 | 00,147,523 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2004/08/10 08:00:00 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
SRV - [2007/01/04 17:38:08 | 00,045,132 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,933,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2002/09/09 20:54:06 | 00,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\ASNDIS5.SYS -- (ASNDIS5 [On_Demand | Running])
DRV - [2009/04/20 19:09:28 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\bbqa872.sys -- (bbqa872 [System | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/01/07 18:07:16 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2004/10/06 03:33:00 | 00,163,328 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Stopped])
DRV - [2004/10/06 03:31:00 | 01,036,928 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Stopped])
DRV - [2005/06/17 17:01:22 | 00,099,584 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs [Disabled | Running])
DRV - [2005/06/17 17:00:58 | 00,029,696 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\DRIVERS\InCDPass.sys -- (InCDPass [System | Running])
DRV - [2005/06/17 10:00:52 | 00,028,160 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm [System | Running])
DRV - [2005/04/15 06:05:00 | 02,564,032 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2001/08/17 13:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\irsir.sys -- (irsir [On_Demand | Running])
DRV - [2005/05/27 09:31:28 | 00,022,016 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvusbsta.sys -- (LVUSBSta [On_Demand | Stopped])
DRV - [2004/03/16 23:04:00 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2007/11/22 06:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2007/11/22 06:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2007/11/22 06:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2007/11/22 06:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2007/12/02 12:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
DRV - [2007/07/13 06:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV - [2007/08/28 05:58:00 | 00,005,760 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\ATKACPI.sys -- (MTsensor [On_Demand | Running])
DRV - [2007/08/15 07:27:18 | 00,009,600 | ---- | M] () -- C:\WINDOWS\System32\Drivers\n558.sys -- (n558 [On_Demand | Stopped])
DRV - [2005/07/26 05:02:00 | 03,211,040 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2004/08/10 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/05/12 18:54:10 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2005/05/27 09:32:52 | 01,317,152 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\LVCM.sys -- (QCMerced [On_Demand | Stopped])
DRV - [2004/07/05 17:14:58 | 00,057,088 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\R592.sys -- (R592 [Boot | Running])
DRV - [2004/09/17 01:42:54 | 00,027,264 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\risdpntk.sys -- (risdpntk [Boot | Running])
DRV - [2009/01/21 07:49:40 | 00,118,656 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2009/03/23 14:07:26 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/03/23 14:07:28 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/03/23 14:07:26 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2004/08/10 08:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/12/22 02:23:00 | 00,186,240 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2004/08/03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2004/10/06 03:32:00 | 00,702,592 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Stopped])
DRV - [2005/06/17 20:41:46 | 00,274,432 | ---- | M] (ZyDAS Technology Corporation) -- C:\WINDOWS\system32\DRIVERS\zd1211u.sys -- (ZD1211U(ASUS) [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-527237240-261903793-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-527237240-261903793-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-527237240-261903793-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKU\S-1-5-21-527237240-261903793-725345543-1003\S-1-5-21-527237240-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-527237240-261903793-725345543-1003\S-1-5-21-527237240-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.comcast.net/"
FF - prefs.js..extensions.enabledItems: {5BE976F3-7F58-45B3-93E1-77C25FDC6546}:1.0
FF - prefs.js..extensions.enabledItems: {7B330090-0791-40A1-9601-47147B327D18}:1.0
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.07
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/09 19:15:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/18 23:54:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/18 23:54:11 | 00,000,000 | ---D | M]

[2009/03/09 20:31:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Neil McGilloway\Application Data\mozilla\Extensions
[2009/03/09 20:31:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Neil McGilloway\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/21 18:21:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Neil McGilloway\Application Data\mozilla\Firefox\Profiles\5cfjldav.default\extensions
[2009/03/20 11:02:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Neil McGilloway\Application Data\mozilla\Firefox\Profiles\5cfjldav.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009/04/21 18:21:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/19 02:48:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{5BE976F3-7F58-45B3-93E1-77C25FDC6546}
[2009/04/19 15:27:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{7B330090-0791-40A1-9601-47147B327D18}
[2009/04/08 16:33:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/08 16:33:45 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/08 16:33:45 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/19 15:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/19 15:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/19 15:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/19 15:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/19 15:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/19 15:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/02/19 15:33:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (304465 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 jL.chura.pl
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10509 more lines...
O2 - BHO: (no name) - {A5AF42A3-94F3-42BD-F634-0604832C897D} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-527237240-261903793-725345543-1003\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-527237240-261903793-725345543-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install (NVIDIA Corporation)
O4 - HKLM..\Run: [Power_Gear] C:\Program Files\GENERIC\Power4 Gear\BatteryLife.exe 1 (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [servises] C:\WINDOWS\system32\servises.exe File not found
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WD Button Manager] WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [Wireless Console] C:\Program Files\Generic\Wireless Console\wcourier.exe ()
O4 - HKU\.DEFAULT..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\207721460.exe File not found
O4 - HKU\.DEFAULT..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [servises] C:\WINDOWS\system32\servises.exe File not found
O4 - HKU\.DEFAULT..\Run: [VRTF2] C:\WINDOWS\TEMP\VRTF2.exe File not found
O4 - HKU\S-1-5-18..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\207721460.exe File not found
O4 - HKU\S-1-5-18..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [servises] C:\WINDOWS\system32\servises.exe File not found
O4 - HKU\S-1-5-18..\Run: [VRTF2] C:\WINDOWS\TEMP\VRTF2.exe File not found
O4 - HKU\S-1-5-21-527237240-261903793-725345543-1003..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot (Logitech Inc.)
O4 - HKU\S-1-5-21-527237240-261903793-725345543-1003..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe (Ahead Software)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Hotkey.lnk = C:\Program Files\Keyboard\Keyboard Hotkey\Hotkey.exe (ASUS)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-527237240-261903793-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-527237240-261903793-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-527237240-261903793-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-21-527237240-261903793-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-527237240-261903793-725345543-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [Bluetooth Namespace] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-527237240-261903793-725345543-1003\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1236634939000 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/09 17:31:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[45 C:\*.tmp files]
[7 C:\WINDOWS\System32\*.tmp files]
[16 C:\WINDOWS\*.tmp files]
[2009/04/21 18:27:49 | 00,522,240 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Neil McGilloway\Desktop\OTListIt2.exe
[2009/04/21 18:02:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/04/21 12:41:09 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresja.dll
[2009/04/21 12:41:09 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresko.dll
[2009/04/21 12:41:09 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresfr.dll
[2009/04/21 12:41:08 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresde.dll
[2009/04/21 12:41:08 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehreschs.dll
[2009/04/21 12:40:51 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2009/04/21 12:40:46 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2009/04/21 12:40:42 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2009/04/21 12:40:41 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2009/04/21 12:40:41 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2009/04/21 12:40:40 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2009/04/21 12:40:40 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2009/04/21 12:40:39 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2009/04/21 12:40:38 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2009/04/21 12:40:38 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2009/04/21 12:40:37 | 00,363,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2009/04/21 12:40:37 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2009/04/21 12:40:37 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2009/04/21 12:40:37 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2009/04/21 12:40:37 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2009/04/21 12:40:37 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2009/04/21 12:40:36 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2009/04/21 12:40:36 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2009/04/21 12:40:35 | 00,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2009/04/21 12:40:35 | 00,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2009/04/21 12:40:31 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2009/04/21 12:40:31 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2009/04/21 12:40:30 | 00,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2009/04/21 12:40:28 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2009/04/21 12:40:28 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2009/04/21 12:40:27 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2009/04/21 12:40:26 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2009/04/21 12:40:26 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2009/04/21 12:40:26 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2009/04/21 12:40:26 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2009/04/21 12:40:24 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2009/04/21 12:40:23 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2009/04/21 12:40:22 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2009/04/21 12:40:22 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2009/04/21 12:40:21 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2009/04/21 12:40:20 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2009/04/21 12:40:19 | 00,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2009/04/21 12:40:19 | 00,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2009/04/21 12:40:19 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2009/04/21 12:40:19 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2009/04/21 12:40:19 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2009/04/21 12:40:19 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2009/04/21 12:40:19 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2009/04/21 12:40:18 | 00,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2009/04/21 12:40:18 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2009/04/21 12:40:17 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2009/04/21 12:40:17 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2009/04/21 12:40:17 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2009/04/21 12:40:17 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2009/04/21 12:40:17 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2009/04/21 12:40:17 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2009/04/21 12:40:17 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2009/04/21 12:40:17 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2009/04/21 12:40:17 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2009/04/21 12:40:17 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2009/04/21 12:40:16 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2009/04/21 12:40:16 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2009/04/21 12:40:16 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2009/04/21 12:40:16 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2009/04/21 12:40:16 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2009/04/21 12:40:16 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2009/04/21 12:40:14 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2009/04/21 12:40:10 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2009/04/21 12:40:09 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2009/04/21 12:40:08 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/04/21 12:40:07 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/04/21 12:40:07 | 00,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2009/04/21 12:40:07 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2009/04/21 12:40:05 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2009/04/21 12:40:05 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2009/04/21 12:40:01 | 00,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2009/04/21 12:40:00 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2009/04/21 12:39:59 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2009/04/21 12:39:59 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2009/04/21 12:39:58 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2009/04/21 12:39:58 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2009/04/21 12:39:58 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2009/04/21 12:39:58 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2009/04/21 12:39:58 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2009/04/21 12:39:57 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2009/04/21 12:39:57 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2009/04/21 12:39:57 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2009/04/21 12:39:57 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2009/04/21 12:39:57 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2009/04/21 12:39:56 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2009/04/21 12:39:56 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2009/04/21 12:39:56 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2009/04/21 12:39:56 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2009/04/21 12:39:55 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2009/04/21 12:39:52 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2009/04/21 12:39:51 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2009/04/21 12:39:50 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2009/04/21 12:39:49 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2009/04/21 12:39:46 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2009/04/21 12:39:40 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2009/04/21 12:39:40 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2009/04/21 12:39:29 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2009/04/21 12:39:29 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2009/04/21 12:39:29 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2009/04/21 12:39:29 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2009/04/21 12:39:29 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2009/04/21 12:39:28 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2009/04/21 12:39:26 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2009/04/21 12:39:26 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2009/04/21 12:39:26 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2009/04/21 12:39:26 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2009/04/21 12:39:24 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2009/04/21 12:39:24 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2009/04/21 12:39:23 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/04/21 12:39:23 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2009/04/21 12:39:23 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2009/04/21 12:39:23 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2009/04/21 12:39:22 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2009/04/21 12:39:22 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2009/04/21 12:39:22 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2009/04/21 12:39:22 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2009/04/21 12:39:22 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2009/04/21 12:39:22 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2009/04/21 12:39:22 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2009/04/21 12:39:22 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2009/04/21 12:39:22 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2009/04/21 12:39:22 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2009/04/21 12:39:21 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2009/04/21 12:39:21 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2009/04/21 12:39:21 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2009/04/21 12:39:21 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2009/04/21 12:39:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2009/04/21 12:39:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2009/04/21 12:39:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2009/04/21 12:39:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2009/04/21 12:39:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2009/04/21 12:39:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2009/04/21 12:39:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2009/04/21 12:39:20 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2009/04/21 12:39:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2009/04/21 12:39:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2009/04/21 12:39:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2009/04/21 12:39:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2009/04/21 12:39:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2009/04/21 12:39:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2009/04/21 12:39:20 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2009/04/21 12:39:20 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2009/04/21 12:39:20 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2009/04/21 12:39:19 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2009/04/21 12:39:19 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2009/04/21 12:39:19 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2009/04/21 12:39:19 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2009/04/21 12:39:19 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2009/04/21 12:39:19 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2009/04/21 12:39:18 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2009/04/21 12:39:18 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2009/04/21 12:39:18 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2009/04/21 12:39:16 | 00,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2009/04/21 12:39:16 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2009/04/21 12:39:15 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2009/04/21 12:39:15 | 00,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2009/04/21 12:39:15 | 00,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2009/04/21 12:39:15 | 00,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2009/04/21 12:39:13 | 00,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2009/04/21 12:39:12 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2009/04/21 12:39:12 | 00,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2009/04/21 12:39:12 | 00,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2009/04/21 12:39:12 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2009/04/21 12:39:12 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2009/04/21 12:39:12 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2009/04/21 12:39:11 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009/04/21 12:39:11 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2009/04/21 12:39:11 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2009/04/21 12:39:11 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2009/04/21 12:39:11 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2009/04/21 12:39:11 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2009/04/21 12:39:11 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2009/04/21 12:39:11 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2009/04/21 12:39:10 | 00,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2009/04/21 12:39:10 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2009/04/21 12:39:06 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2009/04/21 12:39:01 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2009/04/21 12:38:58 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2009/04/21 12:38:58 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2009/04/21 12:38:58 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2009/04/21 12:38:58 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2009/04/21 12:38:57 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2009/04/21 12:38:55 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2009/04/21 12:38:55 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2009/04/21 12:38:55 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2009/04/21 12:38:53 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2009/04/21 12:38:53 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2009/04/21 12:38:53 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2009/04/21 12:38:53 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2009/04/21 12:38:53 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2009/04/21 12:38:53 | 00,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2009/04/21 12:38:52 | 00,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2009/04/21 12:38:52 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2009/04/21 12:38:52 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2009/04/21 12:38:52 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2009/04/21 12:38:52 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2009/04/21 12:38:52 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2009/04/21 12:38:52 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2009/04/21 12:38:52 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2009/04/21 12:38:52 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2009/04/21 12:38:52 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2009/04/21 12:38:52 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2009/04/21 12:38:51 | 00,452,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2009/04/21 12:38:51 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2009/04/21 12:38:51 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2009/04/21 12:38:51 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2009/04/21 12:38:51 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2009/04/21 12:38:50 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2009/04/21 12:38:49 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2009/04/21 12:38:49 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2009/04/21 12:38:49 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2009/04/21 12:38:48 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2009/04/21 12:38:47 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/04/21 12:38:47 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2009/04/21 12:38:47 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2009/04/21 12:38:47 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2009/04/21 12:38:38 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2009/04/21 12:38:35 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2009/04/21 12:38:35 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2009/04/21 12:38:34 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2009/04/21 12:38:32 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2009/04/21 12:38:32 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2009/04/21 12:38:31 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2009/04/21 12:38:31 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2009/04/21 12:38:31 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/04/21 12:38:31 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2009/04/21 12:38:31 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2009/04/21 12:38:29 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2009/04/21 12:38:28 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2009/04/21 12:38:28 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/04/21 12:38:28 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2009/04/21 12:38:28 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2009/04/21 12:38:27 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009/04/21 12:38:27 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009/04/21 12:38:27 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2009/04/21 12:38:27 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2009/04/21 12:38:27 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2009/04/21 12:38:27 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009/04/21 12:38:26 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2009/04/21 12:38:26 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2009/04/21 12:38:26 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2009/04/21 12:38:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009/04/21 12:38:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2009/04/21 12:38:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2009/04/21 12:38:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2009/04/21 12:38:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2009/04/21 12:38:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2009/04/21 12:38:24 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2009/04/21 12:38:24 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2009/04/21 12:38:24 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2009/04/21 12:38:24 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2009/04/21 12:38:24 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2009/04/21 12:38:24 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2009/04/21 12:38:24 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2009/04/21 12:38:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2009/04/21 12:38:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2009/04/21 12:38:23 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009/04/21 12:38:22 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2009/04/21 12:38:22 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2009/04/21 12:38:22 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2009/04/21 12:38:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009/04/21 12:38:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009/04/21 12:38:21 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2009/04/21 12:38:21 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2009/04/21 12:38:20 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2009/04/21 12:38:19 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2009/04/21 12:38:18 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2009/04/21 12:38:18 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2009/04/21 12:38:17 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2009/04/21 12:38:17 | 00,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2009/04/21 12:38:17 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2009/04/21 12:38:17 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2009/04/21 12:38:17 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2009/04/21 12:38:16 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2009/04/21 12:38:16 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2009/04/21 12:38:16 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2009/04/21 12:38:16 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2009/04/21 12:38:16 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2009/04/21 12:38:15 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2009/04/21 12:38:14 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2009/04/21 12:38:14 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2009/04/21 12:38:14 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2009/04/21 12:38:11 | 00,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2009/04/21 12:38:11 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2009/04/21 12:38:08 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2009/04/21 12:38:08 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2009/04/21 12:38:07 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2009/04/21 12:38:06 | 00,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2009/04/21 12:38:00 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2009/04/21 12:38:00 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2009/04/21 12:38:00 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2009/04/21 12:37:59 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2009/04/21 12:37:59 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2009/04/21 12:37:59 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2009/04/21 12:37:59 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2009/04/21 12:37:59 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2009/04/21 12:37:58 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2009/04/21 12:37:58 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2009/04/21 12:37:58 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2009/04/21 12:37:58 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2009/04/21 12:37:57 | 00,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2009/04/21 12:37:57 | 00,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2009/04/21 12:37:57 | 00,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2009/04/21 12:37:57 | 00,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2009/04/21 12:37:57 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2009/04/21 12:37:56 | 00,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2009/04/21 12:37:56 | 00,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2009/04/21 12:37:56 | 00,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2009/04/21 12:37:56 | 00,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2009/04/21 12:37:56 | 00,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2009/04/21 12:37:56 | 00,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2009/04/21 12:37:55 | 00,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2009/04/21 12:37:55 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2009/04/21 12:37:55 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2009/04/21 12:37:55 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2009/04/21 12:37:55 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2009/04/21 12:37:54 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2009/04/21 12:37:54 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2009/04/21 12:37:53 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2009/04/21 12:14:20 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/04/21 11:52:12 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irftp.exe
[2009/04/21 11:52:12 | 00,087,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irda.sys
[2009/04/21 11:52:12 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshirda.dll
[2009/04/21 11:52:11 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll
[2009/04/21 11:16:24 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irsir.sys
[2009/04/21 11:04:06 | 00,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rasirda.sys
[2009/04/21 11:02:37 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2009/04/21 11:02:37 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2009/04/21 11:02:37 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2009/04/21 11:02:37 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2009/04/21 11:02:24 | 02,008,817 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2009/04/21 11:02:24 | 01,086,058 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NTPRINT.CAT
[2009/04/21 11:02:24 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/04/21 11:02:24 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/04/21 11:02:24 | 00,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2009/04/21 11:02:24 | 00,130,715 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2009/04/21 11:02:24 | 00,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2009/04/21 11:02:24 | 00,106,147 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2009/04/21 11:02:24 | 00,077,881 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plus.cat
[2009/04/21 11:02:24 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/04/21 11:02:24 | 00,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2009/04/21 11:02:24 | 00,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2009/04/21 11:02:24 | 00,017,916 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sonic.cat
[2009/04/21 11:02:24 | 00,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2009/04/21 11:02:24 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009/04/21 11:02:24 | 00,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2009/04/21 11:02:24 | 00,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2009/04/21 11:02:24 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/04/21 11:02:24 | 00,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2009/04/21 11:02:24 | 00,007,076 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/04/21 11:02:23 | 00,505,647 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2009/04/21 00:50:50 | 21,453,86496 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2009/04/20 23:08:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/04/20 21:40:29 | 00,006,921 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/04/20 19:10:36 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tcpcon.dll
[2009/04/20 19:10:36 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\Packer.dll
[2009/04/20 19:10:36 | 00,000,034 | ---- | C] () -- C:\WINDOWS\System32\tcpd.dll
[2009/04/20 19:10:36 | 00,000,009 | ---- | C] () -- C:\WINDOWS\System32\iphy.dll
[2009/04/20 19:10:36 | 00,000,003 | ---- | C] () -- C:\WINDOWS\System32\fhpatch.dll
[2009/04/20 19:10:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\fiplock.dll
[2009/04/20 19:09:28 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\bbqa872.sys
[2009/04/20 19:09:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\ak1.exe
[2009/04/20 19:08:56 | 00,040,960 | ---- | C] ( ) -- C:\WINDOWS\System32\xz.exe
[2009/04/20 19:08:53 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\hsfiun3487dll
[2009/04/20 19:08:51 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\hsf9ikmifj934g.dll
[2009/04/20 19:05:24 | 00,733,683 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2009/04/20 15:30:09 | 00,000,004 | ---- | C] () -- C:\WINDOWS\System32\_id.dat
[2009/04/20 15:23:40 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/04/20 14:58:39 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/04/20 12:32:08 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/04/20 12:20:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Desktop\HostsXpert
[2009/04/20 02:59:57 | 00,360,021 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\dds.scr
[2009/04/20 02:08:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Desktop\gmer
[2009/04/20 01:56:18 | 00,053,248 | ---- | C] (NirSoft) -- C:\WINDOWS\nircmd.exe
[2009/04/20 01:56:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Desktop\nircmd
[2009/04/20 00:36:58 | 00,101,196 | ---- | C] () -- C:\MGlogs.zip
[2009/04/20 00:36:47 | 00,000,000 | ---D | C] -- C:\MGtools
[2009/04/19 21:24:34 | 24,921,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/19 21:24:17 | 09,924,040 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Neil McGilloway\Desktop\windows-kb890830-v2.9.exe
[2009/04/19 20:25:48 | 06,043,680 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\SUPERAntiSpyware(2).exe
[2009/04/19 20:23:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/04/19 17:52:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Application Data\Malwarebytes
[2009/04/19 17:52:44 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/19 17:52:42 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/19 17:52:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/19 17:52:40 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/19 17:50:42 | 01,340,797 | ---- | C] () -- C:\MGtools.exe
[2009/04/19 17:31:13 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/04/19 15:26:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/04/19 15:21:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/04/19 15:20:44 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/04/19 15:20:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Application Data\SUPERAntiSpyware.com
[2009/04/19 14:48:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/04/19 14:47:03 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/04/19 14:09:47 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/19 13:51:54 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/19 06:31:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Application Data\McAfee
[2009/04/19 06:31:07 | 00,000,138 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\fusioncache.dat
[2009/04/19 06:03:50 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/04/19 06:01:05 | 04,608,744 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Neil McGilloway\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2009/04/19 05:52:54 | 00,130,048 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/04/19 05:52:54 | 00,119,296 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/04/19 05:52:54 | 00,100,892 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/04/19 05:52:54 | 00,088,064 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/04/19 05:52:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/19 05:52:24 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF26617.exe
[2009/04/19 04:35:59 | 00,000,095 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/19 03:05:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mqcd.dbt
[2009/04/19 03:04:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3361
[2009/04/19 03:04:40 | 00,108,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX
[2009/04/19 03:04:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\dhcp
[2009/04/19 03:04:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Application Data\pidle
[2009/04/19 03:04:11 | 00,000,000 | RHSD | C] -- C:\Program Files\ThunMail
[2009/04/19 03:04:02 | 00,079,360 | ---- | C] () -- C:\WINDOWS\System32\ashl.nq
[2009/04/18 23:56:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Application Data\Apple Computer
[2009/04/18 23:55:30 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/04/18 23:55:26 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/04/18 23:55:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/18 23:55:08 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/04/18 23:53:24 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/04/18 23:53:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/04/18 23:53:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\Apple
[2009/04/18 23:53:04 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/04/18 23:52:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/04/18 23:52:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/04/18 23:51:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\Apple Computer
[2009/04/17 11:29:58 | 10,139,5426 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Lannie_Barbie_High_Heels_Stockings.rar
[2009/04/17 11:22:15 | 20,321,6800 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\PrftMch_1_AN.avi
[2009/04/16 23:58:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DirectX
[2009/04/16 23:41:02 | 19,306,8664 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\SELU_ERNER-PM.avi
[2009/04/16 10:55:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\Logitech-LS
[2009/04/15 19:14:00 | 00,004,566 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\black dress.dat
[2009/04/15 18:43:34 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/14 23:22:27 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mstee.sys
[2009/04/14 23:22:12 | 00,019,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wstcodec.sys
[2009/04/14 23:22:08 | 00,085,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nabtsfec.sys
[2009/04/14 23:22:04 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ccdecode.sys
[2009/04/14 23:21:50 | 00,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys
[2009/04/14 23:21:32 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2009/04/14 23:21:32 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2009/04/14 23:21:31 | 00,090,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2009/04/14 23:21:31 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2009/04/14 23:17:07 | 00,078,190 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2009/04/14 23:17:00 | 00,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/04/14 23:16:59 | 01,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2009/04/14 23:16:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2009/04/14 23:16:41 | 00,029,795 | ---- | C] (Ingenient Technologies, Inc.) -- C:\WINDOWS\System32\ITIG726.acm
[2009/04/14 23:16:38 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71DEU.DLL
[2009/04/14 23:16:38 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71ITA.DLL
[2009/04/14 23:16:38 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71ESP.DLL
[2009/04/14 23:16:38 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71ENU.DLL
[2009/04/14 23:16:38 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71KOR.DLL
[2009/04/14 23:16:38 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71JPN.DLL
[2009/04/14 23:16:38 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71CHT.DLL
[2009/04/14 23:16:38 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71CHS.DLL
[2009/04/14 23:09:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/04/14 22:58:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\Downloaded Installations
[2009/04/14 22:41:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/04/14 22:39:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logishrd
[2009/04/14 22:39:41 | 00,000,000 | ---D | C] -- C:\Program Files\Logitech
[2009/04/14 22:39:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2009/04/13 17:28:48 | 19,226,8288 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\IsSo_NN2.avi
[2009/04/13 16:03:15 | 75,457,986 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\ICLdFeZa_4.zip
[2009/04/13 16:02:42 | 99,346,432 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\SimDia_TDL_ChaKRa.avi
[2009/04/13 15:50:07 | 99,920,814 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\MADESA-LERAD.avi
[2009/04/11 16:38:23 | 94,371,840 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Black_dick_in_milf.part1.rar
[2009/04/10 15:24:14 | 16,990,5184 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\tai024.part2.rar
[2009/04/10 15:07:05 | 17,091,7888 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\tai024.part1.rar
[2009/04/09 16:16:30 | 54,545,207 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\94-Teresa_Orlowski_-_Taken_By_Force_In_Toilet.rar
[2009/04/09 02:17:15 | 93,176,575 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Hot_Latina_Gives_Anal_a_Try.rar
[2009/04/09 01:45:55 | 88,744,206 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Black_Latex_Nurses_anal_bleep_orgy.WMV
[2009/04/09 01:22:25 | 14,808,3024 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Michelle-_Reds_like_it_in_the_Ass_pic.avi
[2009/04/09 01:07:53 | 85,926,068 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\CaHo_LaLi_AN.avi
[2009/04/08 21:48:15 | 16,233,1872 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\madura_anb13_1.wmv
[2009/04/08 21:10:12 | 15,212,5949 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Fusxion_Fantasies_1_Scene_3_b.wmv
[2009/04/08 20:19:21 | 10,458,5138 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\teen_glasses_s_a.rar
[2009/04/08 19:50:31 | 10,000,0000 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Dolly_Golden.part1.rar
[2009/04/08 19:16:30 | 93,956,746 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Dolly_Golden.part2.rar
[2009/04/08 18:57:40 | 76,656,640 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Blackhaired_grrrl..Kosovali.avi
[2009/04/08 18:49:06 | 13,012,1375 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\black_haired_chick_assbleeped.rar
[2009/04/08 18:26:59 | 69,494,090 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\NroFmlre_4_TS_DP.avi
[2009/04/08 18:19:33 | 10,212,5252 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Nice_Car.rar
[2009/04/08 18:02:49 | 16,375,5468 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\MarieDelvauxGravurix.avi
[2009/04/08 18:02:34 | 10,186,7590 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Coralie.rar
[2009/04/08 17:56:32 | 20,261,3858 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\mc414.rar
[2009/04/05 16:40:50 | 00,000,000 | ---D | C] -- C:\AeriaGames
[2009/04/03 21:17:38 | 00,005,174 | ---- | C] () -- C:\WINDOWS\System32\nppt9x.vxd
[2009/04/03 21:17:38 | 00,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npptNT2.sys
[2009/04/03 21:17:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2009/04/03 21:11:17 | 00,000,000 | ---D | C] -- C:\Nexon
[2009/04/03 20:32:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\PMB Files
[2009/04/03 20:32:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/04/03 20:32:26 | 00,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2009/03/30 14:46:49 | 11,270,5664 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\mc407.rar
[2009/03/30 14:39:29 | 18,894,5459 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\mc406.rar
[2009/03/27 13:30:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Desktop\christine-new-movie
[2009/03/25 13:58:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Application Data\Media Player Classic
[2009/03/24 18:38:29 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/03/24 18:38:24 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2009/03/24 18:38:24 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2009/03/24 18:38:23 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2009/03/24 18:38:23 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2009/03/24 18:38:22 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/03/24 18:38:22 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/03/24 18:38:21 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/03/24 18:38:21 | 00,684,032 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll
[2009/03/24 18:38:21 | 00,086,016 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2009/03/24 18:38:19 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/03/24 18:38:19 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/03/24 18:38:17 | 00,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll
[2009/03/24 18:38:16 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2009/03/24 18:20:09 | 17,286,5985 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Edited Sluts With Nuts 04.wmv
[2009/03/24 17:51:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Desktop\miscellany
[2009/03/24 17:23:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Application Data\WinRAR
[2009/03/24 17:18:21 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/03/23 12:03:00 | 01,610,439 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\My Documents\A3_Application_Cornelius_McGilloway.pdf
[2009/03/23 12:00:39 | 00,000,000 | ---D | C] -- C:\Downloads
[2009/03/10 13:29:44 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/09 19:09:14 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/09 19:09:12 | 00,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009/03/09 19:09:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2009/03/09 18:09:34 | 00,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/03/09 18:07:14 | 00,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/15 07:27:18 | 00,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys
[2004/08/10 08:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/10 08:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/10 08:00:00 | 00,000,802 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/10 00:11:42 | 00,185,856 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

========== Files - Modified Within 30 Days ==========

[45 C:\*.tmp files]
[7 C:\WINDOWS\System32\*.tmp files]
[16 C:\WINDOWS\*.tmp files]
[2009/04/21 18:27:50 | 00,522,240 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Neil McGilloway\Desktop\OTListIt2.exe
[2009/04/21 18:22:59 | 00,000,802 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/21 18:20:11 | 00,024,487 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/04/21 18:07:23 | 00,577,676 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/21 18:07:23 | 00,482,756 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/21 18:07:23 | 00,084,038 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/21 18:03:06 | 00,030,098 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/04/21 18:02:23 | 00,013,752 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/21 18:02:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/21 18:01:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/21 18:00:58 | 04,768,656 | -H-- | M] () -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\IconCache.db
[2009/04/21 12:42:19 | 00,000,287 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/04/21 12:17:36 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[2009/04/21 12:17:29 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/04/21 12:17:29 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/04/21 12:17:27 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/04/21 12:17:13 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/21 12:14:20 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/04/21 12:14:20 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/04/21 11:55:24 | 00,034,188 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/04/21 11:52:40 | 00,000,280 | -HS- | M] () -- C:\boot.ini
[2009/04/21 11:02:43 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/21 11:02:25 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
[2009/04/21 11:02:25 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009/04/21 10:48:24 | 00,733,683 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2009/04/21 10:46:48 | 00,006,921 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/21 10:22:15 | 00,304,465 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/04/21 10:05:06 | 00,023,832 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/21 10:02:49 | 00,000,024 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090421-102215.backup
[2009/04/21 01:07:39 | 00,130,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/21 01:07:22 | 21,453,86496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009/04/20 19:24:16 | 00,040,960 | ---- | M] ( ) -- C:\WINDOWS\System32\xz.exe
[2009/04/20 19:10:36 | 00,172,032 | ---- | M] () -- C:\WINDOWS\System32\tcpcon.dll
[2009/04/20 19:10:36 | 00,010,240 | ---- | M] () -- C:\WINDOWS\System32\Packer.dll
[2009/04/20 19:10:36 | 00,000,034 | ---- | M] () -- C:\WINDOWS\System32\tcpd.dll
[2009/04/20 19:10:36 | 00,000,009 | ---- | M] () -- C:\WINDOWS\System32\iphy.dll
[2009/04/20 19:10:36 | 00,000,003 | ---- | M] () -- C:\WINDOWS\System32\fhpatch.dll
[2009/04/20 19:10:36 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\fiplock.dll
[2009/04/20 19:09:28 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\bbqa872.sys
[2009/04/20 19:09:20 | 00,065,536 | ---- | M] () -- C:\WINDOWS\System32\ak1.exe
[2009/04/20 19:08:53 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\hsfiun3487dll
[2009/04/20 19:08:51 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\hsf9ikmifj934g.dll
[2009/04/20 15:30:19 | 00,000,004 | ---- | M] () -- C:\WINDOWS\System32\_id.dat
[2009/04/20 14:49:25 | 00,000,122 | ---- | M] () -- C:\WINDOWS\mdm.ini
[2009/04/20 02:59:57 | 00,360,021 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\dds.scr
[2009/04/20 00:40:00 | 00,101,196 | ---- | M] () -- C:\MGlogs.zip
[2009/04/19 21:24:27 | 09,924,040 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Neil McGilloway\Desktop\windows-kb890830-v2.9.exe
[2009/04/19 20:26:23 | 06,043,680 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\SUPERAntiSpyware(2).exe
[2009/04/19 17:50:43 | 01,340,797 | ---- | M] () -- C:\MGtools.exe
[2009/04/19 06:31:07 | 00,000,138 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\fusioncache.dat
[2009/04/19 06:09:11 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\zamoyoje
[2009/04/19 06:01:10 | 04,608,744 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Neil McGilloway\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2009/04/19 05:51:54 | 00,409,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF26617.exe
[2009/04/19 04:35:59 | 00,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/04/19 03:06:48 | 00,000,077 | -HS- | M] () -- C:\Documents and Settings\Neil McGilloway\My Documents\desktop.ini
[2009/04/19 03:05:02 | 00,000,000 | ---- | M] () -- C:\WINDOWS\mqcd.dbt
[2009/04/19 03:04:43 | 00,108,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX
[2009/04/19 03:04:02 | 00,079,360 | ---- | M] () -- C:\WINDOWS\System32\ashl.nq
[2009/04/19 03:02:08 | 00,075,776 | -HS- | M] () -- C:\WINDOWS\System32\bugadepi.exe
[2009/04/17 15:31:32 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/17 13:03:35 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/17 11:30:05 | 10,139,5426 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Lannie_Barbie_High_Heels_Stockings.rar
[2009/04/17 11:22:30 | 20,321,6800 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\PrftMch_1_AN.avi
[2009/04/16 23:42:21 | 19,306,8664 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\SELU_ERNER-PM.avi
[2009/04/15 19:14:00 | 00,004,566 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\black dress.dat
[2009/04/15 02:14:00 | 00,000,360 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/04/13 17:29:01 | 19,226,8288 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\IsSo_NN2.avi
[2009/04/13 16:03:24 | 75,457,986 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\ICLdFeZa_4.zip
[2009/04/13 16:02:51 | 99,346,432 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\SimDia_TDL_ChaKRa.avi
[2009/04/13 15:50:16 | 99,920,814 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\MADESA-LERAD.avi
[2009/04/11 16:38:31 | 94,371,840 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Black_dick_in_milf.part1.rar
[2009/04/10 15:41:49 | 16,990,5184 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\tai024.part2.rar
[2009/04/10 15:07:12 | 17,091,7888 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\tai024.part1.rar
[2009/04/09 16:16:33 | 54,545,207 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\94-Teresa_Orlowski_-_Taken_By_Force_In_Toilet.rar
[2009/04/09 13:25:56 | 00,312,232 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090419-034007.backup
[2009/04/09 02:17:36 | 93,176,575 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Hot_Latina_Gives_Anal_a_Try.rar
[2009/04/09 01:45:58 | 88,744,206 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Black_Latex_Nurses_anal_bleep_orgy.WMV
[2009/04/09 01:22:33 | 14,808,3024 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Michelle-_Reds_like_it_in_the_Ass_pic.avi
[2009/04/09 01:07:57 | 85,926,068 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\CaHo_LaLi_AN.avi
[2009/04/08 21:48:25 | 16,233,1872 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\madura_anb13_1.wmv
[2009/04/08 21:10:20 | 15,212,5949 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Fusxion_Fantasies_1_Scene_3_b.wmv
[2009/04/08 20:19:26 | 10,458,5138 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\teen_glasses_s_a.rar
[2009/04/08 19:50:35 | 10,000,0000 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Dolly_Golden.part1.rar
[2009/04/08 19:16:34 | 93,956,746 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Dolly_Golden.part2.rar
[2009/04/08 18:57:43 | 76,656,640 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Blackhaired_grrrl..Kosovali.avi
[2009/04/08 18:49:17 | 13,012,1375 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\black_haired_chick_assbleeped.rar
[2009/04/08 18:27:03 | 69,494,090 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\NroFmlre_4_TS_DP.avi
[2009/04/08 18:19:44 | 10,212,5252 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Nice_Car.rar
[2009/04/08 18:02:57 | 16,375,5468 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\MarieDelvauxGravurix.avi
[2009/04/08 18:02:41 | 10,186,7590 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Coralie.rar
[2009/04/08 17:56:49 | 20,261,3858 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\mc414.rar
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 07:57:26 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/01 01:01:46 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/03/31 17:58:38 | 00,053,248 | ---- | M] (NirSoft) -- C:\WINDOWS\nircmd.exe
[2009/03/30 14:46:53 | 11,270,5664 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\mc407.rar
[2009/03/30 14:39:40 | 18,894,5459 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\mc406.rar
[2009/03/24 18:48:47 | 17,286,5985 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Edited Sluts With Nuts 04.wmv
[2009/03/23 12:03:00 | 01,610,439 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\My Documents\A3_Application_Cornelius_McGilloway.pdf
< End of report >
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:51 PM

Posted 21 April 2009 - 06:57 PM

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    DRV - [2009/04/20 19:09:28 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\bbqa872.sys -- (bbqa872 [System | Stopped])
    O2 - BHO: (no name) - {A5AF42A3-94F3-42BD-F634-0604832C897D} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-527237240-261903793-725345543-1003\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-527237240-261903793-725345543-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
    O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [servises] C:\WINDOWS\system32\servises.exe File not found
    O4 - HKU\.DEFAULT..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\207721460.exe File not found
    O4 - HKU\.DEFAULT..\Run: [servises] C:\WINDOWS\system32\servises.exe File not found
    O4 - HKU\.DEFAULT..\Run: [VRTF2] C:\WINDOWS\TEMP\VRTF2.exe File not found
    O4 - HKU\S-1-5-18..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\207721460.exe File not found
    O4 - HKU\S-1-5-18..\Run: [servises] C:\WINDOWS\system32\servises.exe File not found
    O4 - HKU\S-1-5-18..\Run: [VRTF2] C:\WINDOWS\TEMP\VRTF2.exe File not found
    
    :Files
    C:\WINDOWS\System32\ak1.exe
    C:\WINDOWS\System32\xz.exe
    C:\WINDOWS\System32\hsfiun3487dll
    C:\WINDOWS\System32\hsf9ikmifj934g.dll
    C:\Program Files\ThunMail
    C:\WINDOWS\System32\ashl.nq
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

================


Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
Please post the contents of the log from DrWeb and a new OTListIt log in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 mcgi0223

mcgi0223
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 21 April 2009 - 09:59 PM

OK, here's the new OTListIt2 stuff (before running Dr.Web):

OTListIt logfile created on: 4/21/2009 8:28:12 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Neil McGilloway\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.62% Memory free
3.85 Gb Paging File | 3.21 Gb Available in Paging File | 83.35% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 22.21 Gb Free Space | 39.74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NEIL
Current User Name: Neil McGilloway
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2004/08/10 04:04:40 | 00,215,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2004/08/10 04:04:42 | 00,123,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2005/06/21 00:10:30 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\McShield.exe
PRC - [2005/07/26 05:02:00 | 00,147,523 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/01/04 17:38:08 | 00,045,132 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2004/08/10 08:00:00 | 01,052,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/08/05 13:27:08 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2004/08/10 04:04:42 | 00,079,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2005/07/06 23:26:24 | 00,122,880 | R--- | M] () -- C:\WINDOWS\ATK0100\HControl.exe
PRC - [2004/12/22 02:23:00 | 00,118,874 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/12/22 02:23:00 | 00,708,698 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/07/22 15:36:52 | 00,077,824 | ---- | M] () -- C:\Program Files\Generic\Wireless Console\wcourier.exe
PRC - [2004/04/09 18:15:08 | 00,102,400 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\GENERIC\Power4 Gear\BatteryLife.exe
PRC - [2009/03/10 13:27:34 | 00,385,024 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe
PRC - [2005/07/19 17:32:18 | 00,241,664 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/08 15:14:44 | 00,237,568 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2005/04/12 11:21:00 | 14,180,864 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2005/02/25 20:28:03 | 00,233,472 | ---- | M] (Ahead Software) -- C:\Program Files\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe
PRC - [2003/02/14 15:36:10 | 00,821,248 | ---- | M] (ASUS) -- C:\Program Files\Keyboard\Keyboard Hotkey\Hotkey.exe
PRC - [2005/07/05 10:45:00 | 02,007,040 | R--- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe
PRC - [2005/06/08 14:44:56 | 00,212,992 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2007/07/18 12:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/04/08 16:33:46 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2004/08/10 08:00:00 | 00,113,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [1998/09/03 23:09:08 | 00,119,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MDM.EXE
PRC - [2008/10/21 13:09:59 | 00,050,472 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2007/10/08 17:50:56 | 00,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2009/02/20 14:22:34 | 04,363,504 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2004/08/10 08:00:00 | 00,238,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/04/21 18:27:50 | 00,522,240 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Neil McGilloway\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (0142641239930246mcinstcleanup [Auto | Stopped])
SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - File not found -- -- (DhcpSrv [Auto | Stopped])
SRV - [2004/08/10 04:04:40 | 00,215,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2004/08/10 04:04:42 | 00,123,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2004/08/10 08:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2005/06/17 17:09:24 | 00,890,880 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv [Auto | Stopped])
SRV - [2005/06/17 17:09:24 | 00,890,880 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR [Auto | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2004/08/04 00:56:44 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2005/06/21 00:10:30 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2007/11/07 09:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2005/08/05 13:27:08 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\McShield.exe -- (McShield [Unknown | Running])
SRV - [2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - [2004/08/10 05:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2007/07/18 12:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [On_Demand | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - File not found -- -- (npkcmsvc [Disabled | Stopped])
SRV - [2005/07/26 05:02:00 | 00,147,523 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2004/08/10 08:00:00 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
SRV - [2007/01/04 17:38:08 | 00,045,132 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,933,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2002/09/09 20:54:06 | 00,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\ASNDIS5.SYS -- (ASNDIS5 [On_Demand | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/01/07 18:07:16 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2004/10/06 03:33:00 | 00,163,328 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Stopped])
DRV - [2004/10/06 03:31:00 | 01,036,928 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Stopped])
DRV - [2005/06/17 17:01:22 | 00,099,584 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs [Disabled | Running])
DRV - [2005/06/17 17:00:58 | 00,029,696 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\DRIVERS\InCDPass.sys -- (InCDPass [System | Running])
DRV - [2005/06/17 10:00:52 | 00,028,160 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm [System | Running])
DRV - [2005/04/15 06:05:00 | 02,564,032 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2001/08/17 13:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\irsir.sys -- (irsir [On_Demand | Running])
DRV - [2005/05/27 09:31:28 | 00,022,016 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvusbsta.sys -- (LVUSBSta [On_Demand | Stopped])
DRV - [2004/03/16 23:04:00 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2007/11/22 06:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2007/11/22 06:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2007/11/22 06:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2007/11/22 06:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2007/12/02 12:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
DRV - [2007/07/13 06:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV - [2007/08/28 05:58:00 | 00,005,760 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\ATKACPI.sys -- (MTsensor [On_Demand | Running])
DRV - [2007/08/15 07:27:18 | 00,009,600 | ---- | M] () -- C:\WINDOWS\System32\Drivers\n558.sys -- (n558 [On_Demand | Stopped])
DRV - [2005/07/26 05:02:00 | 03,211,040 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2004/08/10 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/05/12 18:54:10 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2005/05/27 09:32:52 | 01,317,152 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\LVCM.sys -- (QCMerced [On_Demand | Stopped])
DRV - [2004/07/05 17:14:58 | 00,057,088 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\R592.sys -- (R592 [Boot | Running])
DRV - [2004/09/17 01:42:54 | 00,027,264 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\risdpntk.sys -- (risdpntk [Boot | Running])
DRV - [2009/01/21 07:49:40 | 00,118,656 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Stopped])
DRV - [2009/03/23 14:07:26 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/03/23 14:07:28 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/03/23 14:07:26 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2004/08/10 08:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/12/22 02:23:00 | 00,186,240 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2004/08/03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2004/10/06 03:32:00 | 00,702,592 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Stopped])
DRV - [2005/06/17 20:41:46 | 00,274,432 | ---- | M] (ZyDAS Technology Corporation) -- C:\WINDOWS\system32\DRIVERS\zd1211u.sys -- (ZD1211U(ASUS) [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-527237240-261903793-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-527237240-261903793-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-527237240-261903793-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKU\S-1-5-21-527237240-261903793-725345543-1003\S-1-5-21-527237240-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-527237240-261903793-725345543-1003\S-1-5-21-527237240-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.comcast.net/"
FF - prefs.js..extensions.enabledItems: {5BE976F3-7F58-45B3-93E1-77C25FDC6546}:1.0
FF - prefs.js..extensions.enabledItems: {7B330090-0791-40A1-9601-47147B327D18}:1.0
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.07
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/09 19:15:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/18 23:54:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/18 23:54:11 | 00,000,000 | ---D | M]

[2009/03/09 20:31:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Neil McGilloway\Application Data\mozilla\Extensions
[2009/03/09 20:31:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Neil McGilloway\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/21 18:21:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Neil McGilloway\Application Data\mozilla\Firefox\Profiles\5cfjldav.default\extensions
[2009/03/20 11:02:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Neil McGilloway\Application Data\mozilla\Firefox\Profiles\5cfjldav.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009/04/21 18:21:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/19 02:48:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{5BE976F3-7F58-45B3-93E1-77C25FDC6546}
[2009/04/19 15:27:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{7B330090-0791-40A1-9601-47147B327D18}
[2009/04/08 16:33:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/08 16:33:45 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/08 16:33:45 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/19 15:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/19 15:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/19 15:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/19 15:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/19 15:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/19 15:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/02/19 15:33:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (304465 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 jL.chura.pl
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10509 more lines...
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install (NVIDIA Corporation)
O4 - HKLM..\Run: [Power_Gear] C:\Program Files\GENERIC\Power4 Gear\BatteryLife.exe 1 (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WD Button Manager] WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [Wireless Console] C:\Program Files\Generic\Wireless Console\wcourier.exe ()
O4 - HKU\.DEFAULT..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-527237240-261903793-725345543-1003..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot (Logitech Inc.)
O4 - HKU\S-1-5-21-527237240-261903793-725345543-1003..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe (Ahead Software)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Hotkey.lnk = C:\Program Files\Keyboard\Keyboard Hotkey\Hotkey.exe (ASUS)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-527237240-261903793-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-527237240-261903793-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-527237240-261903793-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-21-527237240-261903793-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-527237240-261903793-725345543-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [Bluetooth Namespace] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-527237240-261903793-725345543-1003\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1236634939000 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/09 17:31:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[45 C:\*.tmp files]
[7 C:\WINDOWS\System32\*.tmp files]
[16 C:\WINDOWS\*.tmp files]
[2009/04/21 20:26:48 | 13,718,160 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Neil McGilloway\Desktop\drweb-cureit.exe
[2009/04/21 20:23:29 | 13,718,160 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Neil McGilloway\Desktop\launch.exe
[2009/04/21 20:13:34 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/21 18:46:48 | 01,832,096 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\SmitfraudFix.exe
[2009/04/21 18:27:49 | 00,522,240 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Neil McGilloway\Desktop\OTListIt2.exe
[2009/04/21 18:02:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/04/21 12:41:09 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresja.dll
[2009/04/21 12:41:09 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresko.dll
[2009/04/21 12:41:09 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresfr.dll
[2009/04/21 12:41:08 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresde.dll
[2009/04/21 12:41:08 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehreschs.dll
[2009/04/21 12:40:51 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2009/04/21 12:40:46 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2009/04/21 12:40:42 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2009/04/21 12:40:41 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2009/04/21 12:40:41 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2009/04/21 12:40:40 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2009/04/21 12:40:40 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2009/04/21 12:40:39 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2009/04/21 12:40:38 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2009/04/21 12:40:38 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2009/04/21 12:40:37 | 00,363,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2009/04/21 12:40:37 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2009/04/21 12:40:37 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2009/04/21 12:40:37 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2009/04/21 12:40:37 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2009/04/21 12:40:37 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2009/04/21 12:40:36 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2009/04/21 12:40:36 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2009/04/21 12:40:35 | 00,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2009/04/21 12:40:35 | 00,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2009/04/21 12:40:31 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2009/04/21 12:40:31 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2009/04/21 12:40:30 | 00,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2009/04/21 12:40:28 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2009/04/21 12:40:28 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2009/04/21 12:40:27 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2009/04/21 12:40:26 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2009/04/21 12:40:26 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2009/04/21 12:40:26 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2009/04/21 12:40:26 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2009/04/21 12:40:24 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2009/04/21 12:40:23 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2009/04/21 12:40:22 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2009/04/21 12:40:22 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2009/04/21 12:40:21 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2009/04/21 12:40:20 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2009/04/21 12:40:19 | 00,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2009/04/21 12:40:19 | 00,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2009/04/21 12:40:19 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2009/04/21 12:40:19 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2009/04/21 12:40:19 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2009/04/21 12:40:19 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2009/04/21 12:40:19 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2009/04/21 12:40:18 | 00,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2009/04/21 12:40:18 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2009/04/21 12:40:17 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2009/04/21 12:40:17 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2009/04/21 12:40:17 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2009/04/21 12:40:17 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2009/04/21 12:40:17 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2009/04/21 12:40:17 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2009/04/21 12:40:17 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2009/04/21 12:40:17 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2009/04/21 12:40:17 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2009/04/21 12:40:17 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2009/04/21 12:40:16 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2009/04/21 12:40:16 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2009/04/21 12:40:16 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2009/04/21 12:40:16 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2009/04/21 12:40:16 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2009/04/21 12:40:16 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2009/04/21 12:40:14 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2009/04/21 12:40:10 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2009/04/21 12:40:09 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2009/04/21 12:40:08 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/04/21 12:40:07 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/04/21 12:40:07 | 00,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2009/04/21 12:40:07 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2009/04/21 12:40:05 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2009/04/21 12:40:05 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2009/04/21 12:40:01 | 00,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2009/04/21 12:40:00 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2009/04/21 12:39:59 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2009/04/21 12:39:59 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2009/04/21 12:39:58 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2009/04/21 12:39:58 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2009/04/21 12:39:58 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2009/04/21 12:39:58 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2009/04/21 12:39:58 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2009/04/21 12:39:57 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2009/04/21 12:39:57 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2009/04/21 12:39:57 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2009/04/21 12:39:57 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2009/04/21 12:39:57 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2009/04/21 12:39:56 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2009/04/21 12:39:56 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2009/04/21 12:39:56 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2009/04/21 12:39:56 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2009/04/21 12:39:55 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2009/04/21 12:39:52 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2009/04/21 12:39:51 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2009/04/21 12:39:50 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2009/04/21 12:39:49 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2009/04/21 12:39:46 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2009/04/21 12:39:40 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2009/04/21 12:39:40 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2009/04/21 12:39:29 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2009/04/21 12:39:29 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2009/04/21 12:39:29 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2009/04/21 12:39:29 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2009/04/21 12:39:29 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2009/04/21 12:39:28 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2009/04/21 12:39:26 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2009/04/21 12:39:26 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2009/04/21 12:39:26 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2009/04/21 12:39:26 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2009/04/21 12:39:24 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2009/04/21 12:39:24 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2009/04/21 12:39:23 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/04/21 12:39:23 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2009/04/21 12:39:23 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2009/04/21 12:39:23 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2009/04/21 12:39:22 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2009/04/21 12:39:22 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2009/04/21 12:39:22 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2009/04/21 12:39:22 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2009/04/21 12:39:22 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2009/04/21 12:39:22 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2009/04/21 12:39:22 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2009/04/21 12:39:22 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2009/04/21 12:39:22 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2009/04/21 12:39:22 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2009/04/21 12:39:21 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2009/04/21 12:39:21 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2009/04/21 12:39:21 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2009/04/21 12:39:21 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2009/04/21 12:39:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2009/04/21 12:39:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2009/04/21 12:39:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2009/04/21 12:39:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2009/04/21 12:39:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2009/04/21 12:39:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2009/04/21 12:39:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2009/04/21 12:39:20 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2009/04/21 12:39:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2009/04/21 12:39:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2009/04/21 12:39:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2009/04/21 12:39:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2009/04/21 12:39:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2009/04/21 12:39:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2009/04/21 12:39:20 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2009/04/21 12:39:20 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2009/04/21 12:39:20 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2009/04/21 12:39:19 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2009/04/21 12:39:19 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2009/04/21 12:39:19 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2009/04/21 12:39:19 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2009/04/21 12:39:19 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2009/04/21 12:39:19 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2009/04/21 12:39:18 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2009/04/21 12:39:18 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2009/04/21 12:39:18 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2009/04/21 12:39:16 | 00,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2009/04/21 12:39:16 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2009/04/21 12:39:15 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2009/04/21 12:39:15 | 00,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2009/04/21 12:39:15 | 00,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2009/04/21 12:39:15 | 00,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2009/04/21 12:39:13 | 00,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2009/04/21 12:39:12 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2009/04/21 12:39:12 | 00,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2009/04/21 12:39:12 | 00,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2009/04/21 12:39:12 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2009/04/21 12:39:12 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2009/04/21 12:39:12 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2009/04/21 12:39:11 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009/04/21 12:39:11 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2009/04/21 12:39:11 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2009/04/21 12:39:11 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2009/04/21 12:39:11 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2009/04/21 12:39:11 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2009/04/21 12:39:11 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2009/04/21 12:39:11 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2009/04/21 12:39:10 | 00,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2009/04/21 12:39:10 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2009/04/21 12:39:06 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2009/04/21 12:39:01 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2009/04/21 12:38:58 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2009/04/21 12:38:58 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2009/04/21 12:38:58 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2009/04/21 12:38:58 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2009/04/21 12:38:57 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2009/04/21 12:38:55 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2009/04/21 12:38:55 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2009/04/21 12:38:55 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2009/04/21 12:38:53 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2009/04/21 12:38:53 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2009/04/21 12:38:53 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2009/04/21 12:38:53 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2009/04/21 12:38:53 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2009/04/21 12:38:53 | 00,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2009/04/21 12:38:52 | 00,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2009/04/21 12:38:52 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2009/04/21 12:38:52 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2009/04/21 12:38:52 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2009/04/21 12:38:52 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2009/04/21 12:38:52 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2009/04/21 12:38:52 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2009/04/21 12:38:52 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2009/04/21 12:38:52 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2009/04/21 12:38:52 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2009/04/21 12:38:52 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2009/04/21 12:38:51 | 00,452,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2009/04/21 12:38:51 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2009/04/21 12:38:51 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2009/04/21 12:38:51 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2009/04/21 12:38:51 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2009/04/21 12:38:50 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2009/04/21 12:38:49 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2009/04/21 12:38:49 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2009/04/21 12:38:49 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2009/04/21 12:38:48 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2009/04/21 12:38:47 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/04/21 12:38:47 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2009/04/21 12:38:47 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2009/04/21 12:38:47 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2009/04/21 12:38:38 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2009/04/21 12:38:35 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2009/04/21 12:38:35 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2009/04/21 12:38:34 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2009/04/21 12:38:32 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2009/04/21 12:38:32 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2009/04/21 12:38:31 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2009/04/21 12:38:31 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2009/04/21 12:38:31 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/04/21 12:38:31 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2009/04/21 12:38:31 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2009/04/21 12:38:29 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2009/04/21 12:38:28 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2009/04/21 12:38:28 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/04/21 12:38:28 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2009/04/21 12:38:28 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2009/04/21 12:38:27 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009/04/21 12:38:27 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009/04/21 12:38:27 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2009/04/21 12:38:27 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2009/04/21 12:38:27 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2009/04/21 12:38:27 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009/04/21 12:38:26 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2009/04/21 12:38:26 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2009/04/21 12:38:26 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2009/04/21 12:38:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009/04/21 12:38:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2009/04/21 12:38:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2009/04/21 12:38:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2009/04/21 12:38:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2009/04/21 12:38:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2009/04/21 12:38:24 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2009/04/21 12:38:24 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2009/04/21 12:38:24 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2009/04/21 12:38:24 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2009/04/21 12:38:24 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2009/04/21 12:38:24 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2009/04/21 12:38:24 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2009/04/21 12:38:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2009/04/21 12:38:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2009/04/21 12:38:23 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009/04/21 12:38:22 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2009/04/21 12:38:22 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2009/04/21 12:38:22 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2009/04/21 12:38:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009/04/21 12:38:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009/04/21 12:38:21 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2009/04/21 12:38:21 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2009/04/21 12:38:20 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2009/04/21 12:38:19 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2009/04/21 12:38:18 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2009/04/21 12:38:18 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2009/04/21 12:38:17 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2009/04/21 12:38:17 | 00,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2009/04/21 12:38:17 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2009/04/21 12:38:17 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2009/04/21 12:38:17 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2009/04/21 12:38:16 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2009/04/21 12:38:16 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2009/04/21 12:38:16 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2009/04/21 12:38:16 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2009/04/21 12:38:16 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2009/04/21 12:38:15 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2009/04/21 12:38:14 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2009/04/21 12:38:14 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2009/04/21 12:38:14 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2009/04/21 12:38:11 | 00,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2009/04/21 12:38:11 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2009/04/21 12:38:08 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2009/04/21 12:38:08 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2009/04/21 12:38:07 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2009/04/21 12:38:06 | 00,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2009/04/21 12:38:00 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2009/04/21 12:38:00 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2009/04/21 12:38:00 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2009/04/21 12:37:59 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2009/04/21 12:37:59 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2009/04/21 12:37:59 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2009/04/21 12:37:59 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2009/04/21 12:37:59 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2009/04/21 12:37:58 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2009/04/21 12:37:58 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2009/04/21 12:37:58 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2009/04/21 12:37:58 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2009/04/21 12:37:57 | 00,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2009/04/21 12:37:57 | 00,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2009/04/21 12:37:57 | 00,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2009/04/21 12:37:57 | 00,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2009/04/21 12:37:57 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2009/04/21 12:37:56 | 00,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2009/04/21 12:37:56 | 00,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2009/04/21 12:37:56 | 00,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2009/04/21 12:37:56 | 00,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2009/04/21 12:37:56 | 00,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2009/04/21 12:37:56 | 00,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2009/04/21 12:37:55 | 00,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2009/04/21 12:37:55 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2009/04/21 12:37:55 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2009/04/21 12:37:55 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2009/04/21 12:37:55 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2009/04/21 12:37:54 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2009/04/21 12:37:54 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2009/04/21 12:37:53 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2009/04/21 12:14:20 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/04/21 11:52:12 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irftp.exe
[2009/04/21 11:52:12 | 00,087,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irda.sys
[2009/04/21 11:52:12 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshirda.dll
[2009/04/21 11:52:11 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll
[2009/04/21 11:16:24 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irsir.sys
[2009/04/21 11:04:06 | 00,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rasirda.sys
[2009/04/21 11:02:37 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2009/04/21 11:02:37 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2009/04/21 11:02:37 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2009/04/21 11:02:37 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2009/04/21 11:02:24 | 02,008,817 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2009/04/21 11:02:24 | 01,086,058 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NTPRINT.CAT
[2009/04/21 11:02:24 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/04/21 11:02:24 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/04/21 11:02:24 | 00,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2009/04/21 11:02:24 | 00,130,715 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2009/04/21 11:02:24 | 00,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2009/04/21 11:02:24 | 00,106,147 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2009/04/21 11:02:24 | 00,077,881 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plus.cat
[2009/04/21 11:02:24 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/04/21 11:02:24 | 00,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2009/04/21 11:02:24 | 00,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2009/04/21 11:02:24 | 00,017,916 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sonic.cat
[2009/04/21 11:02:24 | 00,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2009/04/21 11:02:24 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009/04/21 11:02:24 | 00,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2009/04/21 11:02:24 | 00,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2009/04/21 11:02:24 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/04/21 11:02:24 | 00,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2009/04/21 11:02:24 | 00,007,076 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/04/21 11:02:23 | 00,505,647 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2009/04/21 00:50:50 | 21,453,86496 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2009/04/20 21:40:29 | 00,006,921 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/04/20 19:10:36 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tcpcon.dll
[2009/04/20 19:10:36 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\Packer.dll
[2009/04/20 19:10:36 | 00,000,034 | ---- | C] () -- C:\WINDOWS\System32\tcpd.dll
[2009/04/20 19:10:36 | 00,000,009 | ---- | C] () -- C:\WINDOWS\System32\iphy.dll
[2009/04/20 19:10:36 | 00,000,003 | ---- | C] () -- C:\WINDOWS\System32\fhpatch.dll
[2009/04/20 19:10:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\fiplock.dll
[2009/04/20 19:05:24 | 00,733,683 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2009/04/20 15:30:09 | 00,000,004 | ---- | C] () -- C:\WINDOWS\System32\_id.dat
[2009/04/20 15:23:40 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/04/20 14:58:39 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/04/20 12:32:08 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/04/20 12:20:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Desktop\HostsXpert
[2009/04/20 02:59:57 | 00,360,021 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\dds.scr
[2009/04/20 02:08:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Desktop\gmer
[2009/04/20 01:56:18 | 00,053,248 | ---- | C] (NirSoft) -- C:\WINDOWS\nircmd.exe
[2009/04/20 01:56:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Desktop\nircmd
[2009/04/20 00:36:58 | 00,101,196 | ---- | C] () -- C:\MGlogs.zip
[2009/04/20 00:36:47 | 00,000,000 | ---D | C] -- C:\MGtools
[2009/04/19 21:24:34 | 24,921,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/19 21:24:17 | 09,924,040 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Neil McGilloway\Desktop\windows-kb890830-v2.9.exe
[2009/04/19 20:25:48 | 06,043,680 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\SUPERAntiSpyware(2).exe
[2009/04/19 20:23:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/04/19 17:52:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Application Data\Malwarebytes
[2009/04/19 17:52:44 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/19 17:52:42 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/19 17:52:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/19 17:52:40 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/19 17:50:42 | 01,340,797 | ---- | C] () -- C:\MGtools.exe
[2009/04/19 17:31:13 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/04/19 15:26:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/04/19 15:21:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/04/19 15:20:44 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/04/19 15:20:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Application Data\SUPERAntiSpyware.com
[2009/04/19 14:48:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/04/19 14:47:03 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/04/19 14:09:47 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/19 13:51:54 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/19 06:31:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Application Data\McAfee
[2009/04/19 06:31:07 | 00,000,138 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\fusioncache.dat
[2009/04/19 06:03:50 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/04/19 06:01:05 | 04,608,744 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Neil McGilloway\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2009/04/19 05:52:54 | 00,130,048 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/04/19 05:52:54 | 00,119,296 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/04/19 05:52:54 | 00,100,892 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/04/19 05:52:54 | 00,088,064 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/04/19 05:52:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/19 05:52:24 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF26617.exe
[2009/04/19 04:35:59 | 00,000,095 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/19 03:05:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mqcd.dbt
[2009/04/19 03:04:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3361
[2009/04/19 03:04:40 | 00,108,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX
[2009/04/19 03:04:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\dhcp
[2009/04/19 03:04:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Application Data\pidle
[2009/04/18 23:56:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Application Data\Apple Computer
[2009/04/18 23:55:30 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/04/18 23:55:26 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/04/18 23:55:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/18 23:55:08 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/04/18 23:53:24 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/04/18 23:53:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/04/18 23:53:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\Apple
[2009/04/18 23:53:04 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/04/18 23:52:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/04/18 23:52:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/04/18 23:51:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\Apple Computer
[2009/04/17 11:29:58 | 10,139,5426 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Lannie_Barbie_High_Heels_Stockings.rar
[2009/04/17 11:22:15 | 20,321,6800 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\PrftMch_1_AN.avi
[2009/04/16 23:58:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DirectX
[2009/04/16 23:41:02 | 19,306,8664 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\SELU_ERNER-PM.avi
[2009/04/16 10:55:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\Logitech-LS
[2009/04/15 19:14:00 | 00,004,566 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\black dress.dat
[2009/04/15 18:43:34 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/14 23:22:27 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mstee.sys
[2009/04/14 23:22:12 | 00,019,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wstcodec.sys
[2009/04/14 23:22:08 | 00,085,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nabtsfec.sys
[2009/04/14 23:22:04 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ccdecode.sys
[2009/04/14 23:21:50 | 00,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys
[2009/04/14 23:21:32 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2009/04/14 23:21:32 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2009/04/14 23:21:31 | 00,090,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2009/04/14 23:21:31 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2009/04/14 23:17:07 | 00,078,190 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2009/04/14 23:17:00 | 00,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/04/14 23:16:59 | 01,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2009/04/14 23:16:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2009/04/14 23:16:41 | 00,029,795 | ---- | C] (Ingenient Technologies, Inc.) -- C:\WINDOWS\System32\ITIG726.acm
[2009/04/14 23:16:38 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71DEU.DLL
[2009/04/14 23:16:38 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71ITA.DLL
[2009/04/14 23:16:38 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71ESP.DLL
[2009/04/14 23:16:38 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71ENU.DLL
[2009/04/14 23:16:38 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71KOR.DLL
[2009/04/14 23:16:38 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71JPN.DLL
[2009/04/14 23:16:38 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71CHT.DLL
[2009/04/14 23:16:38 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71CHS.DLL
[2009/04/14 23:09:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/04/14 22:58:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\Downloaded Installations
[2009/04/14 22:41:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/04/14 22:39:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logishrd
[2009/04/14 22:39:41 | 00,000,000 | ---D | C] -- C:\Program Files\Logitech
[2009/04/14 22:39:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2009/04/13 17:28:48 | 19,226,8288 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\IsSo_NN2.avi
[2009/04/13 16:03:15 | 75,457,986 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\ICLdFeZa_4.zip
[2009/04/13 16:02:42 | 99,346,432 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\SimDia_TDL_ChaKRa.avi
[2009/04/13 15:50:07 | 99,920,814 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\MADESA-LERAD.avi
[2009/04/11 16:38:23 | 94,371,840 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Black_dick_in_milf.part1.rar
[2009/04/10 15:24:14 | 16,990,5184 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\tai024.part2.rar
[2009/04/10 15:07:05 | 17,091,7888 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\tai024.part1.rar
[2009/04/09 16:16:30 | 54,545,207 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\94-Teresa_Orlowski_-_Taken_By_Force_In_Toilet.rar
[2009/04/09 02:17:15 | 93,176,575 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Hot_Latina_Gives_Anal_a_Try.rar
[2009/04/09 01:45:55 | 88,744,206 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Black_Latex_Nurses_anal_bleep_orgy.WMV
[2009/04/09 01:22:25 | 14,808,3024 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Michelle-_Reds_like_it_in_the_Ass_pic.avi
[2009/04/09 01:07:53 | 85,926,068 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\CaHo_LaLi_AN.avi
[2009/04/08 21:48:15 | 16,233,1872 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\madura_anb13_1.wmv
[2009/04/08 21:10:12 | 15,212,5949 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Fusxion_Fantasies_1_Scene_3_b.wmv
[2009/04/08 20:19:21 | 10,458,5138 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\teen_glasses_s_a.rar
[2009/04/08 19:50:31 | 10,000,0000 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Dolly_Golden.part1.rar
[2009/04/08 19:16:30 | 93,956,746 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Dolly_Golden.part2.rar
[2009/04/08 18:57:40 | 76,656,640 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Blackhaired_grrrl..Kosovali.avi
[2009/04/08 18:49:06 | 13,012,1375 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\black_haired_chick_assbleeped.rar
[2009/04/08 18:26:59 | 69,494,090 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\NroFmlre_4_TS_DP.avi
[2009/04/08 18:19:33 | 10,212,5252 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Nice_Car.rar
[2009/04/08 18:02:49 | 16,375,5468 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\MarieDelvauxGravurix.avi
[2009/04/08 18:02:34 | 10,186,7590 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Coralie.rar
[2009/04/08 17:56:32 | 20,261,3858 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\mc414.rar
[2009/04/05 16:40:50 | 00,000,000 | ---D | C] -- C:\AeriaGames
[2009/04/03 21:17:38 | 00,005,174 | ---- | C] () -- C:\WINDOWS\System32\nppt9x.vxd
[2009/04/03 21:17:38 | 00,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npptNT2.sys
[2009/04/03 21:17:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2009/04/03 21:11:17 | 00,000,000 | ---D | C] -- C:\Nexon
[2009/04/03 20:32:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\PMB Files
[2009/04/03 20:32:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/04/03 20:32:26 | 00,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2009/03/30 14:46:49 | 11,270,5664 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\mc407.rar
[2009/03/30 14:39:29 | 18,894,5459 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\mc406.rar
[2009/03/27 13:30:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Desktop\christine-new-movie
[2009/03/25 13:58:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Application Data\Media Player Classic
[2009/03/24 18:38:29 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/03/24 18:38:24 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2009/03/24 18:38:24 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2009/03/24 18:38:23 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2009/03/24 18:38:23 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2009/03/24 18:38:22 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/03/24 18:38:22 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/03/24 18:38:21 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/03/24 18:38:21 | 00,684,032 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll
[2009/03/24 18:38:21 | 00,086,016 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2009/03/24 18:38:19 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/03/24 18:38:19 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/03/24 18:38:17 | 00,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll
[2009/03/24 18:38:16 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2009/03/24 18:20:09 | 17,286,5985 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Edited Sluts With Nuts 04.wmv
[2009/03/24 17:51:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Desktop\miscellany
[2009/03/24 17:23:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Application Data\WinRAR
[2009/03/24 17:18:21 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/03/23 12:03:00 | 01,610,439 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\My Documents\A3_Application_Cornelius_McGilloway.pdf
[2009/03/23 12:00:39 | 00,000,000 | ---D | C] -- C:\Downloads
[2009/03/10 13:29:44 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/09 19:09:14 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/09 19:09:12 | 00,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009/03/09 19:09:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2009/03/09 18:09:34 | 00,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/03/09 18:07:14 | 00,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/15 07:27:18 | 00,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys
[2004/08/10 08:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/10 08:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/10 08:00:00 | 00,000,802 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/10 00:11:42 | 00,185,856 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

========== Files - Modified Within 30 Days ==========

[45 C:\*.tmp files]
[7 C:\WINDOWS\System32\*.tmp files]
[16 C:\WINDOWS\*.tmp files]
[2009/04/21 20:26:48 | 13,718,160 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Neil McGilloway\Desktop\drweb-cureit.exe
[2009/04/21 20:23:29 | 13,718,160 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Neil McGilloway\Desktop\launch.exe
[2009/04/21 20:18:41 | 00,024,487 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/04/21 20:16:56 | 00,030,098 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/04/21 20:16:13 | 00,013,752 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/21 20:15:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/21 20:15:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/21 20:14:43 | 03,775,784 | -H-- | M] () -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\IconCache.db
[2009/04/21 19:03:56 | 00,000,802 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/21 18:46:49 | 01,832,096 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\SmitfraudFix.exe
[2009/04/21 18:27:50 | 00,522,240 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Neil McGilloway\Desktop\OTListIt2.exe
[2009/04/21 18:07:23 | 00,577,676 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/21 18:07:23 | 00,482,756 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/21 18:07:23 | 00,084,038 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/21 12:42:19 | 00,000,287 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/04/21 12:17:36 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[2009/04/21 12:17:29 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/04/21 12:17:29 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/04/21 12:17:27 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/04/21 12:17:13 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/21 12:14:20 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/04/21 12:14:20 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/04/21 11:55:24 | 00,034,188 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/04/21 11:52:40 | 00,000,280 | -HS- | M] () -- C:\boot.ini
[2009/04/21 11:02:43 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/21 11:02:25 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
[2009/04/21 11:02:25 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009/04/21 10:48:24 | 00,733,683 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2009/04/21 10:46:48 | 00,006,921 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/21 10:22:15 | 00,304,465 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/04/21 10:05:06 | 00,023,832 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/21 10:02:49 | 00,000,024 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090421-102215.backup
[2009/04/21 01:07:39 | 00,130,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/21 01:07:22 | 21,453,86496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009/04/20 19:10:36 | 00,172,032 | ---- | M] () -- C:\WINDOWS\System32\tcpcon.dll
[2009/04/20 19:10:36 | 00,010,240 | ---- | M] () -- C:\WINDOWS\System32\Packer.dll
[2009/04/20 19:10:36 | 00,000,034 | ---- | M] () -- C:\WINDOWS\System32\tcpd.dll
[2009/04/20 19:10:36 | 00,000,009 | ---- | M] () -- C:\WINDOWS\System32\iphy.dll
[2009/04/20 19:10:36 | 00,000,003 | ---- | M] () -- C:\WINDOWS\System32\fhpatch.dll
[2009/04/20 19:10:36 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\fiplock.dll
[2009/04/20 15:30:19 | 00,000,004 | ---- | M] () -- C:\WINDOWS\System32\_id.dat
[2009/04/20 14:49:25 | 00,000,122 | ---- | M] () -- C:\WINDOWS\mdm.ini
[2009/04/20 02:59:57 | 00,360,021 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\dds.scr
[2009/04/20 00:40:00 | 00,101,196 | ---- | M] () -- C:\MGlogs.zip
[2009/04/19 21:24:27 | 09,924,040 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Neil McGilloway\Desktop\windows-kb890830-v2.9.exe
[2009/04/19 20:26:23 | 06,043,680 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\SUPERAntiSpyware(2).exe
[2009/04/19 17:50:43 | 01,340,797 | ---- | M] () -- C:\MGtools.exe
[2009/04/19 06:31:07 | 00,000,138 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\fusioncache.dat
[2009/04/19 06:09:11 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\zamoyoje
[2009/04/19 06:01:10 | 04,608,744 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Neil McGilloway\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2009/04/19 05:51:54 | 00,409,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF26617.exe
[2009/04/19 04:35:59 | 00,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/04/19 03:06:48 | 00,000,077 | -HS- | M] () -- C:\Documents and Settings\Neil McGilloway\My Documents\desktop.ini
[2009/04/19 03:05:02 | 00,000,000 | ---- | M] () -- C:\WINDOWS\mqcd.dbt
[2009/04/19 03:04:43 | 00,108,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX
[2009/04/19 03:02:08 | 00,075,776 | -HS- | M] () -- C:\WINDOWS\System32\bugadepi.exe
[2009/04/17 15:31:32 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/17 13:03:35 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/17 11:30:05 | 10,139,5426 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Lannie_Barbie_High_Heels_Stockings.rar
[2009/04/17 11:22:30 | 20,321,6800 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\PrftMch_1_AN.avi
[2009/04/16 23:42:21 | 19,306,8664 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\SELU_ERNER-PM.avi
[2009/04/15 19:14:00 | 00,004,566 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\black dress.dat
[2009/04/15 02:14:00 | 00,000,360 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/04/13 17:29:01 | 19,226,8288 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\IsSo_NN2.avi
[2009/04/13 16:03:24 | 75,457,986 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\ICLdFeZa_4.zip
[2009/04/13 16:02:51 | 99,346,432 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\SimDia_TDL_ChaKRa.avi
[2009/04/13 15:50:16 | 99,920,814 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\MADESA-LERAD.avi
[2009/04/11 16:38:31 | 94,371,840 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Black_dick_in_milf.part1.rar
[2009/04/10 15:41:49 | 16,990,5184 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\tai024.part2.rar
[2009/04/10 15:07:12 | 17,091,7888 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\tai024.part1.rar
[2009/04/09 16:16:33 | 54,545,207 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\94-Teresa_Orlowski_-_Taken_By_Force_In_Toilet.rar
[2009/04/09 13:25:56 | 00,312,232 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090419-034007.backup
[2009/04/09 02:17:36 | 93,176,575 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Hot_Latina_Gives_Anal_a_Try.rar
[2009/04/09 01:45:58 | 88,744,206 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Black_Latex_Nurses_anal_bleep_orgy.WMV
[2009/04/09 01:22:33 | 14,808,3024 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Michelle-_Reds_like_it_in_the_Ass_pic.avi
[2009/04/09 01:07:57 | 85,926,068 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\CaHo_LaLi_AN.avi
[2009/04/08 21:48:25 | 16,233,1872 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\madura_anb13_1.wmv
[2009/04/08 21:10:20 | 15,212,5949 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Fusxion_Fantasies_1_Scene_3_b.wmv
[2009/04/08 20:19:26 | 10,458,5138 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\teen_glasses_s_a.rar
[2009/04/08 19:50:35 | 10,000,0000 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Dolly_Golden.part1.rar
[2009/04/08 19:16:34 | 93,956,746 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Dolly_Golden.part2.rar
[2009/04/08 18:57:43 | 76,656,640 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Blackhaired_grrrl..Kosovali.avi
[2009/04/08 18:49:17 | 13,012,1375 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\black_haired_chick_assbleeped.rar
[2009/04/08 18:27:03 | 69,494,090 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\NroFmlre_4_TS_DP.avi
[2009/04/08 18:19:44 | 10,212,5252 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Nice_Car.rar
[2009/04/08 18:02:57 | 16,375,5468 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\MarieDelvauxGravurix.avi
[2009/04/08 18:02:41 | 10,186,7590 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Coralie.rar
[2009/04/08 17:56:49 | 20,261,3858 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\mc414.rar
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 07:57:26 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/01 01:01:46 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/03/31 17:58:38 | 00,053,248 | ---- | M] (NirSoft) -- C:\WINDOWS\nircmd.exe
[2009/03/30 14:46:53 | 11,270,5664 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\mc407.rar
[2009/03/30 14:39:40 | 18,894,5459 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\mc406.rar
[2009/03/24 18:48:47 | 17,286,5985 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Edited Sluts With Nuts 04.wmv
[2009/03/23 12:03:00 | 01,610,439 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\My Documents\A3_Application_Cornelius_McGilloway.pdf
< End of report >

========== OTLISTIT ==========
Process explorer.exe killed successfully!

Service\Driver bbqa872 deleted successfully.
C:\WINDOWS\System32\drivers\bbqa872.sys moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5AF42A3-94F3-42BD-F634-0604832C897D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A5AF42A3-94F3-42BD-F634-0604832C897D}\ not found.
Registry value HKEY_USERS\S-1-5-21-527237240-261903793-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-21-527237240-261903793-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully.
C:\WINDOWS\ALCMTR.EXE moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\servises deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Diagnostic Manager deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\servises deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\VRTF2 deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Diagnostic Manager not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\servises not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\VRTF2 not found.
========== FILES ==========
C:\WINDOWS\System32\ak1.exe moved successfully.
C:\WINDOWS\System32\xz.exe moved successfully.
C:\WINDOWS\System32\hsfiun3487dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\hsf9ikmifj934g.dll
C:\WINDOWS\System32\hsf9ikmifj934g.dll NOT unregistered.
C:\WINDOWS\System32\hsf9ikmifj934g.dll moved successfully.
C:\Program Files\ThunMail moved successfully.
C:\WINDOWS\System32\ashl.nq moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Neil McGilloway\Local Settings\Temp\etilqs_eZoV6P2giLbT3QuLd8v0 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Neil McGilloway\Local Settings\Temp\Perflib_Perfdata_d38.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Neil McGilloway\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcafee_eZjxihQQ1Tlpz25 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_mJd2g0sSwptI0OK scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_nihgG3e9xQGmS6H scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_P5crQI8mCpw6xua scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_vYZH8Ke6QrtKKl0 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_b70.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\WFV2.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\Mozilla\Firefox\Profiles\5cfjldav.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\Mozilla\Firefox\Profiles\5cfjldav.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\Mozilla\Firefox\Profiles\5cfjldav.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\Mozilla\Firefox\Profiles\5cfjldav.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\Mozilla\Firefox\Profiles\5cfjldav.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\Mozilla\Firefox\Profiles\5cfjldav.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.14.0 log created on 04212009_201334

Files moved on Reboot...
File C:\Documents and Settings\Neil McGilloway\Local Settings\Temp\etilqs_eZoV6P2giLbT3QuLd8v0 not found!
File C:\Documents and Settings\Neil McGilloway\Local Settings\Temp\Perflib_Perfdata_d38.dat not found!
File C:\WINDOWS\temp\mcafee_eZjxihQQ1Tlpz25 not found!
File C:\WINDOWS\temp\mcmsc_mJd2g0sSwptI0OK not found!
File C:\WINDOWS\temp\mcmsc_nihgG3e9xQGmS6H not found!
File C:\WINDOWS\temp\mcmsc_P5crQI8mCpw6xua not found!
File C:\WINDOWS\temp\mcmsc_vYZH8Ke6QrtKKl0 not found!
C:\WINDOWS\temp\Perflib_Perfdata_b70.dat moved successfully.
File C:\WINDOWS\temp\WFV2.tmp not found!
C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\Mozilla\Firefox\Profiles\5cfjldav.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\Mozilla\Firefox\Profiles\5cfjldav.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\Mozilla\Firefox\Profiles\5cfjldav.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\Mozilla\Firefox\Profiles\5cfjldav.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\Mozilla\Firefox\Profiles\5cfjldav.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\Mozilla\Firefox\Profiles\5cfjldav.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...


And for Dr.Web - it's attached as a .txt file (I'm forbidden from uploading .csv on here)

As far as a status update goes, after using the fix on OTListIt2, I was able to access security sites again, but after going through Dr. Web, I can't again. Also, after rebooting post-Dr.Web, I got a lot of notifications from Mcafee saying they repaired various infected files (typically programs) on my computer that had Virut on them. So that's good I guess. It's a good bit better than before, so this is good stuff. I get the feeling something came back after Dr. Web though, so I don't think we're out of the woods yet! Thanks for your help so far though!

#7 mcgi0223

mcgi0223
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 21 April 2009 - 10:11 PM

Just for reference, here is the OTListIt2 Scan after doing the Dr. Web:

OTListIt logfile created on: 4/21/2009 11:08:35 PM - Run 3
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Neil McGilloway\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 74.13% Memory free
3.85 Gb Paging File | 3.46 Gb Available in Paging File | 89.78% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 22.08 Gb Free Space | 39.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NEIL
Current User Name: Neil McGilloway
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2004/08/10 04:04:42 | 00,123,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\McShield.exe
PRC - [2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2004/08/10 08:00:00 | 01,052,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/08/10 04:04:42 | 00,079,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/04/21 22:40:25 | 02,007,040 | R--- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe
PRC - [2009/04/08 16:33:46 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2007/07/18 12:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2007/11/06 16:22:10 | 00,259,400 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\VirusScan\mcvsmap.exe
PRC - [2009/04/21 23:01:52 | 00,215,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2009/04/21 23:02:00 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2004/08/10 08:00:00 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dumprep.exe
PRC - [2009/04/21 23:01:11 | 00,522,240 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Neil McGilloway\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (0142641239930246mcinstcleanup [Auto | Stopped])
SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - File not found -- -- (DhcpSrv [Auto | Stopped])
SRV - [2009/04/21 23:01:52 | 00,215,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2004/08/10 04:04:42 | 00,123,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2004/08/10 08:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/21 23:02:27 | 00,890,880 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv [Auto | Stopped])
SRV - [2009/04/21 23:02:27 | 00,890,880 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR [Auto | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2004/08/04 00:56:44 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2009/04/21 23:01:54 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Stopped])
SRV - [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2007/11/07 09:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2009/04/21 23:02:00 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\McShield.exe -- (McShield [Unknown | Running])
SRV - [2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - [2004/08/10 05:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2007/07/18 12:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [On_Demand | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - File not found -- -- (npkcmsvc [Disabled | Stopped])
SRV - [2009/04/21 23:01:55 | 00,147,523 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Stopped])
SRV - [2009/04/21 23:02:43 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
SRV - [2009/04/21 23:01:57 | 00,045,132 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Stopped])
SRV - [2009/04/21 23:02:47 | 00,933,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2002/09/09 20:54:06 | 00,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\ASNDIS5.SYS -- (ASNDIS5 [On_Demand | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/01/07 18:07:16 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2004/10/06 03:33:00 | 00,163,328 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Stopped])
DRV - [2004/10/06 03:31:00 | 01,036,928 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Stopped])
DRV - [2005/06/17 17:01:22 | 00,099,584 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs [Disabled | Running])
DRV - [2005/06/17 17:00:58 | 00,029,696 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\DRIVERS\InCDPass.sys -- (InCDPass [System | Running])
DRV - [2005/06/17 10:00:52 | 00,028,160 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm [System | Running])
DRV - [2005/04/15 06:05:00 | 02,564,032 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2001/08/17 13:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\irsir.sys -- (irsir [On_Demand | Running])
DRV - [2005/05/27 09:31:28 | 00,022,016 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvusbsta.sys -- (LVUSBSta [On_Demand | Stopped])
DRV - [2004/03/16 23:04:00 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2007/11/22 06:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2007/11/22 06:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2007/11/22 06:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2007/11/22 06:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2007/12/02 12:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
DRV - [2007/07/13 06:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV - [2007/08/28 05:58:00 | 00,005,760 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\ATKACPI.sys -- (MTsensor [On_Demand | Running])
DRV - [2007/08/15 07:27:18 | 00,009,600 | ---- | M] () -- C:\WINDOWS\System32\Drivers\n558.sys -- (n558 [On_Demand | Stopped])
DRV - [2005/07/26 05:02:00 | 03,211,040 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2004/08/10 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/05/12 18:54:10 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2005/05/27 09:32:52 | 01,317,152 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\LVCM.sys -- (QCMerced [On_Demand | Stopped])
DRV - [2004/07/05 17:14:58 | 00,057,088 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\R592.sys -- (R592 [Boot | Running])
DRV - [2004/09/17 01:42:54 | 00,027,264 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\risdpntk.sys -- (risdpntk [Boot | Running])
DRV - [2009/01/21 07:49:40 | 00,118,656 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Stopped])
DRV - [2009/03/23 14:07:26 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/03/23 14:07:28 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/03/23 14:07:26 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2004/08/10 08:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/12/22 02:23:00 | 00,186,240 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2004/08/03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2004/10/06 03:32:00 | 00,702,592 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Stopped])
DRV - [2005/06/17 20:41:46 | 00,274,432 | ---- | M] (ZyDAS Technology Corporation) -- C:\WINDOWS\system32\DRIVERS\zd1211u.sys -- (ZD1211U(ASUS) [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-527237240-261903793-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-527237240-261903793-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-527237240-261903793-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKU\S-1-5-21-527237240-261903793-725345543-1003\S-1-5-21-527237240-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-527237240-261903793-725345543-1003\S-1-5-21-527237240-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.comcast.net/"
FF - prefs.js..extensions.enabledItems: {5BE976F3-7F58-45B3-93E1-77C25FDC6546}:1.0
FF - prefs.js..extensions.enabledItems: {7B330090-0791-40A1-9601-47147B327D18}:1.0
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.07
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/09 19:15:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/18 23:54:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/18 23:54:11 | 00,000,000 | ---D | M]

[2009/03/09 20:31:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Neil McGilloway\Application Data\mozilla\Extensions
[2009/03/09 20:31:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Neil McGilloway\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/21 18:21:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Neil McGilloway\Application Data\mozilla\Firefox\Profiles\5cfjldav.default\extensions
[2009/03/20 11:02:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Neil McGilloway\Application Data\mozilla\Firefox\Profiles\5cfjldav.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009/04/21 18:21:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/19 02:48:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{5BE976F3-7F58-45B3-93E1-77C25FDC6546}
[2009/04/19 15:27:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{7B330090-0791-40A1-9601-47147B327D18}
[2009/04/08 16:33:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/08 16:33:45 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/08 16:33:45 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/19 15:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/19 15:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/19 15:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/19 15:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/19 15:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/19 15:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/02/19 15:33:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (304465 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 jL.chura.pl
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10509 more lines...
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install (NVIDIA Corporation)
O4 - HKLM..\Run: [Power_Gear] C:\Program Files\GENERIC\Power4 Gear\BatteryLife.exe 1 (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WD Button Manager] WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [Wireless Console] C:\Program Files\Generic\Wireless Console\wcourier.exe ()
O4 - HKU\.DEFAULT..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-527237240-261903793-725345543-1003..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot (Logitech Inc.)
O4 - HKU\S-1-5-21-527237240-261903793-725345543-1003..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe (Ahead Software)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Hotkey.lnk = C:\Program Files\Keyboard\Keyboard Hotkey\Hotkey.exe (ASUS)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-527237240-261903793-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-527237240-261903793-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-527237240-261903793-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-21-527237240-261903793-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-527237240-261903793-725345543-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [Bluetooth Namespace] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-527237240-261903793-725345543-1003\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1236634939000 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/09 17:31:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[45 C:\*.tmp files]
[6 C:\WINDOWS\System32\*.tmp files]
[16 C:\WINDOWS\*.tmp files]
[2009/04/21 20:36:24 | 00,018,323 | ---- | C] () -- C:\WINDOWS\System32\ovfsthxlog.dat
[2009/04/21 20:26:48 | 13,718,160 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Neil McGilloway\Desktop\drweb-cureit.exe
[2009/04/21 20:13:34 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/21 18:27:49 | 00,522,240 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Neil McGilloway\Desktop\OTListIt2.exe
[2009/04/21 18:02:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/04/21 12:41:09 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresja.dll
[2009/04/21 12:41:09 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresko.dll
[2009/04/21 12:41:09 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresfr.dll
[2009/04/21 12:41:08 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresde.dll
[2009/04/21 12:41:08 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehreschs.dll
[2009/04/21 12:40:51 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2009/04/21 12:40:46 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2009/04/21 12:40:42 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2009/04/21 12:40:41 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2009/04/21 12:40:41 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2009/04/21 12:40:40 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2009/04/21 12:40:40 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2009/04/21 12:40:39 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2009/04/21 12:40:38 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2009/04/21 12:40:38 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2009/04/21 12:40:37 | 00,363,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2009/04/21 12:40:37 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2009/04/21 12:40:37 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2009/04/21 12:40:37 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2009/04/21 12:40:37 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2009/04/21 12:40:37 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2009/04/21 12:40:36 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2009/04/21 12:40:36 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2009/04/21 12:40:35 | 00,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2009/04/21 12:40:35 | 00,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2009/04/21 12:40:31 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2009/04/21 12:40:31 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2009/04/21 12:40:30 | 00,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2009/04/21 12:40:28 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2009/04/21 12:40:28 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2009/04/21 12:40:27 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2009/04/21 12:40:26 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2009/04/21 12:40:26 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2009/04/21 12:40:26 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2009/04/21 12:40:26 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2009/04/21 12:40:24 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2009/04/21 12:40:23 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2009/04/21 12:40:22 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2009/04/21 12:40:22 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2009/04/21 12:40:21 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2009/04/21 12:40:20 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2009/04/21 12:40:19 | 00,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2009/04/21 12:40:19 | 00,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2009/04/21 12:40:19 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2009/04/21 12:40:19 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2009/04/21 12:40:19 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2009/04/21 12:40:19 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2009/04/21 12:40:19 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2009/04/21 12:40:18 | 00,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2009/04/21 12:40:18 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2009/04/21 12:40:17 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2009/04/21 12:40:17 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2009/04/21 12:40:17 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2009/04/21 12:40:17 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2009/04/21 12:40:17 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2009/04/21 12:40:17 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2009/04/21 12:40:17 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2009/04/21 12:40:17 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2009/04/21 12:40:17 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2009/04/21 12:40:17 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2009/04/21 12:40:16 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2009/04/21 12:40:16 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2009/04/21 12:40:16 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2009/04/21 12:40:16 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2009/04/21 12:40:16 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2009/04/21 12:40:16 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2009/04/21 12:40:14 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2009/04/21 12:40:10 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2009/04/21 12:40:09 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2009/04/21 12:40:08 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/04/21 12:40:07 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/04/21 12:40:07 | 00,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2009/04/21 12:40:07 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2009/04/21 12:40:05 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2009/04/21 12:40:05 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2009/04/21 12:40:01 | 00,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2009/04/21 12:40:00 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2009/04/21 12:39:59 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2009/04/21 12:39:59 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2009/04/21 12:39:58 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2009/04/21 12:39:58 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2009/04/21 12:39:58 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2009/04/21 12:39:58 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2009/04/21 12:39:58 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2009/04/21 12:39:57 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2009/04/21 12:39:57 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2009/04/21 12:39:57 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2009/04/21 12:39:57 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2009/04/21 12:39:57 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2009/04/21 12:39:56 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2009/04/21 12:39:56 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2009/04/21 12:39:56 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2009/04/21 12:39:56 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2009/04/21 12:39:55 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2009/04/21 12:39:52 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2009/04/21 12:39:51 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2009/04/21 12:39:50 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2009/04/21 12:39:49 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2009/04/21 12:39:46 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2009/04/21 12:39:40 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2009/04/21 12:39:40 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2009/04/21 12:39:29 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2009/04/21 12:39:29 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2009/04/21 12:39:29 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2009/04/21 12:39:29 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2009/04/21 12:39:29 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2009/04/21 12:39:28 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2009/04/21 12:39:26 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2009/04/21 12:39:26 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2009/04/21 12:39:26 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2009/04/21 12:39:26 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2009/04/21 12:39:24 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2009/04/21 12:39:24 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2009/04/21 12:39:23 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/04/21 12:39:23 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2009/04/21 12:39:23 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2009/04/21 12:39:23 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2009/04/21 12:39:22 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2009/04/21 12:39:22 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2009/04/21 12:39:22 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2009/04/21 12:39:22 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2009/04/21 12:39:22 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2009/04/21 12:39:22 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2009/04/21 12:39:22 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2009/04/21 12:39:22 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2009/04/21 12:39:22 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2009/04/21 12:39:22 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2009/04/21 12:39:21 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2009/04/21 12:39:21 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2009/04/21 12:39:21 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2009/04/21 12:39:21 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2009/04/21 12:39:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2009/04/21 12:39:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2009/04/21 12:39:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2009/04/21 12:39:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2009/04/21 12:39:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2009/04/21 12:39:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2009/04/21 12:39:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2009/04/21 12:39:20 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2009/04/21 12:39:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2009/04/21 12:39:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2009/04/21 12:39:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2009/04/21 12:39:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2009/04/21 12:39:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2009/04/21 12:39:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2009/04/21 12:39:20 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2009/04/21 12:39:20 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2009/04/21 12:39:20 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2009/04/21 12:39:19 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2009/04/21 12:39:19 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2009/04/21 12:39:19 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2009/04/21 12:39:19 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2009/04/21 12:39:19 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2009/04/21 12:39:19 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2009/04/21 12:39:18 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2009/04/21 12:39:18 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2009/04/21 12:39:18 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2009/04/21 12:39:16 | 00,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2009/04/21 12:39:16 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2009/04/21 12:39:15 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2009/04/21 12:39:15 | 00,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2009/04/21 12:39:15 | 00,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2009/04/21 12:39:15 | 00,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2009/04/21 12:39:13 | 00,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2009/04/21 12:39:12 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2009/04/21 12:39:12 | 00,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2009/04/21 12:39:12 | 00,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2009/04/21 12:39:12 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2009/04/21 12:39:12 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2009/04/21 12:39:12 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2009/04/21 12:39:11 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009/04/21 12:39:11 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2009/04/21 12:39:11 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2009/04/21 12:39:11 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2009/04/21 12:39:11 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2009/04/21 12:39:11 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2009/04/21 12:39:11 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2009/04/21 12:39:11 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2009/04/21 12:39:10 | 00,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2009/04/21 12:39:10 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2009/04/21 12:39:06 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2009/04/21 12:39:01 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2009/04/21 12:38:58 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2009/04/21 12:38:58 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2009/04/21 12:38:58 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2009/04/21 12:38:58 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2009/04/21 12:38:57 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2009/04/21 12:38:55 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2009/04/21 12:38:55 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2009/04/21 12:38:55 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2009/04/21 12:38:53 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2009/04/21 12:38:53 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2009/04/21 12:38:53 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2009/04/21 12:38:53 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2009/04/21 12:38:53 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2009/04/21 12:38:53 | 00,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2009/04/21 12:38:52 | 00,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2009/04/21 12:38:52 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2009/04/21 12:38:52 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2009/04/21 12:38:52 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2009/04/21 12:38:52 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2009/04/21 12:38:52 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2009/04/21 12:38:52 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2009/04/21 12:38:52 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2009/04/21 12:38:52 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2009/04/21 12:38:52 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2009/04/21 12:38:52 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2009/04/21 12:38:51 | 00,452,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2009/04/21 12:38:51 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2009/04/21 12:38:51 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2009/04/21 12:38:51 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2009/04/21 12:38:51 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2009/04/21 12:38:50 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2009/04/21 12:38:49 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2009/04/21 12:38:49 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2009/04/21 12:38:49 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2009/04/21 12:38:48 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2009/04/21 12:38:47 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/04/21 12:38:47 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2009/04/21 12:38:47 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2009/04/21 12:38:47 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2009/04/21 12:38:38 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2009/04/21 12:38:35 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2009/04/21 12:38:35 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2009/04/21 12:38:34 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2009/04/21 12:38:32 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2009/04/21 12:38:32 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2009/04/21 12:38:31 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2009/04/21 12:38:31 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2009/04/21 12:38:31 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/04/21 12:38:31 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2009/04/21 12:38:31 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2009/04/21 12:38:29 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2009/04/21 12:38:28 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2009/04/21 12:38:28 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/04/21 12:38:28 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2009/04/21 12:38:28 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2009/04/21 12:38:27 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009/04/21 12:38:27 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009/04/21 12:38:27 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2009/04/21 12:38:27 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2009/04/21 12:38:27 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2009/04/21 12:38:27 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009/04/21 12:38:26 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2009/04/21 12:38:26 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2009/04/21 12:38:26 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2009/04/21 12:38:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009/04/21 12:38:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2009/04/21 12:38:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2009/04/21 12:38:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2009/04/21 12:38:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2009/04/21 12:38:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2009/04/21 12:38:24 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2009/04/21 12:38:24 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2009/04/21 12:38:24 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2009/04/21 12:38:24 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2009/04/21 12:38:24 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2009/04/21 12:38:24 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2009/04/21 12:38:24 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2009/04/21 12:38:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2009/04/21 12:38:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2009/04/21 12:38:23 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009/04/21 12:38:22 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2009/04/21 12:38:22 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2009/04/21 12:38:22 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2009/04/21 12:38:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009/04/21 12:38:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009/04/21 12:38:21 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2009/04/21 12:38:21 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2009/04/21 12:38:20 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2009/04/21 12:38:19 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2009/04/21 12:38:18 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2009/04/21 12:38:18 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2009/04/21 12:38:17 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2009/04/21 12:38:17 | 00,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2009/04/21 12:38:17 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2009/04/21 12:38:17 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2009/04/21 12:38:17 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2009/04/21 12:38:16 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2009/04/21 12:38:16 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2009/04/21 12:38:16 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2009/04/21 12:38:16 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2009/04/21 12:38:16 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2009/04/21 12:38:15 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2009/04/21 12:38:14 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2009/04/21 12:38:14 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2009/04/21 12:38:14 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2009/04/21 12:38:11 | 00,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2009/04/21 12:38:11 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2009/04/21 12:38:08 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2009/04/21 12:38:08 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2009/04/21 12:38:07 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2009/04/21 12:38:06 | 00,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2009/04/21 12:38:00 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2009/04/21 12:38:00 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2009/04/21 12:38:00 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2009/04/21 12:37:59 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2009/04/21 12:37:59 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2009/04/21 12:37:59 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2009/04/21 12:37:59 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2009/04/21 12:37:59 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2009/04/21 12:37:58 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2009/04/21 12:37:58 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2009/04/21 12:37:58 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2009/04/21 12:37:58 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2009/04/21 12:37:57 | 00,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2009/04/21 12:37:57 | 00,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2009/04/21 12:37:57 | 00,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2009/04/21 12:37:57 | 00,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2009/04/21 12:37:57 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2009/04/21 12:37:56 | 00,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2009/04/21 12:37:56 | 00,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2009/04/21 12:37:56 | 00,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2009/04/21 12:37:56 | 00,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2009/04/21 12:37:56 | 00,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2009/04/21 12:37:56 | 00,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2009/04/21 12:37:55 | 00,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2009/04/21 12:37:55 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2009/04/21 12:37:55 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2009/04/21 12:37:55 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2009/04/21 12:37:55 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2009/04/21 12:37:54 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2009/04/21 12:37:54 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2009/04/21 12:37:53 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2009/04/21 12:14:20 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/04/21 11:52:12 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irftp.exe
[2009/04/21 11:52:12 | 00,087,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irda.sys
[2009/04/21 11:52:12 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshirda.dll
[2009/04/21 11:52:11 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll
[2009/04/21 11:16:24 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irsir.sys
[2009/04/21 11:04:06 | 00,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rasirda.sys
[2009/04/21 11:02:37 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2009/04/21 11:02:37 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2009/04/21 11:02:37 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2009/04/21 11:02:37 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2009/04/21 11:02:24 | 02,008,817 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2009/04/21 11:02:24 | 01,086,058 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NTPRINT.CAT
[2009/04/21 11:02:24 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/04/21 11:02:24 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/04/21 11:02:24 | 00,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2009/04/21 11:02:24 | 00,130,715 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2009/04/21 11:02:24 | 00,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2009/04/21 11:02:24 | 00,106,147 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2009/04/21 11:02:24 | 00,077,881 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plus.cat
[2009/04/21 11:02:24 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/04/21 11:02:24 | 00,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2009/04/21 11:02:24 | 00,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2009/04/21 11:02:24 | 00,017,916 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sonic.cat
[2009/04/21 11:02:24 | 00,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2009/04/21 11:02:24 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009/04/21 11:02:24 | 00,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2009/04/21 11:02:24 | 00,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2009/04/21 11:02:24 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/04/21 11:02:24 | 00,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2009/04/21 11:02:24 | 00,007,076 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/04/21 11:02:23 | 00,505,647 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2009/04/21 00:50:50 | 21,453,86496 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2009/04/20 21:40:29 | 00,006,921 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/04/20 19:10:36 | 00,000,034 | ---- | C] () -- C:\WINDOWS\System32\tcpd.dll
[2009/04/20 19:10:36 | 00,000,009 | ---- | C] () -- C:\WINDOWS\System32\iphy.dll
[2009/04/20 19:10:36 | 00,000,003 | ---- | C] () -- C:\WINDOWS\System32\fhpatch.dll
[2009/04/20 19:10:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\fiplock.dll
[2009/04/20 19:05:24 | 00,733,683 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2009/04/20 15:30:09 | 00,000,004 | ---- | C] () -- C:\WINDOWS\System32\_id.dat
[2009/04/20 15:23:40 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/04/20 14:58:39 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/04/20 12:32:08 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/04/20 12:20:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Desktop\HostsXpert
[2009/04/20 02:59:57 | 00,360,021 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\dds.scr
[2009/04/20 02:08:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Desktop\gmer
[2009/04/20 01:56:18 | 00,053,248 | ---- | C] (NirSoft) -- C:\WINDOWS\nircmd.exe
[2009/04/20 01:56:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Desktop\nircmd
[2009/04/20 00:36:58 | 00,101,196 | ---- | C] () -- C:\MGlogs.zip
[2009/04/20 00:36:47 | 00,000,000 | ---D | C] -- C:\MGtools
[2009/04/19 21:24:34 | 24,921,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/19 21:24:17 | 09,924,040 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Neil McGilloway\Desktop\windows-kb890830-v2.9.exe
[2009/04/19 20:25:48 | 06,043,680 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\SUPERAntiSpyware(2).exe
[2009/04/19 20:23:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/04/19 17:52:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Application Data\Malwarebytes
[2009/04/19 17:52:44 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/19 17:52:42 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/19 17:52:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/19 17:52:40 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/19 17:50:42 | 01,340,797 | ---- | C] () -- C:\MGtools.exe
[2009/04/19 17:31:13 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/04/19 15:27:56 | 00,000,043 | ---- | C] () -- C:\WINDOWS\System32\ovfsthxrqjidxgi.dat
[2009/04/19 15:26:56 | 00,221,638 | ---- | C] () -- C:\WINDOWS\System32\ovfsthxtfdtspul.dat
[2009/04/19 15:26:56 | 00,018,432 | ---- | C] () -- C:\WINDOWS\System32\ovfsthxvuqqyrbj.dll
[2009/04/19 15:26:56 | 00,018,432 | ---- | C] () -- C:\WINDOWS\System32\ovfsthxptqxvdln.dll
[2009/04/19 15:26:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/04/19 15:21:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/04/19 15:20:44 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/04/19 15:20:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Application Data\SUPERAntiSpyware.com
[2009/04/19 14:48:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/04/19 14:47:03 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/04/19 14:09:47 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/19 13:51:54 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/19 06:31:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Application Data\McAfee
[2009/04/19 06:31:07 | 00,000,138 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\fusioncache.dat
[2009/04/19 06:03:50 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/04/19 06:01:05 | 04,608,744 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Neil McGilloway\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2009/04/19 05:52:54 | 00,130,048 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/04/19 05:52:54 | 00,119,296 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/04/19 05:52:54 | 00,100,892 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/04/19 05:52:54 | 00,088,064 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/04/19 05:52:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/19 05:52:24 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF26617.exe
[2009/04/19 04:35:59 | 00,000,095 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/19 03:05:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mqcd.dbt
[2009/04/19 03:04:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3361
[2009/04/19 03:04:40 | 00,108,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX
[2009/04/19 03:04:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\dhcp
[2009/04/19 03:04:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Application Data\pidle
[2009/04/18 23:56:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Application Data\Apple Computer
[2009/04/18 23:55:30 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/04/18 23:55:26 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/04/18 23:55:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/18 23:55:08 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/04/18 23:53:24 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/04/18 23:53:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/04/18 23:53:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\Apple
[2009/04/18 23:53:04 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/04/18 23:52:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/04/18 23:52:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/04/18 23:51:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\Apple Computer
[2009/04/17 11:29:58 | 10,139,5426 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Lannie_Barbie_High_Heels_Stockings.rar
[2009/04/17 11:22:15 | 20,321,6800 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\PrftMch_1_AN.avi
[2009/04/16 23:58:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DirectX
[2009/04/16 23:41:02 | 19,306,8664 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\SELU_ERNER-PM.avi
[2009/04/16 10:55:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\Logitech-LS
[2009/04/15 19:14:00 | 00,004,566 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\black dress.dat
[2009/04/15 18:43:34 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/14 23:22:27 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mstee.sys
[2009/04/14 23:22:12 | 00,019,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wstcodec.sys
[2009/04/14 23:22:08 | 00,085,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nabtsfec.sys
[2009/04/14 23:22:04 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ccdecode.sys
[2009/04/14 23:21:50 | 00,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys
[2009/04/14 23:21:32 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2009/04/14 23:21:32 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2009/04/14 23:21:31 | 00,090,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2009/04/14 23:21:31 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2009/04/14 23:17:07 | 00,078,190 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2009/04/14 23:17:00 | 00,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/04/14 23:16:59 | 01,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2009/04/14 23:16:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2009/04/14 23:16:41 | 00,029,795 | ---- | C] (Ingenient Technologies, Inc.) -- C:\WINDOWS\System32\ITIG726.acm
[2009/04/14 23:16:38 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71DEU.DLL
[2009/04/14 23:16:38 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71ITA.DLL
[2009/04/14 23:16:38 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71ESP.DLL
[2009/04/14 23:16:38 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71ENU.DLL
[2009/04/14 23:16:38 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71KOR.DLL
[2009/04/14 23:16:38 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71JPN.DLL
[2009/04/14 23:16:38 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71CHT.DLL
[2009/04/14 23:16:38 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71CHS.DLL
[2009/04/14 23:09:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/04/14 22:58:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\Downloaded Installations
[2009/04/14 22:41:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/04/14 22:39:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logishrd
[2009/04/14 22:39:41 | 00,000,000 | ---D | C] -- C:\Program Files\Logitech
[2009/04/14 22:39:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2009/04/13 17:28:48 | 19,226,8288 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\IsSo_NN2.avi
[2009/04/13 16:03:15 | 75,457,986 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\ICLdFeZa_4.zip
[2009/04/13 16:02:42 | 99,346,432 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\SimDia_TDL_ChaKRa.avi
[2009/04/13 15:50:07 | 99,920,814 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\MADESA-LERAD.avi
[2009/04/11 16:38:23 | 94,371,840 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Black_dick_in_milf.part1.rar
[2009/04/10 15:24:14 | 16,990,5184 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\tai024.part2.rar
[2009/04/10 15:07:05 | 17,091,7888 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\tai024.part1.rar
[2009/04/09 16:16:30 | 54,545,207 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\94-Teresa_Orlowski_-_Taken_By_Force_In_Toilet.rar
[2009/04/09 02:17:15 | 93,176,575 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Hot_Latina_Gives_Anal_a_Try.rar
[2009/04/09 01:45:55 | 88,744,206 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Black_Latex_Nurses_anal_bleep_orgy.WMV
[2009/04/09 01:22:25 | 14,808,3024 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Michelle-_Reds_like_it_in_the_Ass_pic.avi
[2009/04/09 01:07:53 | 85,926,068 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\CaHo_LaLi_AN.avi
[2009/04/08 21:48:15 | 16,233,1872 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\madura_anb13_1.wmv
[2009/04/08 21:10:12 | 15,212,5949 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Fusxion_Fantasies_1_Scene_3_b.wmv
[2009/04/08 20:19:21 | 10,458,5138 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\teen_glasses_s_a.rar
[2009/04/08 19:50:31 | 10,000,0000 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Dolly_Golden.part1.rar
[2009/04/08 19:16:30 | 93,956,746 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Dolly_Golden.part2.rar
[2009/04/08 18:57:40 | 76,656,640 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Blackhaired_grrrl..Kosovali.avi
[2009/04/08 18:49:06 | 13,012,1375 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\black_haired_chick_assbleeped.rar
[2009/04/08 18:26:59 | 69,494,090 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\NroFmlre_4_TS_DP.avi
[2009/04/08 18:19:33 | 10,212,5252 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Nice_Car.rar
[2009/04/08 18:02:49 | 16,375,5468 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\MarieDelvauxGravurix.avi
[2009/04/08 18:02:34 | 10,186,7590 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Coralie.rar
[2009/04/08 17:56:32 | 20,261,3858 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\mc414.rar
[2009/04/05 16:40:50 | 00,000,000 | ---D | C] -- C:\AeriaGames
[2009/04/03 21:17:38 | 00,005,174 | ---- | C] () -- C:\WINDOWS\System32\nppt9x.vxd
[2009/04/03 21:17:38 | 00,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npptNT2.sys
[2009/04/03 21:17:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2009/04/03 21:11:17 | 00,000,000 | ---D | C] -- C:\Nexon
[2009/04/03 20:32:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\PMB Files
[2009/04/03 20:32:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/04/03 20:32:26 | 00,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2009/03/30 14:46:49 | 11,270,5664 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\mc407.rar
[2009/03/30 14:39:29 | 18,894,5459 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\mc406.rar
[2009/03/27 13:30:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Desktop\christine-new-movie
[2009/03/25 13:58:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Application Data\Media Player Classic
[2009/03/24 18:38:29 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/03/24 18:38:24 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2009/03/24 18:38:24 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2009/03/24 18:38:23 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2009/03/24 18:38:23 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2009/03/24 18:38:22 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/03/24 18:38:22 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/03/24 18:38:21 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/03/24 18:38:21 | 00,684,032 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll
[2009/03/24 18:38:21 | 00,086,016 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2009/03/24 18:38:19 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/03/24 18:38:19 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/03/24 18:38:17 | 00,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll
[2009/03/24 18:38:16 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2009/03/24 18:20:09 | 17,286,5985 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Edited Sluts With Nuts 04.wmv
[2009/03/24 17:51:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Desktop\miscellany
[2009/03/24 17:23:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Application Data\WinRAR
[2009/03/24 17:18:21 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/03/23 12:03:00 | 01,610,439 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\My Documents\A3_Application_Cornelius_McGilloway.pdf
[2009/03/23 12:00:39 | 00,000,000 | ---D | C] -- C:\Downloads
[2009/03/10 13:29:44 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/09 19:09:14 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/09 19:09:12 | 00,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009/03/09 19:09:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2009/03/09 18:09:34 | 00,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/03/09 18:07:14 | 00,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/15 07:27:18 | 00,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys
[2004/08/10 08:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/10 08:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/10 08:00:00 | 00,000,802 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/10 00:11:42 | 00,185,856 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

========== Files - Modified Within 30 Days ==========

[45 C:\*.tmp files]
[6 C:\WINDOWS\System32\*.tmp files]
[16 C:\WINDOWS\*.tmp files]
[2009/04/21 23:07:51 | 00,088,064 | ---- | M] () -- C:\WINDOWS\zip.exe
[2009/04/21 23:07:22 | 00,320,000 | ---- | M] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2009/04/21 23:07:16 | 00,119,296 | ---- | M] () -- C:\WINDOWS\sed.exe
[2009/04/21 23:06:53 | 00,053,248 | ---- | M] (NirSoft) -- C:\WINDOWS\nircmd.exe
[2009/04/21 23:06:52 | 00,442,368 | ---- | M] () -- C:\WINDOWS\Nero PhotoShow.scr
[2009/04/21 23:06:49 | 00,100,892 | ---- | M] () -- C:\WINDOWS\grep.exe
[2009/04/21 23:06:47 | 02,827,776 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2009/04/21 23:06:44 | 00,166,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WudfHost.exe
[2009/04/21 23:06:42 | 04,417,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wpgldfsh.scr
[2009/04/21 23:06:41 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wpdshextautoplay.exe
[2009/04/21 23:06:36 | 00,226,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WinFXDocObj.exe
[2009/04/21 23:06:33 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2009/04/21 23:06:31 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uwdf.exe
[2009/04/21 23:06:28 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tzchange.exe
[2009/04/21 23:06:25 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskman.exe
[2009/04/21 23:06:22 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2009/04/21 23:06:21 | 07,114,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\space.scr
[2009/04/21 23:06:17 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2009/04/21 23:06:14 | 00,180,307 | ---- | M] () -- C:\WINDOWS\System32\RemSvc.exe
[2009/04/21 23:05:46 | 03,363,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nature.scr
[2009/04/21 23:05:44 | 00,197,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2009/04/21 23:05:43 | 01,762,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mypixdx.scr
[2009/04/21 23:05:37 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedssync.exe
[2009/04/21 23:05:31 | 00,054,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2009/04/21 23:05:30 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\migpwd.exe
[2009/04/21 23:05:27 | 00,060,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MAPISRVR.EXE
[2009/04/21 23:05:09 | 00,078,190 | R--- | M] () -- C:\WINDOWS\System32\InstMed.exe
[2009/04/21 23:05:07 | 00,034,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2009/04/21 23:05:01 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2009/04/21 23:04:51 | 05,089,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\davinci.scr
[2009/04/21 23:04:48 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2009/04/21 23:04:46 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cliconfg.exe
[2009/04/21 23:04:44 | 00,064,640 | ---- | M] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/04/21 23:04:43 | 00,409,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF26617.exe
[2009/04/21 23:04:40 | 00,075,776 | -HS- | M] () -- C:\WINDOWS\System32\bugadepi.exe
[2009/04/21 23:04:37 | 00,520,192 | ---- | M] () -- C:\WINDOWS\System32\ASWLSVC.exe
[2009/04/21 23:04:36 | 00,537,600 | ---- | M] () -- C:\WINDOWS\System32\ASWL2K.exe
[2009/04/21 23:03:16 | 00,176,128 | ---- | M] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2009/04/21 23:02:43 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
[2009/04/21 23:02:06 | 00,385,024 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\System32\WDBtnMgr.exe
[2009/04/21 23:01:58 | 00,460,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\searchindexer.exe
[2009/04/21 23:01:11 | 00,522,240 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Neil McGilloway\Desktop\OTListIt2.exe
[2009/04/21 22:41:40 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2009/04/21 22:41:35 | 00,024,455 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/04/21 22:41:18 | 00,108,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\searchfilterhost.exe
[2009/04/21 22:41:13 | 00,205,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\searchprotocolhost.exe
[2009/04/21 22:39:37 | 00,030,098 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/04/21 22:39:14 | 00,013,752 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/21 22:39:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/21 22:38:58 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/21 22:38:12 | 00,018,323 | ---- | M] () -- C:\WINDOWS\System32\ovfsthxlog.dat
[2009/04/21 22:37:30 | 04,305,628 | -H-- | M] () -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\IconCache.db
[2009/04/21 22:29:10 | 00,000,802 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/21 20:36:03 | 00,221,638 | ---- | M] () -- C:\WINDOWS\System32\ovfsthxtfdtspul.dat
[2009/04/21 20:26:48 | 13,718,160 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Neil McGilloway\Desktop\drweb-cureit.exe
[2009/04/21 18:07:23 | 00,577,676 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/21 18:07:23 | 00,482,756 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/21 18:07:23 | 00,084,038 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/21 12:42:19 | 00,000,287 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/04/21 12:17:36 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[2009/04/21 12:17:29 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/04/21 12:17:29 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/04/21 12:17:27 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/04/21 12:17:13 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/21 12:14:20 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/04/21 12:14:20 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/04/21 11:55:24 | 00,034,188 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/04/21 11:52:40 | 00,000,280 | -HS- | M] () -- C:\boot.ini
[2009/04/21 11:02:43 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/21 11:02:25 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
[2009/04/21 11:02:25 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009/04/21 10:48:24 | 00,733,683 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2009/04/21 10:46:48 | 00,006,921 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/21 10:22:15 | 00,304,465 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/04/21 10:05:06 | 00,023,832 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/21 10:02:49 | 00,000,024 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090421-102215.backup
[2009/04/21 01:07:39 | 00,130,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/21 01:07:22 | 21,453,86496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009/04/20 19:10:36 | 00,000,034 | ---- | M] () -- C:\WINDOWS\System32\tcpd.dll
[2009/04/20 19:10:36 | 00,000,009 | ---- | M] () -- C:\WINDOWS\System32\iphy.dll
[2009/04/20 19:10:36 | 00,000,003 | ---- | M] () -- C:\WINDOWS\System32\fhpatch.dll
[2009/04/20 19:10:36 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\fiplock.dll
[2009/04/20 19:09:20 | 00,000,043 | ---- | M] () -- C:\WINDOWS\System32\ovfsthxrqjidxgi.dat
[2009/04/20 15:30:19 | 00,000,004 | ---- | M] () -- C:\WINDOWS\System32\_id.dat
[2009/04/20 14:57:58 | 00,018,432 | ---- | M] () -- C:\WINDOWS\System32\ovfsthxptqxvdln.dll
[2009/04/20 14:49:25 | 00,000,122 | ---- | M] () -- C:\WINDOWS\mdm.ini
[2009/04/20 02:59:57 | 00,360,021 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\dds.scr
[2009/04/20 00:40:00 | 00,101,196 | ---- | M] () -- C:\MGlogs.zip
[2009/04/19 21:24:27 | 09,924,040 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Neil McGilloway\Desktop\windows-kb890830-v2.9.exe
[2009/04/19 20:26:23 | 06,043,680 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\SUPERAntiSpyware(2).exe
[2009/04/19 17:50:43 | 01,340,797 | ---- | M] () -- C:\MGtools.exe
[2009/04/19 15:26:56 | 00,018,432 | ---- | M] () -- C:\WINDOWS\System32\ovfsthxvuqqyrbj.dll
[2009/04/19 06:31:07 | 00,000,138 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\fusioncache.dat
[2009/04/19 06:09:11 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\zamoyoje
[2009/04/19 06:01:10 | 04,608,744 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Neil McGilloway\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2009/04/19 04:35:59 | 00,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/04/19 03:06:48 | 00,000,077 | -HS- | M] () -- C:\Documents and Settings\Neil McGilloway\My Documents\desktop.ini
[2009/04/19 03:05:02 | 00,000,000 | ---- | M] () -- C:\WINDOWS\mqcd.dbt
[2009/04/19 03:04:43 | 00,108,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX
[2009/04/17 15:31:32 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/17 13:03:35 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/17 11:30:05 | 10,139,5426 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Lannie_Barbie_High_Heels_Stockings.rar
[2009/04/17 11:22:30 | 20,321,6800 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\PrftMch_1_AN.avi
[2009/04/16 23:42:21 | 19,306,8664 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\SELU_ERNER-PM.avi
[2009/04/15 19:14:00 | 00,004,566 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\black dress.dat
[2009/04/15 02:14:00 | 00,000,360 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/04/13 17:29:01 | 19,226,8288 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\IsSo_NN2.avi
[2009/04/13 16:03:24 | 75,457,986 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\ICLdFeZa_4.zip
[2009/04/13 16:02:51 | 99,346,432 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\SimDia_TDL_ChaKRa.avi
[2009/04/13 15:50:16 | 99,920,814 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\MADESA-LERAD.avi
[2009/04/11 16:38:31 | 94,371,840 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Black_dick_in_milf.part1.rar
[2009/04/10 15:41:49 | 16,990,5184 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\tai024.part2.rar
[2009/04/10 15:07:12 | 17,091,7888 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\tai024.part1.rar
[2009/04/09 16:16:33 | 54,545,207 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\94-Teresa_Orlowski_-_Taken_By_Force_In_Toilet.rar
[2009/04/09 13:25:56 | 00,312,232 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090419-034007.backup
[2009/04/09 02:17:36 | 93,176,575 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Hot_Latina_Gives_Anal_a_Try.rar
[2009/04/09 01:45:58 | 88,744,206 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Black_Latex_Nurses_anal_bleep_orgy.WMV
[2009/04/09 01:22:33 | 14,808,3024 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Michelle-_Reds_like_it_in_the_Ass_pic.avi
[2009/04/09 01:07:57 | 85,926,068 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\CaHo_LaLi_AN.avi
[2009/04/08 21:48:25 | 16,233,1872 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\madura_anb13_1.wmv
[2009/04/08 21:10:20 | 15,212,5949 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Fusxion_Fantasies_1_Scene_3_b.wmv
[2009/04/08 20:19:26 | 10,458,5138 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\teen_glasses_s_a.rar
[2009/04/08 19:50:35 | 10,000,0000 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Dolly_Golden.part1.rar
[2009/04/08 19:16:34 | 93,956,746 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Dolly_Golden.part2.rar
[2009/04/08 18:57:43 | 76,656,640 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Blackhaired_grrrl..Kosovali.avi
[2009/04/08 18:49:17 | 13,012,1375 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\black_haired_chick_assbleeped.rar
[2009/04/08 18:27:03 | 69,494,090 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\NroFmlre_4_TS_DP.avi
[2009/04/08 18:19:44 | 10,212,5252 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Nice_Car.rar
[2009/04/08 18:02:57 | 16,375,5468 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\MarieDelvauxGravurix.avi
[2009/04/08 18:02:41 | 10,186,7590 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Coralie.rar
[2009/04/08 17:56:49 | 20,261,3858 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\mc414.rar
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 07:57:26 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/01 01:01:46 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/03/30 14:46:53 | 11,270,5664 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\mc407.rar
[2009/03/30 14:39:40 | 18,894,5459 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\mc406.rar
[2009/03/24 18:48:47 | 17,286,5985 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Edited Sluts With Nuts 04.wmv
[2009/03/23 12:03:00 | 01,610,439 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\My Documents\A3_Application_Cornelius_McGilloway.pdf
< End of report >

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:51 PM

Posted 22 April 2009 - 11:41 AM

Virut is extremely bad. You may want to begin backing up any photos, media files, or documents that you can't afford to lose. Do NOT back up any .exe files as these may be infected.

The DrWeb log was not attached, so I still need to see that as soon as possible.


I'd also like to run Combofix now.




Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 mcgi0223

mcgi0223
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 22 April 2009 - 12:04 PM

OK, sorry, I thought it attached successfully, so here's the report again.

ovfsthxkbyufyxv.sys;c:\windows\system32\drivers;BackDoor.Tdss.115;Incurable.Moved.;
RegUBP2b-Neil McGilloway.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
SmitfraudFix.exe\SmitfraudFix\Process.exe;C:\Documents and Settings\Neil McGilloway\Desktop\SmitfraudFix.exe;Tool.Prockill;;
SmitfraudFix.exe\SmitfraudFix\restart.exe;C:\Documents and Settings\Neil McGilloway\Desktop\SmitfraudFix.exe;Tool.ShutDown.14;;
SmitfraudFix.exe;C:\Documents and Settings\Neil McGilloway\Desktop;Archive contains infected objects;Moved.;
newfiles.txt;C:\MGtools;Probably BATCH.Virus;;
Process.exe;C:\MGtools;Tool.Prockill;;
Process.exe;C:\SDFix\apps;Tool.Prockill;;
33.tmp;C:\WINDOWS\system32;Trojan.MulDrop.30600;Deleted.;
ovfsthxdyvewucb.dll;C:\WINDOWS\system32;BackDoor.Tdss.115;Incurable.Moved.;
tcpcon.dll;C:\WINDOWS\system32;Trojan.DownLoad.33121;Deleted.;
ovfsthxkbyufyxv.sys;C:\WINDOWS\system32\drivers;BackDoor.Tdss.115;Incurable.Moved.;
ovfsthxiqombhkmsb.tmp;C:\WINDOWS\Temp;BackDoor.Tdss.115;Incurable.Moved.;
ovfsthxpkpropfcwt.tmp;C:\WINDOWS\Temp;BackDoor.Tdss.115;Deleted.;

As far as ComboFix goes, I have the same problem I got before:

- I download from bleepingcomputer to the desktop, double click on the ComboFix.exe icon and after the loading bar does its thing, I get this message:

Posted Image

- I click OK to that message, and ComboFix.exe gets deleted from my desktop automatically it seems.

- This is new (maybe something implemented in the past few days?), but after that, I get another message:

Posted Image

- This message stems from me trying to use ComboFix before I started this thread. It worked at first, but when it rebooted the system, I got multiple notifications from McAfee. I thought I had disabled everything, but apparently not. Anyway, since then ComboFix hasn't been working. My guess is that there is still something lurking on the system from the last time I ran it, that I need to get rid of, in order to truly have a "fresh" copy and get it going again.

Hopefully you have some pointers for fixing up ComboFix, as I've tried tons of stuff, but no luck so far. Again, thanks for the help!

Attached Files



#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:51 PM

Posted 22 April 2009 - 12:20 PM

Let's do this.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image


==============


Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    
    :Files
    C:\WINDOWS\System32\ovfsthxrqjidxgi.dat
    C:\WINDOWS\System32\ovfsthxtfdtspul.dat
    C:\WINDOWS\System32\ovfsthxvuqqyrbj.dll
    C:\WINDOWS\System32\ovfsthxptqxvdln.dll
    C:\Qoobox
    C:\Combofix
    C:\WINDOWS\vFind.exe
    C:\WINDOWS\sed.exe
    C:\WINDOWS\grep.exe
    C:\WINDOWS\zip.exe
    C:\WINDOWS\System32\CF26617.exe
    
    :Commands
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

==================


Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 mcgi0223

mcgi0223
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 22 April 2009 - 03:37 PM

OTListIt2:

OTListIt logfile created on: 4/22/2009 3:57:00 PM - Run 4
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Neil McGilloway\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 75.41% Memory free
3.85 Gb Paging File | 3.44 Gb Available in Paging File | 89.33% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 21.44 Gb Free Space | 38.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NEIL
Current User Name: Neil McGilloway
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/04/21 23:02:27 | 00,890,880 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/04/21 23:01:52 | 00,215,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2009/04/22 15:49:02 | 00,123,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2009/04/21 23:01:54 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\McShield.exe
PRC - [2009/04/21 23:01:55 | 00,147,523 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2009/04/21 23:01:57 | 00,045,132 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2009/04/21 23:02:00 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/04/22 14:08:26 | 01,052,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/04/22 13:12:25 | 00,079,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2009/04/21 23:02:01 | 00,122,880 | R--- | M] () -- C:\WINDOWS\ATK0100\HControl.exe
PRC - [2009/04/21 23:02:01 | 00,118,874 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2009/04/21 23:02:03 | 00,708,698 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2009/04/21 23:02:04 | 00,077,824 | ---- | M] () -- C:\Program Files\Generic\Wireless Console\wcourier.exe
PRC - [2009/04/21 23:02:05 | 00,102,400 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\GENERIC\Power4 Gear\BatteryLife.exe
PRC - [2009/04/21 23:02:06 | 00,385,024 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe
PRC - [2009/04/21 23:02:08 | 00,241,664 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2009/04/21 23:02:09 | 00,237,568 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/04/21 23:02:11 | 14,180,864 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2009/04/21 23:02:13 | 00,233,472 | ---- | M] (Ahead Software) -- C:\Program Files\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe
PRC - [2009/04/21 23:02:19 | 00,821,248 | ---- | M] (ASUS) -- C:\Program Files\Keyboard\Keyboard Hotkey\Hotkey.exe
PRC - [2009/04/21 22:40:25 | 02,007,040 | R--- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe
PRC - [2009/04/21 23:02:21 | 00,212,992 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/04/22 14:32:18 | 00,156,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe
PRC - [2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2007/07/18 12:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2009/04/08 16:33:46 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/21 23:01:11 | 00,522,240 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Neil McGilloway\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (0142641239930246mcinstcleanup [Auto | Stopped])
SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - File not found -- -- (DhcpSrv [Auto | Stopped])
SRV - [2009/04/21 23:01:52 | 00,215,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2009/04/22 15:49:02 | 00,123,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2004/08/10 08:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/21 23:02:27 | 00,890,880 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])
SRV - [2009/04/21 23:02:27 | 00,890,880 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR [Auto | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2004/08/04 00:56:44 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2009/04/21 23:01:54 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2007/11/07 09:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2009/04/21 23:02:00 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\McShield.exe -- (McShield [Unknown | Running])
SRV - [2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - [2004/08/10 05:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2007/07/18 12:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [On_Demand | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - File not found -- -- (npkcmsvc [Disabled | Stopped])
SRV - [2009/04/21 23:01:55 | 00,147,523 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2009/04/21 23:02:43 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
SRV - [2009/04/21 23:01:57 | 00,045,132 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2009/04/21 23:02:47 | 00,933,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2002/09/09 20:54:06 | 00,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\ASNDIS5.SYS -- (ASNDIS5 [On_Demand | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/01/07 18:07:16 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2004/10/06 03:33:00 | 00,163,328 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Stopped])
DRV - [2004/10/06 03:31:00 | 01,036,928 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Stopped])
DRV - [2005/06/17 17:01:22 | 00,099,584 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs [Disabled | Running])
DRV - [2005/06/17 17:00:58 | 00,029,696 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\DRIVERS\InCDPass.sys -- (InCDPass [System | Running])
DRV - [2005/06/17 10:00:52 | 00,028,160 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm [System | Running])
DRV - [2005/04/15 06:05:00 | 02,564,032 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2001/08/17 13:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\irsir.sys -- (irsir [On_Demand | Running])
DRV - [2005/05/27 09:31:28 | 00,022,016 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvusbsta.sys -- (LVUSBSta [On_Demand | Stopped])
DRV - [2004/03/16 23:04:00 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2007/11/22 06:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2007/11/22 06:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2007/11/22 06:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2007/11/22 06:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2007/12/02 12:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
DRV - [2007/07/13 06:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV - [2007/08/28 05:58:00 | 00,005,760 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\ATKACPI.sys -- (MTsensor [On_Demand | Running])
DRV - [2007/08/15 07:27:18 | 00,009,600 | ---- | M] () -- C:\WINDOWS\System32\Drivers\n558.sys -- (n558 [On_Demand | Stopped])
DRV - [2005/07/26 05:02:00 | 03,211,040 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2004/08/10 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/05/12 18:54:10 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2005/05/27 09:32:52 | 01,317,152 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\LVCM.sys -- (QCMerced [On_Demand | Stopped])
DRV - [2004/07/05 17:14:58 | 00,057,088 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\R592.sys -- (R592 [Boot | Running])
DRV - [2004/09/17 01:42:54 | 00,027,264 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\risdpntk.sys -- (risdpntk [Boot | Running])
DRV - [2009/01/21 07:49:40 | 00,118,656 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Stopped])
DRV - [2009/03/23 14:07:26 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/03/23 14:07:28 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/03/23 14:07:26 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2004/08/10 08:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/12/22 02:23:00 | 00,186,240 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2004/08/03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2004/10/06 03:32:00 | 00,702,592 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Stopped])
DRV - [2005/06/17 20:41:46 | 00,274,432 | ---- | M] (ZyDAS Technology Corporation) -- C:\WINDOWS\system32\DRIVERS\zd1211u.sys -- (ZD1211U(ASUS) [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-527237240-261903793-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-527237240-261903793-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-527237240-261903793-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKU\S-1-5-21-527237240-261903793-725345543-1003\S-1-5-21-527237240-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-527237240-261903793-725345543-1003\S-1-5-21-527237240-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.comcast.net/"
FF - prefs.js..extensions.enabledItems: {5BE976F3-7F58-45B3-93E1-77C25FDC6546}:1.0
FF - prefs.js..extensions.enabledItems: {7B330090-0791-40A1-9601-47147B327D18}:1.0
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.07
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/09 19:15:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/18 23:54:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/18 23:54:11 | 00,000,000 | ---D | M]

[2009/03/09 20:31:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Neil McGilloway\Application Data\mozilla\Extensions
[2009/03/09 20:31:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Neil McGilloway\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/21 18:21:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Neil McGilloway\Application Data\mozilla\Firefox\Profiles\5cfjldav.default\extensions
[2009/03/20 11:02:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Neil McGilloway\Application Data\mozilla\Firefox\Profiles\5cfjldav.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009/04/21 18:21:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/19 02:48:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{5BE976F3-7F58-45B3-93E1-77C25FDC6546}
[2009/04/19 15:27:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{7B330090-0791-40A1-9601-47147B327D18}
[2009/04/08 16:33:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/08 16:33:45 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/08 16:33:45 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/19 15:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/19 15:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/19 15:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/19 15:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/19 15:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/19 15:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/02/19 15:33:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (304465 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 jL.chura.pl
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10509 more lines...
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install (NVIDIA Corporation)
O4 - HKLM..\Run: [Power_Gear] C:\Program Files\GENERIC\Power4 Gear\BatteryLife.exe 1 (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WD Button Manager] WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [Wireless Console] C:\Program Files\Generic\Wireless Console\wcourier.exe ()
O4 - HKU\.DEFAULT..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-527237240-261903793-725345543-1003..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot (Logitech Inc.)
O4 - HKU\S-1-5-21-527237240-261903793-725345543-1003..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe (Ahead Software)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Hotkey.lnk = C:\Program Files\Keyboard\Keyboard Hotkey\Hotkey.exe (ASUS)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-527237240-261903793-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-527237240-261903793-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-527237240-261903793-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-21-527237240-261903793-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-527237240-261903793-725345543-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [Bluetooth Namespace] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-527237240-261903793-725345543-1003\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1236634939000 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/09 17:31:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[45 C:\*.tmp files]
[6 C:\WINDOWS\System32\*.tmp files]
[16 C:\WINDOWS\*.tmp files]
[2009/04/22 14:55:47 | 00,000,220 | R--- | C] () -- C:\Documents and Settings\Neil McGilloway\My Documents\ATT00006.dat
[2009/04/21 20:36:24 | 00,018,323 | ---- | C] () -- C:\WINDOWS\System32\ovfsthxlog.dat
[2009/04/21 20:26:48 | 13,718,160 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Neil McGilloway\Desktop\drweb-cureit.exe
[2009/04/21 20:13:34 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/21 18:27:49 | 00,522,240 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Neil McGilloway\Desktop\OTListIt2.exe
[2009/04/21 18:02:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/04/21 12:41:09 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresja.dll
[2009/04/21 12:41:09 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresko.dll
[2009/04/21 12:41:09 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresfr.dll
[2009/04/21 12:41:08 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresde.dll
[2009/04/21 12:41:08 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehreschs.dll
[2009/04/21 12:40:51 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2009/04/21 12:40:46 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2009/04/21 12:40:42 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2009/04/21 12:40:41 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2009/04/21 12:40:41 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2009/04/21 12:40:40 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2009/04/21 12:40:40 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2009/04/21 12:40:39 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2009/04/21 12:40:38 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2009/04/21 12:40:38 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2009/04/21 12:40:37 | 00,363,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2009/04/21 12:40:37 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2009/04/21 12:40:37 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2009/04/21 12:40:37 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2009/04/21 12:40:37 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2009/04/21 12:40:37 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2009/04/21 12:40:36 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2009/04/21 12:40:36 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2009/04/21 12:40:35 | 00,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2009/04/21 12:40:35 | 00,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2009/04/21 12:40:31 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2009/04/21 12:40:31 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2009/04/21 12:40:30 | 00,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2009/04/21 12:40:28 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2009/04/21 12:40:28 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2009/04/21 12:40:27 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2009/04/21 12:40:26 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2009/04/21 12:40:26 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2009/04/21 12:40:26 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2009/04/21 12:40:26 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2009/04/21 12:40:24 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2009/04/21 12:40:23 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2009/04/21 12:40:22 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2009/04/21 12:40:22 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2009/04/21 12:40:21 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2009/04/21 12:40:20 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2009/04/21 12:40:19 | 00,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2009/04/21 12:40:19 | 00,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2009/04/21 12:40:19 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2009/04/21 12:40:19 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2009/04/21 12:40:19 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2009/04/21 12:40:19 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2009/04/21 12:40:19 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2009/04/21 12:40:18 | 00,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2009/04/21 12:40:18 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2009/04/21 12:40:17 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2009/04/21 12:40:17 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2009/04/21 12:40:17 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2009/04/21 12:40:17 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2009/04/21 12:40:17 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2009/04/21 12:40:17 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2009/04/21 12:40:17 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2009/04/21 12:40:17 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2009/04/21 12:40:17 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2009/04/21 12:40:17 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2009/04/21 12:40:16 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2009/04/21 12:40:16 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2009/04/21 12:40:16 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2009/04/21 12:40:16 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2009/04/21 12:40:16 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2009/04/21 12:40:16 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2009/04/21 12:40:14 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2009/04/21 12:40:10 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2009/04/21 12:40:09 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2009/04/21 12:40:08 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/04/21 12:40:07 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/04/21 12:40:07 | 00,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2009/04/21 12:40:07 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2009/04/21 12:40:05 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2009/04/21 12:40:05 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2009/04/21 12:40:01 | 00,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2009/04/21 12:40:00 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2009/04/21 12:39:59 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2009/04/21 12:39:59 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2009/04/21 12:39:58 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2009/04/21 12:39:58 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2009/04/21 12:39:58 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2009/04/21 12:39:58 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2009/04/21 12:39:58 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2009/04/21 12:39:57 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2009/04/21 12:39:57 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2009/04/21 12:39:57 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2009/04/21 12:39:57 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2009/04/21 12:39:57 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2009/04/21 12:39:56 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2009/04/21 12:39:56 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2009/04/21 12:39:56 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2009/04/21 12:39:56 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2009/04/21 12:39:55 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2009/04/21 12:39:52 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2009/04/21 12:39:51 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2009/04/21 12:39:50 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2009/04/21 12:39:49 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2009/04/21 12:39:46 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2009/04/21 12:39:40 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2009/04/21 12:39:40 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2009/04/21 12:39:29 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2009/04/21 12:39:29 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2009/04/21 12:39:29 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2009/04/21 12:39:29 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2009/04/21 12:39:29 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2009/04/21 12:39:28 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2009/04/21 12:39:26 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2009/04/21 12:39:26 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2009/04/21 12:39:26 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2009/04/21 12:39:26 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2009/04/21 12:39:24 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2009/04/21 12:39:24 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2009/04/21 12:39:23 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/04/21 12:39:23 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2009/04/21 12:39:23 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2009/04/21 12:39:23 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2009/04/21 12:39:22 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2009/04/21 12:39:22 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2009/04/21 12:39:22 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2009/04/21 12:39:22 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2009/04/21 12:39:22 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2009/04/21 12:39:22 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2009/04/21 12:39:22 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2009/04/21 12:39:22 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2009/04/21 12:39:22 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2009/04/21 12:39:22 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2009/04/21 12:39:21 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2009/04/21 12:39:21 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2009/04/21 12:39:21 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2009/04/21 12:39:21 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2009/04/21 12:39:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2009/04/21 12:39:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2009/04/21 12:39:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2009/04/21 12:39:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2009/04/21 12:39:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2009/04/21 12:39:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2009/04/21 12:39:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2009/04/21 12:39:20 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2009/04/21 12:39:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2009/04/21 12:39:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2009/04/21 12:39:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2009/04/21 12:39:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2009/04/21 12:39:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2009/04/21 12:39:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2009/04/21 12:39:20 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2009/04/21 12:39:20 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2009/04/21 12:39:20 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2009/04/21 12:39:19 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2009/04/21 12:39:19 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2009/04/21 12:39:19 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2009/04/21 12:39:19 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2009/04/21 12:39:19 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2009/04/21 12:39:19 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2009/04/21 12:39:18 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2009/04/21 12:39:18 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2009/04/21 12:39:18 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2009/04/21 12:39:16 | 00,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2009/04/21 12:39:16 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2009/04/21 12:39:15 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2009/04/21 12:39:15 | 00,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2009/04/21 12:39:15 | 00,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2009/04/21 12:39:15 | 00,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2009/04/21 12:39:13 | 00,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2009/04/21 12:39:12 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2009/04/21 12:39:12 | 00,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2009/04/21 12:39:12 | 00,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2009/04/21 12:39:12 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2009/04/21 12:39:12 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2009/04/21 12:39:12 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2009/04/21 12:39:11 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009/04/21 12:39:11 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2009/04/21 12:39:11 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2009/04/21 12:39:11 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2009/04/21 12:39:11 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2009/04/21 12:39:11 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2009/04/21 12:39:11 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2009/04/21 12:39:11 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2009/04/21 12:39:10 | 00,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2009/04/21 12:39:10 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2009/04/21 12:39:06 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2009/04/21 12:39:01 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2009/04/21 12:38:58 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2009/04/21 12:38:58 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2009/04/21 12:38:58 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2009/04/21 12:38:58 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2009/04/21 12:38:57 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2009/04/21 12:38:55 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2009/04/21 12:38:55 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2009/04/21 12:38:55 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2009/04/21 12:38:53 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2009/04/21 12:38:53 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2009/04/21 12:38:53 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2009/04/21 12:38:53 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2009/04/21 12:38:53 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2009/04/21 12:38:53 | 00,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2009/04/21 12:38:52 | 00,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2009/04/21 12:38:52 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2009/04/21 12:38:52 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2009/04/21 12:38:52 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2009/04/21 12:38:52 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2009/04/21 12:38:52 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2009/04/21 12:38:52 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2009/04/21 12:38:52 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2009/04/21 12:38:52 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2009/04/21 12:38:52 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2009/04/21 12:38:52 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2009/04/21 12:38:51 | 00,452,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2009/04/21 12:38:51 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2009/04/21 12:38:51 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2009/04/21 12:38:51 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2009/04/21 12:38:51 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2009/04/21 12:38:50 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2009/04/21 12:38:49 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2009/04/21 12:38:49 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2009/04/21 12:38:49 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2009/04/21 12:38:48 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2009/04/21 12:38:47 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/04/21 12:38:47 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2009/04/21 12:38:47 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2009/04/21 12:38:47 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2009/04/21 12:38:38 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2009/04/21 12:38:35 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2009/04/21 12:38:35 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2009/04/21 12:38:34 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2009/04/21 12:38:32 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2009/04/21 12:38:32 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2009/04/21 12:38:31 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2009/04/21 12:38:31 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2009/04/21 12:38:31 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/04/21 12:38:31 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2009/04/21 12:38:31 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2009/04/21 12:38:29 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2009/04/21 12:38:28 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2009/04/21 12:38:28 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/04/21 12:38:28 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2009/04/21 12:38:28 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2009/04/21 12:38:27 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009/04/21 12:38:27 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009/04/21 12:38:27 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2009/04/21 12:38:27 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2009/04/21 12:38:27 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2009/04/21 12:38:27 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009/04/21 12:38:26 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2009/04/21 12:38:26 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2009/04/21 12:38:26 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2009/04/21 12:38:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009/04/21 12:38:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2009/04/21 12:38:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2009/04/21 12:38:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2009/04/21 12:38:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2009/04/21 12:38:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2009/04/21 12:38:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2009/04/21 12:38:24 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2009/04/21 12:38:24 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2009/04/21 12:38:24 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2009/04/21 12:38:24 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2009/04/21 12:38:24 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2009/04/21 12:38:24 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2009/04/21 12:38:24 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2009/04/21 12:38:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2009/04/21 12:38:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2009/04/21 12:38:23 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2009/04/21 12:38:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009/04/21 12:38:22 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2009/04/21 12:38:22 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2009/04/21 12:38:22 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2009/04/21 12:38:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009/04/21 12:38:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009/04/21 12:38:21 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2009/04/21 12:38:21 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2009/04/21 12:38:20 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2009/04/21 12:38:19 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2009/04/21 12:38:18 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2009/04/21 12:38:18 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2009/04/21 12:38:17 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2009/04/21 12:38:17 | 00,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2009/04/21 12:38:17 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2009/04/21 12:38:17 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2009/04/21 12:38:17 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2009/04/21 12:38:16 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2009/04/21 12:38:16 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2009/04/21 12:38:16 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2009/04/21 12:38:16 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2009/04/21 12:38:16 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2009/04/21 12:38:15 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2009/04/21 12:38:14 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2009/04/21 12:38:14 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2009/04/21 12:38:14 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2009/04/21 12:38:11 | 00,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2009/04/21 12:38:11 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2009/04/21 12:38:08 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2009/04/21 12:38:08 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2009/04/21 12:38:07 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2009/04/21 12:38:06 | 00,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2009/04/21 12:38:00 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2009/04/21 12:38:00 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2009/04/21 12:38:00 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2009/04/21 12:37:59 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2009/04/21 12:37:59 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2009/04/21 12:37:59 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2009/04/21 12:37:59 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2009/04/21 12:37:59 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2009/04/21 12:37:58 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2009/04/21 12:37:58 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2009/04/21 12:37:58 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2009/04/21 12:37:58 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2009/04/21 12:37:57 | 00,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2009/04/21 12:37:57 | 00,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2009/04/21 12:37:57 | 00,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2009/04/21 12:37:57 | 00,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2009/04/21 12:37:57 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2009/04/21 12:37:56 | 00,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2009/04/21 12:37:56 | 00,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2009/04/21 12:37:56 | 00,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2009/04/21 12:37:56 | 00,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2009/04/21 12:37:56 | 00,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2009/04/21 12:37:56 | 00,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2009/04/21 12:37:55 | 00,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2009/04/21 12:37:55 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2009/04/21 12:37:55 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2009/04/21 12:37:55 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2009/04/21 12:37:55 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2009/04/21 12:37:54 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2009/04/21 12:37:54 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2009/04/21 12:37:53 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2009/04/21 12:14:20 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/04/21 11:52:12 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irftp.exe
[2009/04/21 11:52:12 | 00,087,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irda.sys
[2009/04/21 11:52:12 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshirda.dll
[2009/04/21 11:52:11 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll
[2009/04/21 11:16:24 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irsir.sys
[2009/04/21 11:04:06 | 00,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rasirda.sys
[2009/04/21 11:02:37 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2009/04/21 11:02:37 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2009/04/21 11:02:37 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2009/04/21 11:02:37 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2009/04/21 11:02:24 | 02,008,817 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2009/04/21 11:02:24 | 01,086,058 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NTPRINT.CAT
[2009/04/21 11:02:24 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/04/21 11:02:24 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/04/21 11:02:24 | 00,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2009/04/21 11:02:24 | 00,130,715 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2009/04/21 11:02:24 | 00,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2009/04/21 11:02:24 | 00,106,147 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2009/04/21 11:02:24 | 00,077,881 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plus.cat
[2009/04/21 11:02:24 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/04/21 11:02:24 | 00,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2009/04/21 11:02:24 | 00,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2009/04/21 11:02:24 | 00,017,916 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sonic.cat
[2009/04/21 11:02:24 | 00,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2009/04/21 11:02:24 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009/04/21 11:02:24 | 00,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2009/04/21 11:02:24 | 00,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2009/04/21 11:02:24 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/04/21 11:02:24 | 00,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2009/04/21 11:02:24 | 00,007,076 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/04/21 11:02:23 | 00,505,647 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2009/04/21 00:50:50 | 21,453,86496 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2009/04/20 21:40:29 | 00,006,921 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/04/20 19:10:36 | 00,000,034 | ---- | C] () -- C:\WINDOWS\System32\tcpd.dll
[2009/04/20 19:10:36 | 00,000,009 | ---- | C] () -- C:\WINDOWS\System32\iphy.dll
[2009/04/20 19:10:36 | 00,000,003 | ---- | C] () -- C:\WINDOWS\System32\fhpatch.dll
[2009/04/20 19:10:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\fiplock.dll
[2009/04/20 19:05:24 | 00,733,683 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2009/04/20 15:30:09 | 00,000,004 | ---- | C] () -- C:\WINDOWS\System32\_id.dat
[2009/04/20 15:23:40 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/04/20 14:58:39 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/04/20 12:32:08 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/04/20 12:20:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Desktop\HostsXpert
[2009/04/20 02:59:57 | 00,360,021 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\dds.scr
[2009/04/20 02:08:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Desktop\gmer
[2009/04/20 01:56:18 | 00,053,248 | ---- | C] (NirSoft) -- C:\WINDOWS\nircmd.exe
[2009/04/20 01:56:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Desktop\nircmd
[2009/04/20 00:36:58 | 00,101,196 | ---- | C] () -- C:\MGlogs.zip
[2009/04/20 00:36:47 | 00,000,000 | ---D | C] -- C:\MGtools
[2009/04/19 21:24:34 | 24,921,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/19 21:24:17 | 09,924,040 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Neil McGilloway\Desktop\windows-kb890830-v2.9.exe
[2009/04/19 20:25:48 | 06,043,680 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\SUPERAntiSpyware(2).exe
[2009/04/19 20:23:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/04/19 17:52:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Application Data\Malwarebytes
[2009/04/19 17:52:44 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/19 17:52:42 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/19 17:52:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/19 17:52:40 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/19 17:50:42 | 01,340,797 | ---- | C] () -- C:\MGtools.exe
[2009/04/19 17:31:13 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/04/19 15:26:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/04/19 15:21:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/04/19 15:20:44 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/04/19 15:20:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Application Data\SUPERAntiSpyware.com
[2009/04/19 14:48:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/04/19 14:47:03 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/04/19 14:09:47 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/19 06:31:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Application Data\McAfee
[2009/04/19 06:31:07 | 00,000,138 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\fusioncache.dat
[2009/04/19 06:03:50 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/04/19 06:01:05 | 04,608,744 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Neil McGilloway\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2009/04/19 05:52:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/19 04:35:59 | 00,000,095 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/19 03:05:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mqcd.dbt
[2009/04/19 03:04:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3361
[2009/04/19 03:04:40 | 00,108,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX
[2009/04/19 03:04:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\dhcp
[2009/04/19 03:04:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Application Data\pidle
[2009/04/18 23:56:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Application Data\Apple Computer
[2009/04/18 23:55:30 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/04/18 23:55:26 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/04/18 23:55:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/18 23:55:08 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/04/18 23:53:24 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/04/18 23:53:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/04/18 23:53:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\Apple
[2009/04/18 23:53:04 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/04/18 23:52:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/04/18 23:52:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/04/18 23:51:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\Apple Computer
[2009/04/17 11:29:58 | 10,139,5426 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Lannie_Barbie_High_Heels_Stockings.rar
[2009/04/17 11:22:15 | 20,321,6800 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\PrftMch_1_AN.avi
[2009/04/16 23:58:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DirectX
[2009/04/16 23:41:02 | 19,306,8664 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\SELU_ERNER-PM.avi
[2009/04/16 10:55:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\Logitech-LS
[2009/04/15 19:14:00 | 00,004,566 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\black dress.dat
[2009/04/15 18:43:34 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/14 23:22:27 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mstee.sys
[2009/04/14 23:22:12 | 00,019,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wstcodec.sys
[2009/04/14 23:22:08 | 00,085,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nabtsfec.sys
[2009/04/14 23:22:04 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ccdecode.sys
[2009/04/14 23:21:50 | 00,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys
[2009/04/14 23:21:32 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2009/04/14 23:21:32 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2009/04/14 23:21:31 | 00,090,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2009/04/14 23:21:31 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2009/04/14 23:17:07 | 00,078,190 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2009/04/14 23:17:00 | 00,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/04/14 23:16:59 | 01,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2009/04/14 23:16:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2009/04/14 23:16:41 | 00,029,795 | ---- | C] (Ingenient Technologies, Inc.) -- C:\WINDOWS\System32\ITIG726.acm
[2009/04/14 23:16:38 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71DEU.DLL
[2009/04/14 23:16:38 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71ITA.DLL
[2009/04/14 23:16:38 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71ESP.DLL
[2009/04/14 23:16:38 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71ENU.DLL
[2009/04/14 23:16:38 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71KOR.DLL
[2009/04/14 23:16:38 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71JPN.DLL
[2009/04/14 23:16:38 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71CHT.DLL
[2009/04/14 23:16:38 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71CHS.DLL
[2009/04/14 23:09:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/04/14 22:58:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\Downloaded Installations
[2009/04/14 22:41:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/04/14 22:39:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logishrd
[2009/04/14 22:39:41 | 00,000,000 | ---D | C] -- C:\Program Files\Logitech
[2009/04/14 22:39:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2009/04/13 17:28:48 | 19,226,8288 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\IsSo_NN2.avi
[2009/04/13 16:03:15 | 75,457,986 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\ICLdFeZa_4.zip
[2009/04/13 16:02:42 | 99,346,432 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\SimDia_TDL_ChaKRa.avi
[2009/04/13 15:50:07 | 99,920,814 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\MADESA-LERAD.avi
[2009/04/11 16:38:23 | 94,371,840 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Black_dick_in_milf.part1.rar
[2009/04/10 15:24:14 | 16,990,5184 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\tai024.part2.rar
[2009/04/10 15:07:05 | 17,091,7888 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\tai024.part1.rar
[2009/04/09 16:16:30 | 54,545,207 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\94-Teresa_Orlowski_-_Taken_By_Force_In_Toilet.rar
[2009/04/09 02:17:15 | 93,176,575 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Hot_Latina_Gives_Anal_a_Try.rar
[2009/04/09 01:45:55 | 88,744,206 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Black_Latex_Nurses_anal_bleep_orgy.WMV
[2009/04/09 01:22:25 | 14,808,3024 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Michelle-_Reds_like_it_in_the_Ass_pic.avi
[2009/04/09 01:07:53 | 85,926,068 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\CaHo_LaLi_AN.avi
[2009/04/08 21:48:15 | 16,233,1872 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\madura_anb13_1.wmv
[2009/04/08 21:10:12 | 15,212,5949 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Fusxion_Fantasies_1_Scene_3_b.wmv
[2009/04/08 20:19:21 | 10,458,5138 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\teen_glasses_s_a.rar
[2009/04/08 19:50:31 | 10,000,0000 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Dolly_Golden.part1.rar
[2009/04/08 19:16:30 | 93,956,746 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Dolly_Golden.part2.rar
[2009/04/08 18:57:40 | 76,656,640 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Blackhaired_grrrl..Kosovali.avi
[2009/04/08 18:49:06 | 13,012,1375 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\black_haired_chick_assbleeped.rar
[2009/04/08 18:26:59 | 69,494,090 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\NroFmlre_4_TS_DP.avi
[2009/04/08 18:19:33 | 10,212,5252 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Nice_Car.rar
[2009/04/08 18:02:49 | 16,375,5468 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\MarieDelvauxGravurix.avi
[2009/04/08 18:02:34 | 10,186,7590 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Coralie.rar
[2009/04/08 17:56:32 | 20,261,3858 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\mc414.rar
[2009/04/05 16:40:50 | 00,000,000 | ---D | C] -- C:\AeriaGames
[2009/04/03 21:17:38 | 00,005,174 | ---- | C] () -- C:\WINDOWS\System32\nppt9x.vxd
[2009/04/03 21:17:38 | 00,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npptNT2.sys
[2009/04/03 21:17:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2009/04/03 21:11:17 | 00,000,000 | ---D | C] -- C:\Nexon
[2009/04/03 20:32:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\PMB Files
[2009/04/03 20:32:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/04/03 20:32:26 | 00,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2009/03/30 14:46:49 | 11,270,5664 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\mc407.rar
[2009/03/30 14:39:29 | 18,894,5459 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\mc406.rar
[2009/03/27 13:30:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Desktop\christine-new-movie
[2009/03/25 13:58:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Application Data\Media Player Classic
[2009/03/24 18:38:29 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/03/24 18:38:24 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2009/03/24 18:38:24 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2009/03/24 18:38:23 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2009/03/24 18:38:23 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2009/03/24 18:38:22 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/03/24 18:38:22 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/03/24 18:38:21 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/03/24 18:38:21 | 00,684,032 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll
[2009/03/24 18:38:21 | 00,086,016 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2009/03/24 18:38:19 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/03/24 18:38:19 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/03/24 18:38:17 | 00,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll
[2009/03/24 18:38:16 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2009/03/24 18:20:09 | 17,286,5985 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Edited Sluts With Nuts 04.wmv
[2009/03/24 17:51:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Desktop\miscellany
[2009/03/24 17:23:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Neil McGilloway\Application Data\WinRAR
[2009/03/24 17:18:21 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/03/10 13:29:44 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/09 19:09:14 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/09 19:09:12 | 00,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009/03/09 19:09:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2009/03/09 18:09:34 | 00,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/03/09 18:07:14 | 00,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/15 07:27:18 | 00,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys
[2004/08/10 08:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/10 08:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/10 08:00:00 | 00,000,802 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/10 00:11:42 | 00,185,856 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

========== Files - Modified Within 30 Days ==========

[45 C:\*.tmp files]
[6 C:\WINDOWS\System32\*.tmp files]
[16 C:\WINDOWS\*.tmp files]
[2009/04/22 15:55:29 | 00,024,455 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/04/22 15:52:30 | 00,030,098 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/04/22 15:52:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/22 15:52:11 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/22 15:49:14 | 00,065,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\alg.exe
[2009/04/22 15:49:08 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllhost.exe
[2009/04/22 15:49:01 | 00,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spoolsv.exe
[2009/04/22 15:41:35 | 04,307,868 | -H-- | M] () -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\IconCache.db
[2009/04/22 14:42:58 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xcopy.exe
[2009/04/22 14:42:55 | 00,135,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wscript.exe
[2009/04/22 14:42:53 | 00,034,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wscntfy.exe
[2009/04/22 14:42:51 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wpnpinst.exe
[2009/04/22 14:42:48 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wpabaln.exe
[2009/04/22 14:42:42 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winver.exe
[2009/04/22 14:42:39 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmsd.exe
[2009/04/22 14:42:36 | 00,522,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winlogon.exe
[2009/04/22 14:42:32 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winhstb.exe
[2009/04/22 14:42:29 | 00,304,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winhlp32.exe
[2009/04/22 14:42:26 | 00,086,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wextract.exe
[2009/04/22 14:42:23 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32tm.exe
[2009/04/22 14:42:20 | 00,054,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vssadmin.exe
[2009/04/22 14:42:18 | 00,118,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\verifier.exe
[2009/04/22 14:42:16 | 00,045,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\userinit.exe
[2009/04/22 14:42:12 | 00,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\typeperf.exe
[2009/04/22 14:42:09 | 00,046,080 | ---- | M] (Twain Working Group) -- C:\WINDOWS\System32\dllcache\twunk_32.exe
[2009/04/22 14:42:06 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tracert6.exe
[2009/04/22 14:42:04 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tracert.exe
[2009/04/22 14:42:02 | 00,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tracerpt.exe
[2009/04/22 14:41:59 | 00,098,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tlntsess.exe
[2009/04/22 14:41:57 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tlntadmn.exe
[2009/04/22 14:41:54 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tftp.exe
[2009/04/22 14:41:52 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\telnet.exe
[2009/04/22 14:41:50 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpsvcs.exe
[2009/04/22 14:41:47 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcmsetup.exe
[2009/04/22 14:41:45 | 00,156,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskmgr.exe
[2009/04/22 14:41:43 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskman.exe
[2009/04/22 14:41:41 | 00,092,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tasklist.exe
[2009/04/22 14:41:39 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskkill.exe
[2009/04/22 14:41:36 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\systray.exe
[2009/04/22 14:41:34 | 00,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysocmgr.exe
[2009/04/22 14:41:31 | 00,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\syskey.exe
[2009/04/22 14:41:29 | 00,088,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysinfo.exe
[2009/04/22 14:41:27 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\syncapp.exe
[2009/04/22 14:41:24 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svchost.exe
[2009/04/22 14:41:22 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\subst.exe
[2009/04/22 14:41:21 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stimon.exe
[2009/04/22 14:41:18 | 00,700,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sstext3d.scr
[2009/04/22 14:41:15 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssstars.scr
[2009/04/22 14:41:13 | 00,630,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspipes.scr
[2009/04/22 14:41:11 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssmyst.scr
[2009/04/22 14:41:09 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssmypics.scr
[2009/04/22 14:41:07 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssmarque.scr
[2009/04/22 14:41:05 | 00,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssflwbox.scr
[2009/04/22 14:41:03 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssbezier.scr
[2009/04/22 14:41:00 | 00,724,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ss3dfo.scr
[2009/04/22 14:40:53 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spnpinst.exe
[2009/04/22 14:40:51 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spiisupd.exe
[2009/04/22 14:40:49 | 00,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sort.exe
[2009/04/22 14:40:45 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbinst.exe
[2009/04/22 14:40:43 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\skeys.exe
[2009/04/22 14:40:41 | 00,090,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sigverif.exe
[2009/04/22 14:40:39 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shutdown.exe
[2009/04/22 14:40:37 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shrpubw.exe
[2009/04/22 14:40:34 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sfc.exe
[2009/04/22 14:40:29 | 00,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup.exe
[2009/04/22 14:40:27 | 00,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sethc.exe
[2009/04/22 14:40:25 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/22 14:40:22 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\secedit.exe
[2009/04/22 14:40:20 | 00,097,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sdbinst.exe
[2009/04/22 14:40:18 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sctasks.exe
[2009/04/22 14:40:16 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrnsave.scr
[2009/04/22 14:40:14 | 00,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/04/22 14:40:12 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\savedump.exe
[2009/04/22 14:40:09 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\runas.exe
[2009/04/22 14:40:07 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rsopprov.exe
[2009/04/22 14:40:05 | 00,069,632 | ---- | M] (Microsoft Corp) -- C:\WINDOWS\System32\dllcache\rsm.exe
[2009/04/22 14:40:03 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rsh.exe
[2009/04/22 14:40:00 | 00,046,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\routemon.exe
[2009/04/22 14:39:58 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\route.exe
[2009/04/22 14:39:55 | 00,034,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rexec.exe
[2009/04/22 14:39:53 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\replace.exe
[2009/04/22 14:39:51 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\relog.exe
[2009/04/22 14:39:49 | 00,025,088 | ---- | M] (Microsoft) -- C:\WINDOWS\System32\dllcache\regwiz.exe
[2009/04/22 14:39:47 | 00,024,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regedt32.exe
[2009/04/22 14:39:45 | 00,166,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regedit.exe
[2009/04/22 14:39:43 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reg.exe
[2009/04/22 14:39:41 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\recover.exe
[2009/04/22 14:39:39 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rcp.exe
[2009/04/22 14:39:36 | 00,077,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasphone.exe
[2009/04/22 14:39:34 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasdial.exe
[2009/04/22 14:39:32 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasautou.exe
[2009/04/22 14:39:29 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proxycfg.exe
[2009/04/22 14:39:26 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe
[2009/04/22 14:39:24 | 00,130,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\progman.exe
[2009/04/22 14:39:21 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\print.exe
[2009/04/22 14:39:19 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powercfg.exe
[2009/04/22 14:39:15 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ping6.exe
[2009/04/22 14:39:13 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ping.exe
[2009/04/22 14:39:11 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perfmon.exe
[2009/04/22 14:39:09 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pentnt.exe
[2009/04/22 14:39:07 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pathping.exe
[2009/04/22 14:39:04 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\packager.exe
[2009/04/22 14:39:02 | 00,060,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\osuninst.exe
[2009/04/22 14:39:00 | 00,088,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\opnfiles.exe
[2009/04/22 14:38:54 | 00,146,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nwscript.exe
[2009/04/22 14:38:51 | 00,440,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntvdm.exe
[2009/04/22 14:38:48 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntsd.exe
[2009/04/22 14:38:45 | 00,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nslookup.exe
[2009/04/22 14:38:43 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nppagent.exe
[2009/04/22 14:38:40 | 00,089,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notepad.exe
[2009/04/22 14:38:35 | 00,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netstat.exe
[2009/04/22 14:38:33 | 00,106,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netsh.exe
[2009/04/22 14:38:31 | 00,352,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netsetup.exe
[2009/04/22 14:38:28 | 00,145,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\net1.exe
[2009/04/22 14:38:25 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\net.exe
[2009/04/22 14:38:23 | 00,024,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nddeapir.exe
[2009/04/22 14:38:21 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nbtstat.exe
[2009/04/22 14:38:19 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\muisetup.exe
[2009/04/22 14:38:15 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msswchx.exe
[2009/04/22 14:38:10 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiregmv.exe
[2009/04/22 14:38:01 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrinfo.exe
[2009/04/22 14:37:59 | 00,137,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqtgsvc.exe
[2009/04/22 14:37:57 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqsvc.exe
[2009/04/22 14:37:54 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqbkup.exe
[2009/04/22 14:37:52 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpnotify.exe
[2009/04/22 14:37:50 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mountvol.exe
[2009/04/22 14:37:47 | 00,256,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migwiz_a.exe
[2009/04/22 14:37:44 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migload.exe
[2009/04/22 14:37:42 | 00,054,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migisol.exe
[2009/04/22 14:37:38 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\makecab.exe
[2009/04/22 14:37:36 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsass.exe
[2009/04/22 14:37:34 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpr.exe
[2009/04/22 14:37:33 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpq.exe
[2009/04/22 14:37:31 | 00,535,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logonui.exe
[2009/04/22 14:37:28 | 00,241,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logon.scr
[2009/04/22 14:37:26 | 00,079,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logman.exe
[2009/04/22 14:37:24 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lnkstub.exe
[2009/04/22 14:37:21 | 00,050,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lights.exe
[2009/04/22 14:37:19 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\label.exe
[2009/04/22 14:37:13 | 00,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipxroute.exe
[2009/04/22 14:37:11 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipv6.exe
[2009/04/22 14:37:09 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsec6.exe
[2009/04/22 14:37:07 | 00,076,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipconfig.exe
[2009/04/22 14:37:01 | 00,135,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexpress.exe
[2009/04/22 14:36:59 | 00,054,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2009/04/22 14:36:50 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostname.exe
[2009/04/22 14:36:47 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hh.exe
[2009/04/22 14:36:45 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\help.exe
[2009/04/22 14:36:42 | 00,077,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gpupdate.exe
[2009/04/22 14:36:40 | 00,140,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gprslt.exe
[2009/04/22 14:36:37 | 00,075,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getmac.exe
[2009/04/22 14:36:34 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftp.exe
[2009/04/22 14:36:32 | 00,076,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fsutil.exe
[2009/04/22 14:36:27 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\forcedos.exe
[2009/04/22 14:36:26 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontview.exe
[2009/04/22 14:36:23 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\finger.exe
[2009/04/22 14:36:22 | 00,047,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\findstr.exe
[2009/04/22 14:36:20 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\find.exe
[2009/04/22 14:36:18 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fc.exe
[2009/04/22 14:36:16 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extrac32.exe
[2009/04/22 14:36:13 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\expand.exe
[2009/04/22 14:36:12 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evtrig.exe
[2009/04/22 14:36:10 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\eventvwr.exe
[2009/04/22 14:36:08 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evcreate.exe
[2009/04/22 14:36:06 | 00,213,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\eudcedit.exe
[2009/04/22 14:36:04 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\esentutl.exe
[2009/04/22 14:35:59 | 01,318,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxdiag.exe
[2009/04/22 14:35:57 | 00,200,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dwwin.exe
[2009/04/22 14:35:55 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dumprep.exe
[2009/04/22 14:35:52 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drwtsn32.exe
[2009/04/22 14:35:51 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drvqry.exe
[2009/04/22 14:35:49 | 00,103,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvsetup.exe
[2009/04/22 14:35:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnsvr.exe
[2009/04/22 14:35:44 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplaysvr.exe
[2009/04/22 14:35:42 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\doskey.exe
[2009/04/22 14:35:40 | 00,036,352 | ---- | M] (Microsoft Corp.) -- C:\WINDOWS\System32\dllcache\dmremote.exe
[2009/04/22 14:35:38 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dllhst3g.exe
[2009/04/22 14:35:36 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\diskperf.exe
[2009/04/22 14:35:34 | 00,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\diskpart.exe
[2009/04/22 14:35:32 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\diantz.exe
[2009/04/22 14:35:29 | 00,125,440 | ---- | M] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\dllcache\dfrgntfs.exe
[2009/04/22 14:35:27 | 00,102,912 | ---- | M] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\dllcache\dfrgfat.exe
[2009/04/22 14:35:25 | 00,045,568 | ---- | M] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\dllcache\defrag.exe
[2009/04/22 14:35:22 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddeshare.exe
[2009/04/22 14:35:15 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ctfmon.exe
[2009/04/22 14:35:13 | 00,118,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cscript.exe
[2009/04/22 14:35:10 | 00,034,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convert.exe
[2009/04/22 14:35:09 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\conime.exe
[2009/04/22 14:35:06 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compact.exe
[2009/04/22 14:35:05 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comp.exe
[2009/04/22 14:35:02 | 00,083,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmstp.exe
[2009/04/22 14:35:00 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmmon32.exe
[2009/04/22 14:34:59 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmdl32.exe
[2009/04/22 14:34:57 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ckcnv.exe
[2009/04/22 14:34:55 | 00,076,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cipher.exe
[2009/04/22 14:34:52 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cidaemon.exe
[2009/04/22 14:34:50 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkntfs.exe
[2009/04/22 14:34:48 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkdsk.exe
[2009/04/22 14:34:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cacls.exe
[2009/04/22 14:34:42 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bootvrfy.exe
[2009/04/22 14:34:40 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bootok.exe
[2009/04/22 14:34:39 | 00,157,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bootcfg.exe
[2009/04/22 14:34:36 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\auditusr.exe
[2009/04/22 14:34:33 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\attrib.exe
[2009/04/22 14:34:31 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atmadm.exe
[2009/04/22 14:34:29 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\at.exe
[2009/04/22 14:34:28 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asr_pfu.exe
[2009/04/22 14:34:26 | 00,052,736 | ---- | M] (Microsoft Corp.) -- C:\WINDOWS\System32\dllcache\asr_ldm.exe
[2009/04/22 14:34:25 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asr_fmt.exe
[2009/04/22 14:34:22 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\arp.exe
[2009/04/22 14:34:20 | 00,065,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\alg.exe
[2009/04/22 14:34:18 | 00,118,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ahui.exe
[2009/04/22 14:34:14 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\actmovie.exe
[2009/04/22 14:34:00 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xcopy.exe
[2009/04/22 14:33:57 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wupdmgr.exe
[2009/04/22 14:33:54 | 00,186,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2009/04/22 14:33:52 | 00,131,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt.exe
[2009/04/22 14:33:49 | 00,135,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscript.exe
[2009/04/22 14:33:47 | 00,034,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
[2009/04/22 14:33:45 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2009/04/22 14:33:43 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wpnpinst.exe
[2009/04/22 14:33:40 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wpabaln.exe
[2009/04/22 14:33:33 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winver.exe
[2009/04/22 14:33:30 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winmsd.exe
[2009/04/22 14:33:29 | 00,140,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2009/04/22 14:33:26 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winhlp32.exe
[2009/04/22 14:33:23 | 00,454,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wiaacmgr.exe
[2009/04/22 14:33:20 | 00,086,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wextract.exe
[2009/04/22 14:33:16 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\w32tm.exe
[2009/04/22 14:33:14 | 00,310,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vssvc.exe
[2009/04/22 14:33:12 | 00,054,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vssadmin.exe
[2009/04/22 14:33:10 | 00,118,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\verifier.exe
[2009/04/22 14:33:07 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\utilman.exe
[2009/04/22 14:33:04 | 00,090,180 | ---- | M] ( U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrshuta.exe
[2009/04/22 14:33:02 | 00,081,988 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrprbda.exe
[2009/04/22 14:33:01 | 00,098,371 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrmlnka.exe
[2009/04/22 14:32:59 | 00,045,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit.exe
[2009/04/22 14:32:57 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ups.exe
[2009/04/22 14:32:55 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\upnpcont.exe
[2009/04/22 14:32:53 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\unlodctr.exe
[2009/04/22 14:32:50 | 00,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\typeperf.exe
[2009/04/22 14:32:48 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2009/04/22 14:32:46 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2009/04/22 14:32:44 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2009/04/22 14:32:43 | 00,065,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2009/04/22 14:32:41 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2009/04/22 14:32:39 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tracert6.exe
[2009/04/22 14:32:37 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tracert.exe
[2009/04/22 14:32:35 | 00,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tracerpt.exe
[2009/04/22 14:32:33 | 00,367,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tourstart.exe
[2009/04/22 14:32:31 | 00,093,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tlntsvr.exe
[2009/04/22 14:32:29 | 00,098,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tlntsess.exe
[2009/04/22 14:32:28 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tlntadmn.exe
[2009/04/22 14:32:25 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tftp.exe
[2009/04/22 14:32:23 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\telnet.exe
[2009/04/22 14:32:22 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe
[2009/04/22 14:32:20 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcmsetup.exe
[2009/04/22 14:32:18 | 00,156,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskmgr.exe
[2009/04/22 14:32:17 | 00,092,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tasklist.exe
[2009/04/22 14:32:15 | 00,092,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskkill.exe
[2009/04/22 14:32:12 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\systray.exe
[2009/04/22 14:32:11 | 00,088,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\systeminfo.exe
[2009/04/22 14:32:08 | 00,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sysocmgr.exe
[2009/04/22 14:32:06 | 00,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\syskey.exe
[2009/04/22 14:32:04 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\syncapp.exe
[2009/04/22 14:31:59 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\subst.exe
[2009/04/22 14:31:57 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\stimon.exe
[2009/04/22 14:31:55 | 00,700,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sstext3d.scr
[2009/04/22 14:31:52 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ssstars.scr
[2009/04/22 14:31:50 | 00,630,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sspipes.scr
[2009/04/22 14:31:48 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ssmyst.scr
[2009/04/22 14:31:46 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ssmypics.scr
[2009/04/22 14:31:44 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ssmarque.scr
[2009/04/22 14:31:42 | 00,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ssflwbox.scr
[2009/04/22 14:31:40 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ssbezier.scr
[2009/04/22 14:31:38 | 00,724,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ss3dfo.scr
[2009/04/22 14:31:33 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spnpinst.exe
[2009/04/22 14:31:31 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spiisupd.exe
[2009/04/22 14:31:29 | 00,559,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2009/04/22 14:31:26 | 00,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sort.exe
[2009/04/22 14:31:24 | 00,077,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2009/04/22 14:31:22 | 00,159,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2009/04/22 14:31:20 | 00,152,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2009/04/22 14:31:18 | 00,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\smlogsvc.exe
[2009/04/22 14:31:16 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\smbinst.exe
[2009/04/22 14:31:12 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\skeys.exe
[2009/04/22 14:31:11 | 00,090,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sigverif.exe
[2009/04/22 14:31:08 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shutdown.exe
[2009/04/22 14:31:06 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shrpubw.exe
[2009/04/22 14:31:04 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shmgrate.exe
[2009/04/22 14:31:01 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2009/04/22 14:30:59 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sfc.exe
[2009/04/22 14:30:54 | 00,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\setup.exe
[2009/04/22 14:30:53 | 00,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sethc.exe
[2009/04/22 14:30:51 | 00,161,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sessmgr.exe
[2009/04/22 14:30:49 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\secedit.exe
[2009/04/22 14:30:47 | 00,097,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sdbinst.exe
[2009/04/22 14:30:45 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\scrnsave.scr
[2009/04/22 14:30:43 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\schtasks.exe
[2009/04/22 14:30:40 | 00,116,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\scardsvr.exe
[2009/04/22 14:30:38 | 00,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sc.exe
[2009/04/22 14:30:36 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\savedump.exe
[2009/04/22 14:30:34 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2009/04/22 14:30:32 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\runonce.exe
[2009/04/22 14:30:30 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\runas.exe
[2009/04/22 14:30:28 | 00,097,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rtcshare.exe
[2009/04/22 14:30:25 | 00,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rsvp.exe
[2009/04/22 14:30:23 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rsopprov.exe
[2009/04/22 14:30:21 | 00,128,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rsnotify.exe
[2009/04/22 14:30:19 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rsmui.exe
[2009/04/22 14:30:17 | 00,045,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rsmsink.exe
[2009/04/22 14:30:15 | 00,069,632 | ---- | M] (Microsoft Corp) -- C:\WINDOWS\System32\rsm.exe
[2009/04/22 14:30:13 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rsh.exe
[2009/04/22 14:30:11 | 00,046,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\routemon.exe
[2009/04/22 14:30:09 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\route.exe
[2009/04/22 14:30:07 | 00,034,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rexec.exe
[2009/04/22 14:30:05 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2009/04/22 14:30:03 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\replace.exe
[2009/04/22 14:30:01 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\relog.exe
[2009/04/22 14:30:00 | 00,025,088 | ---- | M] (Microsoft) -- C:\WINDOWS\System32\regwiz.exe
[2009/04/22 14:29:58 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\regsvr32.exe
[2009/04/22 14:29:56 | 00,054,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2009/04/22 14:29:54 | 00,024,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\regedt32.exe
[2009/04/22 14:29:53 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\reg.exe
[2009/04/22 14:29:51 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\recover.exe
[2009/04/22 14:29:49 | 00,087,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2009/04/22 14:29:48 | 00,034,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2009/04/22 14:29:46 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2009/04/22 14:29:44 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rcp.exe
[2009/04/22 14:29:43 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rcimlby.exe
[2009/04/22 14:29:41 | 00,077,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rasphone.exe
[2009/04/22 14:29:38 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rasdial.exe
[2009/04/22 14:29:36 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rasautou.exe
[2009/04/22 14:29:35 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2009/04/22 14:29:32 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2009/04/22 14:29:30 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2009/04/22 14:29:28 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\proxycfg.exe
[2009/04/22 14:29:26 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2009/04/22 14:29:24 | 00,130,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\progman.exe
[2009/04/22 14:29:22 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\print.exe
[2009/04/22 14:29:20 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\powercfg.exe
[2009/04/22 14:29:17 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ping6.exe
[2009/04/22 14:29:16 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ping.exe
[2009/04/22 14:29:14 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\perfmon.exe
[2009/04/22 14:29:12 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pentnt.exe
[2009/04/22 14:29:11 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pathping.exe
[2009/04/22 14:29:09 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\packager.exe
[2009/04/22 14:29:06 | 00,060,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\osuninst.exe
[2009/04/22 14:29:04 | 00,236,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\osk.exe
[2009/04/22 14:29:02 | 00,088,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\openfiles.exe
[2009/04/22 14:28:59 | 00,090,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\odbcconf.exe
[2009/04/22 14:28:56 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\odbcad32.exe
[2009/04/22 14:28:54 | 00,146,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nwscript.exe
[2009/04/22 14:28:45 | 00,440,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntvdm.exe
[2009/04/22 14:28:39 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntsd.exe
[2009/04/22 14:28:34 | 01,220,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntbackup.exe
[2009/04/22 14:28:32 | 00,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nslookup.exe
[2009/04/22 14:28:30 | 00,089,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\notepad.exe
[2009/04/22 14:28:27 | 00,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netstat.exe
[2009/04/22 14:28:26 | 00,106,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netsh.exe
[2009/04/22 14:28:24 | 00,352,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netsetup.exe
[2009/04/22 14:28:21 | 00,131,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netdde.exe
[2009/04/22 14:28:19 | 00,145,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\net1.exe
[2009/04/22 14:28:17 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\net.exe
[2009/04/22 14:28:15 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nddeapir.exe
[2009/04/22 14:28:13 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nbtstat.exe
[2009/04/22 14:28:10 | 00,074,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\narrator.exe
[2009/04/22 14:28:03 | 00,428,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstsc.exe
[2009/04/22 14:28:00 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2009/04/22 14:27:58 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msswchx.exe
[2009/04/22 14:27:54 | 00,363,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2009/04/22 14:27:51 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msiregmv.exe
[2009/04/22 14:27:49 | 00,097,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msiexec.exe
[2009/04/22 14:27:46 | 00,049,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshta.exe
[2009/04/22 14:27:45 | 00,147,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2009/04/22 14:27:42 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2009/04/22 14:27:39 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtc.exe
[2009/04/22 14:27:35 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mrinfo.exe
[2009/04/22 14:27:33 | 00,137,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqtgsvc.exe
[2009/04/22 14:27:31 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqsvc.exe
[2009/04/22 14:27:28 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqbkup.exe
[2009/04/22 14:27:26 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mpnotify.exe
[2009/04/22 14:27:25 | 00,143,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2009/04/22 14:27:22 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mountvol.exe
[2009/04/22 14:27:20 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mobsync.exe
[2009/04/22 14:27:18 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmsrvc.exe
[2009/04/22 14:27:16 | 00,835,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mmc.exe
[2009/04/22 14:27:10 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\makecab.exe
[2009/04/22 14:27:08 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\magnify.exe
[2009/04/22 14:27:05 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lpr.exe
[2009/04/22 14:27:03 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lpq.exe
[2009/04/22 14:27:01 | 00,535,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logonui.exe
[2009/04/22 14:26:59 | 00,241,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logon.scr
[2009/04/22 14:26:57 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2009/04/22 14:26:55 | 00,079,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logman.exe
[2009/04/22 14:26:54 | 00,114,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logagent.exe
[2009/04/22 14:26:52 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lodctr.exe
[2009/04/22 14:26:50 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\locator.exe
[2009/04/22 14:26:49 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lnkstub.exe
[2009/04/22 14:26:46 | 00,050,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lights.exe
[2009/04/22 14:26:44 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\label.exe
[2009/04/22 14:26:38 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irftp.exe
[2009/04/22 14:26:35 | 00,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipxroute.exe
[2009/04/22 14:26:33 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipv6.exe
[2009/04/22 14:26:31 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsec6.exe
[2009/04/22 14:26:29 | 00,076,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipconfig.exe
[2009/04/22 14:26:13 | 00,170,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi.exe
[2009/04/22 14:26:11 | 00,135,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iexpress.exe
[2009/04/22 14:26:07 | 00,054,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2009/04/22 14:26:03 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\hostname.exe
[2009/04/22 14:26:00 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\help.exe
[2009/04/22 14:25:57 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\grpconv.exe
[2009/04/22 14:25:56 | 00,077,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\gpupdate.exe
[2009/04/22 14:25:54 | 00,140,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\gpresult.exe
[2009/04/22 14:25:51 | 00,075,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\getmac.exe
[2009/04/22 14:25:49 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ftp.exe
[2009/04/22 14:25:48 | 00,076,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fsutil.exe
[2009/04/22 14:25:45 | 00,213,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fsquirt.exe
[2009/04/22 14:25:43 | 00,075,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2009/04/22 14:25:42 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\forcedos.exe
[2009/04/22 14:25:41 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fontview.exe
[2009/04/22 14:25:39 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fltmc.exe
[2009/04/22 14:25:38 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fixmapi.exe
[2009/04/22 14:25:36 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\finger.exe
[2009/04/22 14:25:35 | 00,047,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\findstr.exe
[2009/04/22 14:25:33 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\find.exe
[2009/04/22 14:25:31 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fc.exe
[2009/04/22 14:25:30 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\extrac32.exe
[2009/04/22 14:25:28 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\expand.exe
[2009/04/22 14:25:26 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\eventvwr.exe
[2009/04/22 14:25:24 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\eventtriggers.exe
[2009/04/22 14:25:22 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\eventcreate.exe
[2009/04/22 14:25:21 | 00,213,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\eudcedit.exe
[2009/04/22 14:25:19 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\esentutl.exe
[2009/04/22 14:25:15 | 01,318,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdiag.exe
[2009/04/22 14:25:12 | 00,200,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dwwin.exe
[2009/04/22 14:25:10 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dvdupgrd.exe
[2009/04/22 14:25:09 | 00,075,776 | ---- | M] () -- C:\WINDOWS\System32\dvdplay.exe
[2009/04/22 14:25:07 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dumprep.exe
[2009/04/22 14:25:05 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drwtsn32.exe
[2009/04/22 14:25:02 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\driverquery.exe
[2009/04/22 14:25:01 | 00,103,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dpvsetup.exe
[2009/04/22 14:24:59 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnsvr.exe
[2009/04/22 14:24:56 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dplaysvr.exe
[2009/04/22 14:24:54 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\doskey.exe
[2009/04/22 14:24:51 | 00,036,352 | ---- | M] (Microsoft Corp.) -- C:\WINDOWS\System32\dmremote.exe
[2009/04/22 14:24:48 | 00,245,248 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\dmadmin.exe
[2009/04/22 14:24:46 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllhst3g.exe
[2009/04/22 14:24:42 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\diskperf.exe
[2009/04/22 14:24:37 | 00,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\diskpart.exe
[2009/04/22 14:24:33 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\diantz.exe
[2009/04/22 14:24:27 | 00,125,440 | ---- | M] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\dfrgntfs.exe
[2009/04/22 14:24:24 | 00,102,912 | ---- | M] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\dfrgfat.exe
[2009/04/22 14:24:20 | 00,045,568 | ---- | M] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\defrag.exe
[2009/04/22 14:24:18 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ddeshare.exe
[2009/04/22 14:24:12 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2009/04/22 14:23:59 | 00,118,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cscript.exe
[2009/04/22 14:23:56 | 00,034,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\convert.exe
[2009/04/22 14:23:54 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\control.exe
[2009/04/22 14:23:53 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\conime.exe
[2009/04/22 14:23:49 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\compact.exe
[2009/04/22 14:23:47 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\comp.exe
[2009/04/22 14:23:43 | 00,083,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmstp.exe
[2009/04/22 14:23:38 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmmon32.exe
[2009/04/22 14:23:34 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmdl32.exe
[2009/04/22 14:23:32 | 00,409,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
[2009/04/22 14:23:28 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\clipsrv.exe
[2009/04/22 14:23:25 | 00,123,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2009/04/22 14:23:22 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cleanmgr.exe
[2009/04/22 14:23:19 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ckcnv.exe
[2009/04/22 14:23:18 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cisvc.exe
[2009/04/22 14:23:16 | 00,076,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cipher.exe
[2009/04/22 14:23:11 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cidaemon.exe
[2009/04/22 14:23:09 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\chkntfs.exe
[2009/04/22 14:23:06 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\chkdsk.exe
[2009/04/22 14:23:03 | 00,100,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2009/04/22 14:22:58 | 00,135,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2009/04/22 14:22:56 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cacls.exe
[2009/04/22 14:22:53 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\bootvrfy.exe
[2009/04/22 14:22:52 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\bootok.exe
[2009/04/22 14:22:51 | 00,157,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\bootcfg.exe
[2009/04/22 14:22:49 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\blastcln.exe
[2009/04/22 14:22:46 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\auditusr.exe
[2009/04/22 14:22:45 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\attrib.exe
[2009/04/22 14:22:43 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\atmadm.exe
[2009/04/22 14:22:41 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\at.exe
[2009/04/22 14:22:38 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\asr_pfu.exe
[2009/04/22 14:22:36 | 00,052,736 | ---- | M] (Microsoft Corp.) -- C:\WINDOWS\System32\asr_ldm.exe
[2009/04/22 14:22:34 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\asr_fmt.exe
[2009/04/22 14:22:32 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\arp.exe
[2009/04/22 14:22:29 | 00,118,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ahui.exe
[2009/04/22 14:22:26 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\actmovie.exe
[2009/04/22 14:22:24 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2009/04/22 14:21:04 | 00,000,802 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/22 14:09:32 | 00,304,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winhlp32.exe
[2009/04/22 14:09:07 | 00,046,080 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twunk_32.exe
[2009/04/22 14:09:06 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\taskman.exe
[2009/04/22 14:08:56 | 00,166,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\regedit.exe
[2009/04/22 14:08:50 | 00,089,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
[2009/04/22 14:08:28 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\hh.exe
[2009/04/22 14:08:26 | 01,052,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2009/04/22 13:12:47 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ctfmon.exe
[2009/04/22 13:12:31 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rundll32.exe
[2009/04/22 10:52:00 | 00,000,220 | R--- | M] () -- C:\Documents and Settings\Neil McGilloway\My Documents\ATT00006.dat
[2009/04/21 23:07:22 | 00,320,000 | ---- | M] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2009/04/21 23:06:53 | 00,053,248 | ---- | M] (NirSoft) -- C:\WINDOWS\nircmd.exe
[2009/04/21 23:06:52 | 00,442,368 | ---- | M] () -- C:\WINDOWS\Nero PhotoShow.scr
[2009/04/21 23:06:47 | 02,827,776 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2009/04/21 23:06:44 | 00,166,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WudfHost.exe
[2009/04/21 23:06:42 | 04,417,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wpgldfsh.scr
[2009/04/21 23:06:41 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wpdshextautoplay.exe
[2009/04/21 23:06:36 | 00,226,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WinFXDocObj.exe
[2009/04/21 23:06:33 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2009/04/21 23:06:31 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uwdf.exe
[2009/04/21 23:06:28 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tzchange.exe
[2009/04/21 23:06:25 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskman.exe
[2009/04/21 23:06:22 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2009/04/21 23:06:21 | 07,114,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\space.scr
[2009/04/21 23:06:17 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2009/04/21 23:06:14 | 00,180,307 | ---- | M] () -- C:\WINDOWS\System32\RemSvc.exe
[2009/04/21 23:05:46 | 03,363,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nature.scr
[2009/04/21 23:05:44 | 00,197,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2009/04/21 23:05:43 | 01,762,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mypixdx.scr
[2009/04/21 23:05:37 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedssync.exe
[2009/04/21 23:05:31 | 00,054,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2009/04/21 23:05:30 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\migpwd.exe
[2009/04/21 23:05:27 | 00,060,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MAPISRVR.EXE
[2009/04/21 23:05:09 | 00,078,190 | R--- | M] () -- C:\WINDOWS\System32\InstMed.exe
[2009/04/21 23:05:07 | 00,034,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2009/04/21 23:05:01 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2009/04/21 23:04:51 | 05,089,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\davinci.scr
[2009/04/21 23:04:48 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2009/04/21 23:04:46 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cliconfg.exe
[2009/04/21 23:04:44 | 00,064,640 | ---- | M] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/04/21 23:04:40 | 00,075,776 | -HS- | M] () -- C:\WINDOWS\System32\bugadepi.exe
[2009/04/21 23:04:37 | 00,520,192 | ---- | M] () -- C:\WINDOWS\System32\ASWLSVC.exe
[2009/04/21 23:04:36 | 00,537,600 | ---- | M] () -- C:\WINDOWS\System32\ASWL2K.exe
[2009/04/21 23:03:16 | 00,176,128 | ---- | M] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2009/04/21 23:02:43 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
[2009/04/21 23:02:06 | 00,385,024 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\System32\WDBtnMgr.exe
[2009/04/21 23:01:58 | 00,460,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\searchindexer.exe
[2009/04/21 23:01:11 | 00,522,240 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Neil McGilloway\Desktop\OTListIt2.exe
[2009/04/21 22:41:40 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2009/04/21 22:41:18 | 00,108,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\searchfilterhost.exe
[2009/04/21 22:41:13 | 00,205,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\searchprotocolhost.exe
[2009/04/21 22:39:14 | 00,013,752 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/21 22:38:12 | 00,018,323 | ---- | M] () -- C:\WINDOWS\System32\ovfsthxlog.dat
[2009/04/21 20:26:48 | 13,718,160 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Neil McGilloway\Desktop\drweb-cureit.exe
[2009/04/21 18:07:23 | 00,577,676 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/21 18:07:23 | 00,482,756 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/21 18:07:23 | 00,084,038 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/21 12:42:19 | 00,000,287 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/04/21 12:17:36 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[2009/04/21 12:17:29 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/04/21 12:17:29 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/04/21 12:17:27 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/04/21 12:17:13 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/21 12:14:20 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/04/21 12:14:20 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/04/21 12:14:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/04/21 11:55:24 | 00,034,188 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/04/21 11:52:40 | 00,000,280 | -HS- | M] () -- C:\boot.ini
[2009/04/21 11:02:43 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/21 11:02:25 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
[2009/04/21 11:02:25 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009/04/21 10:48:24 | 00,733,683 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2009/04/21 10:46:48 | 00,006,921 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/21 10:22:15 | 00,304,465 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/04/21 10:05:06 | 00,023,832 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/21 10:02:49 | 00,000,024 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090421-102215.backup
[2009/04/21 01:07:39 | 00,130,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/21 01:07:22 | 21,453,86496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009/04/20 19:10:36 | 00,000,034 | ---- | M] () -- C:\WINDOWS\System32\tcpd.dll
[2009/04/20 19:10:36 | 00,000,009 | ---- | M] () -- C:\WINDOWS\System32\iphy.dll
[2009/04/20 19:10:36 | 00,000,003 | ---- | M] () -- C:\WINDOWS\System32\fhpatch.dll
[2009/04/20 19:10:36 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\fiplock.dll
[2009/04/20 15:30:19 | 00,000,004 | ---- | M] () -- C:\WINDOWS\System32\_id.dat
[2009/04/20 14:49:25 | 00,000,122 | ---- | M] () -- C:\WINDOWS\mdm.ini
[2009/04/20 02:59:57 | 00,360,021 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\dds.scr
[2009/04/20 00:40:00 | 00,101,196 | ---- | M] () -- C:\MGlogs.zip
[2009/04/19 21:24:27 | 09,924,040 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Neil McGilloway\Desktop\windows-kb890830-v2.9.exe
[2009/04/19 20:26:23 | 06,043,680 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\SUPERAntiSpyware(2).exe
[2009/04/19 17:50:43 | 01,340,797 | ---- | M] () -- C:\MGtools.exe
[2009/04/19 06:31:07 | 00,000,138 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\fusioncache.dat
[2009/04/19 06:09:11 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\zamoyoje
[2009/04/19 06:01:10 | 04,608,744 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Neil McGilloway\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2009/04/19 04:35:59 | 00,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/04/19 03:06:48 | 00,000,077 | -HS- | M] () -- C:\Documents and Settings\Neil McGilloway\My Documents\desktop.ini
[2009/04/19 03:05:02 | 00,000,000 | ---- | M] () -- C:\WINDOWS\mqcd.dbt
[2009/04/19 03:04:43 | 00,108,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX
[2009/04/17 15:31:32 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/17 13:03:35 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/17 11:30:05 | 10,139,5426 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Lannie_Barbie_High_Heels_Stockings.rar
[2009/04/17 11:22:30 | 20,321,6800 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\PrftMch_1_AN.avi
[2009/04/16 23:42:21 | 19,306,8664 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\SELU_ERNER-PM.avi
[2009/04/15 19:14:00 | 00,004,566 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\black dress.dat
[2009/04/15 02:14:00 | 00,000,360 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/04/13 17:29:01 | 19,226,8288 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\IsSo_NN2.avi
[2009/04/13 16:03:24 | 75,457,986 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\ICLdFeZa_4.zip
[2009/04/13 16:02:51 | 99,346,432 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\SimDia_TDL_ChaKRa.avi
[2009/04/13 15:50:16 | 99,920,814 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\MADESA-LERAD.avi
[2009/04/11 16:38:31 | 94,371,840 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Black_dick_in_milf.part1.rar
[2009/04/10 15:41:49 | 16,990,5184 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\tai024.part2.rar
[2009/04/10 15:07:12 | 17,091,7888 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\tai024.part1.rar
[2009/04/09 16:16:33 | 54,545,207 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\94-Teresa_Orlowski_-_Taken_By_Force_In_Toilet.rar
[2009/04/09 13:25:56 | 00,312,232 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090419-034007.backup
[2009/04/09 02:17:36 | 93,176,575 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Hot_Latina_Gives_Anal_a_Try.rar
[2009/04/09 01:45:58 | 88,744,206 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Black_Latex_Nurses_anal_bleep_orgy.WMV
[2009/04/09 01:22:33 | 14,808,3024 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Michelle-_Reds_like_it_in_the_Ass_pic.avi
[2009/04/09 01:07:57 | 85,926,068 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\CaHo_LaLi_AN.avi
[2009/04/08 21:48:25 | 16,233,1872 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\madura_anb13_1.wmv
[2009/04/08 21:10:20 | 15,212,5949 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Fusxion_Fantasies_1_Scene_3_b.wmv
[2009/04/08 20:19:26 | 10,458,5138 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\teen_glasses_s_a.rar
[2009/04/08 19:50:35 | 10,000,0000 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Dolly_Golden.part1.rar
[2009/04/08 19:16:34 | 93,956,746 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Dolly_Golden.part2.rar
[2009/04/08 18:57:43 | 76,656,640 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Blackhaired_grrrl..Kosovali.avi
[2009/04/08 18:49:17 | 13,012,1375 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\black_haired_chick_assbleeped.rar
[2009/04/08 18:27:03 | 69,494,090 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\NroFmlre_4_TS_DP.avi
[2009/04/08 18:19:44 | 10,212,5252 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Nice_Car.rar
[2009/04/08 18:02:57 | 16,375,5468 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\MarieDelvauxGravurix.avi
[2009/04/08 18:02:41 | 10,186,7590 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Coralie.rar
[2009/04/08 17:56:49 | 20,261,3858 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\mc414.rar
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 07:57:26 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/01 01:01:46 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/03/30 14:46:53 | 11,270,5664 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\mc407.rar
[2009/03/30 14:39:40 | 18,894,5459 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\mc406.rar
[2009/03/24 18:48:47 | 17,286,5985 | ---- | M] () -- C:\Documents and Settings\Neil McGilloway\Desktop\Edited Sluts With Nuts 04.wmv
< End of report >


ComboFix (I got that message I mentioned before again, except this time ComboFix ran regardless):

ComboFix 09-04-23.02 - Neil McGilloway 04/22/2009 16:16.1 - NTFSx86
Running from: c:\documents and settings\Neil McGilloway\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Neil McGilloway\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\mqcd.dbt
c:\windows\system32\encapi32.dll
c:\windows\system32\fhpatch.dll
c:\windows\system32\fiplock.dll
c:\windows\system32\iphy.dll
c:\windows\system32\mdm.exe
c:\windows\system32\ovfsthxlog.dat
c:\windows\system32\pthreadGC2.dll
c:\windows\system32\tcpd.dll

c:\windows\system32\userinit.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_AT1394
-------\Legacy_DHCPSRV
-------\Legacy_RESTORE
-------\Service_DhcpSrv


((((((((((((((((((((((((( Files Created from 2009-03-22 to 2009-04-22 )))))))))))))))))))))))))))))))
.

2009-04-22 00:33 . 2009-04-22 00:36 -------- d-----w c:\documents and settings\Neil McGilloway\DoctorWeb
2009-04-22 00:13 . 2009-04-22 00:13 -------- d-----w C:\_OTListIt
2009-04-21 16:41 . 2004-08-10 08:13 73728 -c--a-w c:\windows\system32\dllcache\ehresja.dll
2009-04-21 16:41 . 2004-08-10 08:13 69632 -c--a-w c:\windows\system32\dllcache\ehresko.dll
2009-04-21 16:41 . 2004-08-10 08:13 69632 -c--a-w c:\windows\system32\dllcache\ehresfr.dll
2009-04-21 16:41 . 2004-08-10 08:13 61440 -c--a-w c:\windows\system32\dllcache\ehreschs.dll
2009-04-21 16:41 . 2004-08-10 08:13 69632 -c--a-w c:\windows\system32\dllcache\ehresde.dll
2009-04-21 16:39 . 2004-08-10 12:00 83748 -c--a-w c:\windows\system32\dllcache\prcp.nls
2009-04-21 16:38 . 2004-08-10 12:00 8192 -c--a-w c:\windows\system32\dllcache\httpmb51.dll
2009-04-21 16:37 . 2004-08-10 12:00 829440 -c--a-w c:\windows\system32\dllcache\inetmgr.dll
2009-04-21 16:14 . 2009-04-21 16:14 488 ---ha-r c:\windows\system32\logonui.exe.manifest
2009-04-21 16:14 . 2009-04-21 16:14 749 ---ha-r c:\windows\WindowsShell.Manifest
2009-04-21 16:14 . 2009-04-21 16:14 749 ---ha-r c:\windows\system32\wuaucpl.cpl.manifest
2009-04-21 16:14 . 2009-04-21 16:14 749 ---ha-r c:\windows\system32\sapi.cpl.manifest
2009-04-21 16:14 . 2009-04-21 16:14 749 ---ha-r c:\windows\system32\nwc.cpl.manifest
2009-04-21 16:14 . 2009-04-21 16:14 749 ---ha-r c:\windows\system32\ncpa.cpl.manifest
2009-04-21 15:52 . 2009-04-22 18:26 173056 ----a-w c:\windows\system32\irftp.exe
2009-04-21 15:52 . 2004-08-04 04:56 8192 ----a-w c:\windows\system32\wshirda.dll
2009-04-21 15:52 . 2004-08-04 03:00 87424 ----a-w c:\windows\system32\drivers\irda.sys
2009-04-21 15:52 . 2004-08-04 04:56 27136 ----a-w c:\windows\system32\irmon.dll
2009-04-21 15:16 . 2001-08-17 17:51 18688 ----a-w c:\windows\system32\drivers\irsir.sys
2009-04-21 15:04 . 2001-08-17 17:51 19584 ----a-w c:\windows\system32\drivers\rasirda.sys
2009-04-21 04:50 . 2009-04-21 05:07 2145386496 ----a-w c:\windows\MEMORY.DMP
2009-04-21 03:39 . 2004-08-10 12:00 13753 ----a-r c:\windows\SET61.tmp
2009-04-21 03:39 . 2004-08-10 12:00 1086058 ----a-r c:\windows\SET55.tmp
2009-04-21 03:39 . 2004-08-10 12:00 106147 ----a-r c:\windows\SET52.tmp
2009-04-21 03:29 . 2004-08-10 12:00 67584 ----a-w c:\windows\system32\SET4D8.tmp
2009-04-21 02:12 . 2004-08-10 12:00 13753 ----a-r c:\windows\SET60.tmp
2009-04-21 02:12 . 2004-08-10 12:00 1086058 ----a-r c:\windows\SET54.tmp
2009-04-21 02:12 . 2004-08-10 12:00 106147 ----a-r c:\windows\SET51.tmp
2009-04-21 01:40 . 2009-04-21 14:46 6921 ----a-w c:\windows\imsins.BAK
2009-04-21 01:39 . 2009-04-21 01:39 -------- d-s---w c:\windows\system32\config\systemprofile\History
2009-04-21 01:39 . 2004-08-10 12:00 13753 ----a-r c:\windows\SET9E.tmp
2009-04-21 01:39 . 2004-08-10 12:00 1086058 ----a-r c:\windows\SET92.tmp
2009-04-21 01:39 . 2004-08-10 12:00 106147 ----a-r c:\windows\SET8F.tmp
2009-04-20 23:09 . 2009-04-20 23:09 52736 ----a-w C:\2A.tmp
2009-04-20 23:09 . 2009-04-20 23:09 80 ----a-w c:\windows\system32\29.tmp
2009-04-20 23:08 . 2009-04-20 23:08 0 ----a-w C:\27.tmp
2009-04-20 23:08 . 2009-04-20 23:08 0 ----a-w C:\26.tmp
2009-04-20 23:08 . 2009-04-20 23:08 0 ----a-w C:\25.tmp
2009-04-20 23:08 . 2009-04-20 23:08 0 ----a-w C:\24.tmp
2009-04-20 23:08 . 2009-04-20 23:08 0 ----a-w C:\22.tmp
2009-04-20 23:08 . 2009-04-20 23:08 0 ----a-w C:\23.tmp
2009-04-20 23:08 . 2009-04-20 23:08 38 ----a-w C:\1F.tmp
2009-04-20 23:08 . 2009-04-20 23:08 0 ----a-w C:\1E.tmp
2009-04-20 23:08 . 2009-04-20 23:08 0 ----a-w C:\1D.tmp
2009-04-20 23:08 . 2009-04-20 23:08 38 ----a-w C:\1C.tmp
2009-04-20 23:08 . 2009-04-20 23:08 0 ----a-w C:\1B.tmp
2009-04-20 23:05 . 2009-04-21 14:48 733683 ----a-w c:\windows\setupapi.old
2009-04-20 19:32 . 2009-04-20 19:32 38 ----a-w C:\3B.tmp
2009-04-20 19:32 . 2009-04-20 19:32 0 ----a-w C:\3A.tmp
2009-04-20 19:32 . 2009-04-20 19:32 0 ----a-w C:\39.tmp
2009-04-20 19:32 . 2009-04-20 19:32 0 ----a-w C:\38.tmp
2009-04-20 19:32 . 2009-04-20 19:32 0 ----a-w C:\37.tmp
2009-04-20 19:32 . 2009-04-20 19:32 0 ----a-w C:\36.tmp
2009-04-20 19:32 . 2009-04-20 19:32 0 ----a-w C:\35.tmp
2009-04-20 19:32 . 2009-04-20 19:32 0 ----a-w C:\34.tmp
2009-04-20 19:32 . 2009-04-20 19:32 0 ----a-w C:\33.tmp
2009-04-20 19:32 . 2009-04-20 19:32 38 ----a-w C:\32.tmp
2009-04-20 19:30 . 2009-04-20 19:30 4 ----a-w c:\windows\system32\_id.dat
2009-04-20 19:30 . 2009-04-20 19:30 0 ----a-w c:\windows\system32\2C.tmp
2009-04-20 19:29 . 2009-04-20 19:30 120 ----a-w c:\windows\system32\2A.tmp
2009-04-20 18:58 . 2009-04-20 18:58 -------- d-----w C:\VundoFix Backups
2009-04-20 05:48 . 2009-04-20 05:48 -------- d-----w c:\documents and settings\LocalService\Tracing
2009-04-20 05:47 . 2009-04-20 05:47 38 ----a-w C:\1A.tmp
2009-04-20 05:47 . 2009-04-20 05:47 0 ----a-w C:\19.tmp
2009-04-20 05:47 . 2009-04-20 05:47 0 ----a-w C:\18.tmp
2009-04-20 05:47 . 2009-04-20 05:47 0 ----a-w C:\17.tmp
2009-04-20 05:47 . 2009-04-20 05:47 0 ----a-w C:\16.tmp
2009-04-20 05:47 . 2009-04-20 05:47 0 ----a-w C:\15.tmp
2009-04-20 05:47 . 2009-04-20 05:47 0 ----a-w C:\14.tmp
2009-04-20 05:47 . 2009-04-20 05:47 0 ----a-w C:\13.tmp
2009-04-20 05:47 . 2009-04-20 05:47 0 ----a-w C:\D.tmp
2009-04-20 05:47 . 2009-04-20 05:47 38 ----a-w C:\6.tmp
2009-04-20 05:46 . 2009-04-20 05:46 52736 ----a-w C:\5.tmp
2009-04-20 05:46 . 2009-04-20 05:46 0 ----a-w C:\4.tmp
2009-04-20 04:36 . 2009-04-20 04:40 101196 ----a-w C:\MGlogs.zip
2009-04-20 04:36 . 2009-04-22 02:36 -------- d-----w C:\MGtools
2009-04-19 21:52 . 2009-04-19 21:52 -------- d-----w c:\documents and settings\Neil McGilloway\Application Data\Malwarebytes
2009-04-19 21:52 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-19 21:52 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-19 21:52 . 2009-04-19 21:52 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-19 21:50 . 2009-04-19 21:50 1340797 ----a-w C:\MGtools.exe
2009-04-19 19:21 . 2009-04-19 19:21 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-19 19:20 . 2009-04-20 03:20 -------- d-----w c:\documents and settings\Neil McGilloway\Application Data\SUPERAntiSpyware.com
2009-04-19 19:18 . 2009-04-19 19:18 23832 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-19 19:05 . 2009-04-19 19:05 38 ----a-w C:\12.tmp
2009-04-19 19:05 . 2009-04-19 19:05 0 ----a-w C:\11.tmp
2009-04-19 19:05 . 2009-04-19 19:05 0 ----a-w C:\F.tmp
2009-04-19 19:05 . 2009-04-19 19:05 0 ----a-w C:\10.tmp
2009-04-19 19:05 . 2009-04-19 19:05 0 ----a-w C:\E.tmp
2009-04-19 19:05 . 2009-04-19 19:05 0 ----a-w C:\C.tmp
2009-04-19 19:05 . 2009-04-19 19:05 0 ----a-w C:\B.tmp
2009-04-19 19:05 . 2009-04-19 19:05 0 ----a-w C:\A.tmp
2009-04-19 19:05 . 2009-04-19 19:05 0 ----a-w C:\9.tmp
2009-04-19 19:05 . 2009-04-19 19:05 38 ----a-w C:\8.tmp
2009-04-19 19:05 . 2009-04-19 19:05 52736 ----a-w C:\7.tmp
2009-04-19 18:48 . 2009-04-19 18:48 -------- d-----w c:\windows\ERUNT
2009-04-19 18:47 . 2009-04-19 19:17 -------- d-----w C:\SDFix
2009-04-19 10:39 . 2009-04-19 10:39 -------- d-----w c:\documents and settings\LocalService\Application Data\McAfee
2009-04-19 10:31 . 2009-04-19 10:31 -------- d-----w c:\documents and settings\Neil McGilloway\Application Data\McAfee
2009-04-19 10:31 . 2009-04-19 10:31 138 ----a-w c:\documents and settings\Neil McGilloway\Local Settings\Application Data\fusioncache.dat
2009-04-19 09:52 . 2009-04-20 23:11 -------- d-----w c:\documents and settings\NetworkService\Tracing
2009-04-19 08:35 . 2009-04-19 08:35 95 ----a-w c:\windows\wininit.ini
2009-04-19 07:04 . 2009-04-21 05:19 -------- d-----w c:\windows\system32\3361
2009-04-19 07:04 . 2009-04-19 07:04 108336 ----a-w c:\windows\system32\MSWINSCK.OCX
2009-04-19 07:04 . 2009-04-19 17:51 -------- d-----w c:\windows\dhcp
2009-04-19 07:04 . 2009-04-19 17:51 -------- d-----w c:\documents and settings\Neil McGilloway\Application Data\pidle
2009-04-19 03:56 . 2009-04-19 03:56 -------- d-----w c:\documents and settings\Neil McGilloway\Application Data\Apple Computer
2009-04-19 03:55 . 2009-03-19 20:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-19 03:55 . 2008-04-17 16:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-04-19 03:55 . 2009-04-19 03:55 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-19 03:53 . 2009-04-19 03:55 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-19 03:53 . 2009-04-19 03:53 -------- d-----w c:\documents and settings\Neil McGilloway\Local Settings\Application Data\Apple
2009-04-19 03:52 . 2009-04-19 03:52 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-04-19 03:51 . 2009-04-19 03:56 -------- d-----w c:\documents and settings\Neil McGilloway\Local Settings\Application Data\Apple Computer
2009-04-16 14:55 . 2009-04-16 14:55 -------- d-----w c:\documents and settings\Neil McGilloway\Local Settings\Application Data\Logitech-LS
2009-04-15 22:43 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 03:22 . 2004-08-04 02:58 5504 ----a-w c:\windows\system32\drivers\mstee.sys
2009-04-15 03:22 . 2004-08-04 03:10 19328 ----a-w c:\windows\system32\drivers\wstcodec.sys
2009-04-15 03:22 . 2004-08-04 03:10 85376 ----a-w c:\windows\system32\drivers\nabtsfec.sys
2009-04-15 03:22 . 2004-08-04 03:10 17024 ----a-w c:\windows\system32\drivers\ccdecode.sys
2009-04-15 03:21 . 2004-08-04 03:07 59264 ----a-w c:\windows\system32\drivers\usbaudio.sys
2009-04-15 03:21 . 2004-08-04 04:56 43008 ----a-w c:\windows\system32\ksxbar.ax
2009-04-15 03:21 . 2004-08-04 04:56 53760 ----a-w c:\windows\system32\vfwwdm32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 20:23 . 2009-04-22 20:23 6656 ----a-w c:\windows\system32\drivers\restore.sys
2009-04-22 20:22 . 2004-08-10 12:00 213376 ----a-w c:\windows\system32\drivers\ndis.sys
2009-04-22 20:22 . 2009-04-22 20:22 36352 ----a-w c:\windows\system32\reader_s.exe
2009-04-22 20:22 . 2009-04-22 20:22 36352 ----a-w c:\documents and settings\Neil McGilloway\reader_s.exe
2009-04-22 19:49 . 2004-08-10 12:00 65024 ----a-w c:\windows\system32\alg.exe
2009-04-22 19:49 . 2004-08-10 12:00 78336 ----a-w c:\windows\system32\spoolsv.exe
2009-04-22 18:34 . 2004-08-10 12:00 51200 ----a-w c:\windows\system32\xcopy.exe
2009-04-22 18:32 . 2004-08-10 12:00 45056 ----a-w c:\windows\system32\userinit.exe
2009-04-22 18:31 . 2004-08-10 12:00 29696 ----a-w c:\windows\system32\subst.exe
2009-04-22 18:30 . 2004-08-10 12:00 30208 ----a-w c:\windows\system32\sfc.exe
2009-04-22 18:29 . 2004-08-10 12:00 32256 ----a-w c:\windows\system32\regsvr32.exe
2009-04-22 18:28 . 2004-08-10 12:00 90112 ----a-w c:\windows\system32\odbcconf.exe
2009-04-22 18:27 . 2004-08-10 12:00 27136 ----a-w c:\windows\system32\msswchx.exe
2009-04-22 18:26 . 2004-08-10 12:00 241152 ----a-w c:\windows\system32\logon.scr
2009-04-22 18:25 . 2004-08-10 12:00 59904 ----a-w c:\windows\system32\grpconv.exe
2009-04-22 18:24 . 2004-08-10 12:00 38912 ----a-w c:\windows\system32\dpnsvr.exe
2009-04-22 18:24 . 2004-08-10 12:00 50688 ----a-w c:\windows\system32\dplaysvr.exe
2009-04-22 18:24 . 2004-08-10 12:00 31232 ----a-w c:\windows\system32\doskey.exe
2009-04-22 18:24 . 2004-08-10 12:00 36352 ----a-w c:\windows\system32\dmremote.exe
2009-04-22 18:24 . 2004-08-10 12:00 245248 ----a-w c:\windows\system32\dmadmin.exe
2009-04-22 18:24 . 2004-08-10 12:00 25088 ----a-w c:\windows\system32\dllhst3g.exe
2009-04-22 18:24 . 2004-08-10 12:00 38400 ----a-w c:\windows\system32\diskperf.exe
2009-04-22 18:24 . 2004-08-10 12:00 184320 ----a-w c:\windows\system32\diskpart.exe
2009-04-22 18:24 . 2004-08-10 12:00 105984 ----a-w c:\windows\system32\diantz.exe
2009-04-22 18:24 . 2004-08-10 12:00 102912 ----a-w c:\windows\system32\dfrgfat.exe
2009-04-22 18:24 . 2004-08-10 12:00 45568 ----a-w c:\windows\system32\defrag.exe
2009-04-22 18:24 . 2004-08-10 12:00 50688 ----a-w c:\windows\system32\ddeshare.exe
2009-04-22 18:24 . 2009-03-09 21:24 25600 ----a-w c:\windows\system32\dcomcnfg.exe
2009-04-22 18:22 . 2009-03-09 21:24 135168 ----a-w c:\windows\system32\calc.exe
2009-04-22 18:20 . 2009-03-09 21:28 171008 ----a-w c:\windows\pchealth\UploadLB\Binaries\uploadm.exe
2009-04-22 18:19 . 2009-03-09 21:28 55808 ----a-w c:\windows\pchealth\helpctr\binaries\notiflag.exe
2009-04-22 18:19 . 2009-03-09 21:28 178688 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe
2009-04-22 18:19 . 2009-03-09 21:28 39424 ----a-w c:\windows\pchealth\helpctr\binaries\hscupd.exe
2009-04-22 18:19 . 2009-03-09 21:28 764416 ----a-w c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2009-04-22 18:19 . 2009-03-09 21:28 120320 ----a-w c:\windows\pchealth\helpctr\binaries\helphost.exe
2009-04-22 18:19 . 2009-03-09 21:28 788992 ----a-w c:\windows\pchealth\helpctr\binaries\helpctr.exe
2009-04-22 18:09 . 2004-08-10 12:00 304128 ----a-w c:\windows\winhlp32.exe
2009-04-22 18:09 . 2004-08-10 12:00 46080 ----a-w c:\windows\twunk_32.exe
2009-04-22 18:09 . 2004-08-10 12:00 35840 ----a-w c:\windows\taskman.exe
2009-04-22 18:09 . 2008-04-14 00:12 53346 ----a-w c:\windows\slrundll.exe
2009-04-22 18:08 . 2004-08-10 12:00 166912 ----a-w c:\windows\regedit.exe
2009-04-22 18:08 . 2004-08-10 12:00 89600 ----a-w c:\windows\notepad.exe
2009-04-22 18:08 . 2004-08-10 12:00 31232 ----a-w c:\windows\hh.exe
2009-04-22 18:08 . 2004-08-10 12:00 1052672 ----a-w c:\windows\explorer.exe
2009-04-22 17:12 . 2004-08-10 12:00 35840 ----a-w c:\windows\system32\ctfmon.exe
2009-04-22 17:12 . 2004-08-10 12:00 53760 ----a-w c:\windows\system32\rundll32.exe
2009-04-22 03:07 . 2009-03-09 22:00 1937408 ----a-w c:\windows\UNNVEContent.exe
2009-04-22 03:07 . 2009-03-09 21:55 2977792 ----a-w c:\windows\UNNMP.exe
2009-04-22 03:07 . 2009-03-09 21:53 2994176 ----a-w c:\windows\UNNeroVision.exe
2009-04-22 03:07 . 2009-03-09 21:58 2953216 ----a-w c:\windows\UNMRW.exe
2009-04-22 03:07 . 2009-03-09 22:17 320000 ----a-w c:\windows\uninst.exe
2009-04-22 03:07 . 2009-03-09 22:09 110592 ----a-w c:\windows\SOUNDMAN.EXE
2009-04-22 03:07 . 2009-03-09 22:09 9714688 ----a-w c:\windows\RTLCPL.EXE
2009-04-22 03:07 . 2009-03-09 21:56 2953216 ----a-w c:\windows\NuNinst.exe
2009-04-22 03:05 . 2009-03-09 22:10 196608 ----a-w c:\windows\system32\nvudisp.exe
2009-04-22 03:05 . 2005-07-26 09:02 1359872 ----a-w c:\windows\system32\nvdspsch.exe
2009-04-22 03:05 . 2005-07-26 09:02 462848 ----a-w c:\windows\system32\nvappbar.exe
2009-04-22 03:05 . 2009-03-09 21:25 3363840 ----a-w c:\windows\system32\nature.scr
2009-04-22 03:05 . 2008-04-14 00:12 197120 ----a-w c:\windows\system32\napstat.exe
2009-04-22 03:05 . 2009-03-09 21:25 1762816 ----a-w c:\windows\system32\mypixdx.scr
2009-04-22 03:05 . 2008-04-14 00:12 54272 ----a-w c:\windows\system32\mmcperf.exe
2009-04-22 03:05 . 2004-08-10 12:00 72192 ----a-w c:\windows\system32\migpwd.exe
2009-04-22 03:05 . 1998-10-01 16:00 60688 ----a-w c:\windows\system32\MAPISRVR.EXE
2009-04-22 03:05 . 2008-04-14 00:12 41472 ----a-w c:\windows\system32\faxpatch.exe
2009-04-22 03:04 . 2009-03-09 21:25 5089280 ----a-w c:\windows\system32\davinci.scr
2009-04-22 03:04 . 2008-04-13 18:43 30208 ----a-w c:\windows\system32\comsdupd.exe
2009-04-22 03:04 . 2004-08-10 12:00 40960 ----a-w c:\windows\system32\cliconfg.exe
2009-04-22 03:04 . 2009-03-09 22:09 64640 ----a-w c:\windows\system32\ChCfg.exe
2009-04-22 03:04 . 2009-01-19 07:02 75776 --sha-w c:\windows\system32\bugadepi.exe
2009-04-22 03:04 . 2009-03-09 22:14 520192 ----a-w c:\windows\system32\ASWLSVC.exe
2009-04-22 03:04 . 2009-03-09 22:14 537600 ----a-w c:\windows\system32\ASWL2K.exe
2009-04-22 03:03 . 2005-07-26 09:02 1540096 ----a-w c:\windows\system32\nwiz.exe
2009-04-22 03:03 . 2009-03-09 21:53 176128 ----a-w c:\windows\system32\NeroCheck.exe
2009-04-22 03:03 . 2005-01-07 22:07 82432 ----a-w c:\windows\system32\HdAShCut.exe
2009-04-22 03:02 . 2004-08-10 12:00 59392 ----a-w c:\windows\system32\wdfmgr.exe
2009-04-22 03:02 . 2009-03-09 22:09 14180864 ----a-w c:\windows\RTHDCPL.EXE
2009-04-22 03:02 . 2005-07-19 21:32 241664 ----a-w c:\windows\system32\LVCOMSX.EXE
2009-04-22 03:02 . 2009-03-10 17:26 385024 ----a-w c:\windows\system32\WDBtnMgr.exe
2009-04-22 03:01 . 2008-05-27 02:18 460288 ----a-w c:\windows\system32\searchindexer.exe
2009-04-22 03:01 . 2005-07-26 09:02 147523 ----a-w c:\windows\system32\nvsvc32.exe
2009-04-22 02:41 . 2008-04-14 00:12 28160 ----a-w c:\windows\system32\spdwnwxp.exe
2009-04-22 02:41 . 2008-05-27 02:17 108032 ----a-w c:\windows\system32\searchfilterhost.exe
2009-04-22 02:41 . 2008-05-27 02:18 205312 ----a-w c:\windows\system32\searchprotocolhost.exe
2009-04-21 21:28 . 2009-03-09 21:29 86811 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-21 15:55 . 2009-03-09 21:26 34188 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-21 15:55 . 2009-04-21 15:55 878 ----a-w c:\windows\Inf\COM354.tmp
2009-04-21 14:05 . 2009-03-10 17:05 23832 ----a-w c:\documents and settings\Neil McGilloway\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-21 04:30 . 2009-04-21 04:29 878 ----a-w c:\windows\Inf\COM350.tmp
2009-04-21 03:10 . 2009-04-21 03:10 878 ----a-w c:\windows\Inf\COM40A.tmp
2009-04-20 23:13 . 2009-03-10 00:54 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-20 19:23 . 2009-04-20 19:23 -------- d-----w c:\program files\CCleaner
2009-04-20 19:15 . 2009-04-20 18:58 136 ----a-w C:\VundoFix.txt
2009-04-20 16:33 . 2009-04-20 16:32 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-20 03:20 . 2009-04-19 19:20 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-20 00:26 . 2009-04-20 00:23 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-19 21:52 . 2009-04-19 21:52 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-19 20:12 . 2009-03-10 00:54 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-19 18:09 . 2009-04-19 18:09 -------- d-----w c:\program files\Trend Micro
2009-04-19 10:31 . 2009-03-09 22:42 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-04-19 06:59 . 2009-03-20 15:02 -------- d-----w c:\program files\BitComet
.

------- Sigcheck -------

[-] 2004-08-10 12:00 34816 79CAE1782D02242F3C69563A3553D56B c:\windows\system32\svchost.exe
[-] 2009-04-22 18:41 34816 8005180646B7765F475BB5974067A2BE c:\windows\system32\dllcache\svchost.exe

[-] 2009-04-22 20:22 213376 FF85EBD2AD3679254CF251136C62D764 c:\windows\system32\dllcache\ndis.sys
[-] 2009-04-22 20:22 213376 FF85EBD2AD3679254CF251136C62D764 c:\windows\system32\drivers\ndis.sys

[-] 2009-04-22 18:08 1052672 59645E6C25E7478C196EF679AC4D724B c:\windows\explorer.exe

[-] 2009-04-22 17:12 35840 D06856817E5C3B91A52354D2ABAF1BBC c:\windows\system32\ctfmon.exe
[-] 2009-04-22 18:35 35840 7D3C4B0556D4B296150FFA8338272985 c:\windows\system32\dllcache\ctfmon.exe

[-] 2009-04-22 19:49 78336 A1C82253CC12671CC54BC7D4CD23F15B c:\windows\system32\spoolsv.exe

[-] 2009-04-22 18:33 131584 C8B9F718ADEAF16C278836412C4088B5 c:\windows\system32\wuauclt.exe

[-] 2009-04-22 18:32 45056 EA24794D8DBFCE47CC4ECB33CAA22516 c:\windows\system32\userinit.exe
[-] 2009-04-22 18:42 45056 82F5000E19FFFCA38211D3F60FDFE3C3 c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe" [2009-04-22 233472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-04-22 35840]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2009-04-22 217088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2009-04-22 79872]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2009-04-22 176128]
"HControl"="c:\windows\ATK0100\HControl.exe" [2009-04-22 122880]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-26 7118848]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2009-04-22 118874]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-22 708698]
"Wireless Console"="c:\program files\Generic\Wireless Console\wcourier.exe" [2009-04-22 77824]
"Power_Gear"="c:\program files\GENERIC\Power4 Gear\BatteryLife.exe" [2009-04-22 102400]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2009-04-22 241664]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2009-04-22 479232]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2009-04-22 237568]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 4838952]
"reader_s"="c:\windows\System32\reader_s.exe" [2009-04-22 36352]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2009-04-22 82432]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-22 1540096]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-10 110592]
"WD Button Manager"="WDBtnMgr.exe" - c:\windows\system32\WDBtnMgr.exe [2009-04-22 385024]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-04-22 14180864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"reader_s"="c:\documents and settings\Neil McGilloway\reader_s.exe" [2009-04-22 36352]
"<NO NAME>"="c:\windows\TEMP\mqxg0ksdy.exe" [2009-04-22 15001]
"Windows Resurections"="c:\windows\TEMP\mqxg0ksdy.exe" [2009-04-22 15001]
"Diagnostic Manager"="c:\windows\TEMP\806042882.exe" [2009-04-22 180737]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 50176]
Hotkey.lnk - c:\program files\Keyboard\Keyboard Hotkey\Hotkey.exe [2009-3-9 821248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 86068]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,c:\windows\system32\ntos.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk
backup=c:\windows\pss\Symantec Fax Starter Edition Port.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\reader_s

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Generic\\Power4 Gear\\BatteryLife.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19578:TCP"= 19578:TCP:BitComet 19578 TCP
"19578:UDP"= 19578:UDP:BitComet 19578 UDP
"58088:TCP"= 58088:TCP:Pando Media Booster
"58088:UDP"= 58088:UDP:Pando Media Booster
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 djg4ebc;djg4ebc; [x]
R1 fhra8da;fhra8da; [x]
R1 hagbfd8;hagbfd8; [x]
R1 ktf5cdf;ktf5cdf; [x]
R1 lmn3b08;lmn3b08; [x]
R1 moe351b;moe351b; [x]
R1 pecc2ed;pecc2ed; [x]
R2 0142641239930246mcinstcleanup;McAfee Application Installer Cleanup (0142641239930246); [x]
R3 restore;restore; [x]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S0 R592;R592;c:\windows\system32\DRIVERS\R592.sys [2004-07-05 57088]
S0 risdpntk;risdpntk;c:\windows\system32\DRIVERS\risdpntk.sys [2004-09-17 27264]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-04-22 45132]
S3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.SYS [2002-09-10 16269]
S3 ZD1211U(ASUS);ASUS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ASUS);c:\windows\system32\DRIVERS\zd1211u.sys [2005-06-18 274432]

.
Contents of the 'Scheduled Tasks' folder

2009-04-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-09 17:32]

2009-04-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-09 17:32]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Explorer_Run-servises - c:\windows\system32\servises.exe
HKU-Default-Explorer_Run-servises - c:\windows\system32\servises.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
FF - ProfilePath - c:\documents and settings\Neil McGilloway\Application Data\Mozilla\Firefox\Profiles\5cfjldav.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
FF - component: c:\documents and settings\Neil McGilloway\Application Data\Mozilla\Firefox\Profiles\5cfjldav.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-22 16:22
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
McAfee Backup = c:\program files\McAfee\MBK\McAfeeDataBackup.exe?????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


c:\windows\system32\hsfiun3487dll 15000 bytes executable
c:\windows\system32\ntos.exe 431354 bytes executable
c:\windows\system32\reader_s.exe 36352 bytes executable
c:\windows\system32\wsnpoem

scan completed successfully
hidden files: 4

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\program files\Bonjour\mdnsNSP.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(47152)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehsched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\searchindexer.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\windows\ATK0100\ATKOSD.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\system32\rundll32.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2009-04-22 16:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-22 20:29

Pre-Run: 22,985,957,376 bytes free
Post-Run: 22,954,434,560 bytes free

Current=3 Default=3 Failed=0 LastKnownGood=4 Sets=1,2,3,4
474 --- E O F --- 2009-04-16 14:45

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:51 PM

Posted 22 April 2009 - 06:58 PM

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    C:\*.tmp
    c:\windows\*.tmp
    
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

==================



Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
c:\windows\system32\drivers\restore.sys
c:\windows\system32\reader_s.exe
c:\documents and settings\Neil McGilloway\reader_s.exe
c:\windows\system32\ntos.exe
c:\windows\system32\hsfiun3487dll
c:\windows\system32\wsnpoem

Driver::
djg4ebc
fhra8da
hagbfd8
ktf5cdf
lmn3b08
moe351b
pecc2ed
0142641239930246mcinstcleanup
restore




Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"reader_s"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"reader_s"=-
"<NO NAME>"=-
"Windows Resurections"=-
"Diagnostic Manager"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe
Prior to running Combofix.exe you should disable your antivirus program.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.



After running Combofix, run a new scan with DrWeb and post back with the resulting log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 mcgi0223

mcgi0223
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 22 April 2009 - 11:47 PM

OTListIt2:

OTListIt logfile created on: 4/22/2009 9:49:52 PM - Run 5
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Neil McGilloway\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.70% Memory free
3.85 Gb Paging File | 3.11 Gb Available in Paging File | 80.64% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 21.37 Gb Free Space | 38.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NEIL
Current User Name: Neil McGilloway
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/04/21 23:02:27 | 00,890,880 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/04/21 23:01:52 | 00,215,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2009/04/22 15:49:02 | 00,123,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2009/04/21 23:01:54 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/04/21 23:01:55 | 00,147,523 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2009/04/21 23:01:57 | 00,045,132 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2009/04/21 23:02:00 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/04/22 14:08:26 | 01,052,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/04/22 13:43:43 | 00,113,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/04/22 13:43:43 | 00,113,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/04/22 13:43:43 | 00,113,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/04/22 14:08:50 | 00,089,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
PRC - [2009/04/22 21:45:48 | 00,015,001 | -H-- | M] () -- C:\WINDOWS\TEMP\j1ra6qem9n.exe
PRC - [2009/04/22 13:12:25 | 00,079,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2009/04/21 23:02:01 | 00,122,880 | R--- | M] () -- C:\WINDOWS\ATK0100\HControl.exe
PRC - [2009/04/21 23:02:01 | 00,118,874 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2009/04/21 23:02:03 | 00,708,698 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2009/04/21 23:02:04 | 00,077,824 | ---- | M] () -- C:\Program Files\Generic\Wireless Console\wcourier.exe
PRC - [2009/04/22 21:45:51 | 00,180,737 | ---- | M] () -- C:\WINDOWS\TEMP\982202062.exe
PRC - [2009/04/22 14:08:26 | 01,052,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/04/21 23:02:05 | 00,102,400 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\GENERIC\Power4 Gear\BatteryLife.exe
PRC - [2009/04/22 21:45:48 | 00,015,001 | -H-- | M] () -- C:\WINDOWS\TEMP\j1ra6qem9n.exe
PRC - [2009/04/21 23:02:06 | 00,385,024 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe
PRC - [2009/04/21 23:02:08 | 00,241,664 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2009/04/21 23:02:09 | 00,237,568 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/04/21 23:02:11 | 14,180,864 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2009/04/21 23:02:13 | 00,233,472 | ---- | M] (Ahead Software) -- C:\Program Files\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe
PRC - [2009/04/21 23:02:01 | 00,118,874 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2009/04/21 23:02:21 | 00,212,992 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2009/04/21 23:03:24 | 00,050,176 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2009/04/21 23:02:03 | 00,708,698 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2009/04/21 23:02:19 | 00,821,248 | ---- | M] (ASUS) -- C:\Program Files\Keyboard\Keyboard Hotkey\Hotkey.exe
PRC - [2009/04/21 23:02:04 | 00,077,824 | ---- | M] () -- C:\Program Files\Generic\Wireless Console\wcourier.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/04/21 23:02:05 | 00,102,400 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\GENERIC\Power4 Gear\BatteryLife.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/04/21 22:40:25 | 02,007,040 | R--- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe
PRC - [2009/04/22 14:32:18 | 00,156,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe
PRC - [2007/07/18 12:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2007/11/01 18:12:38 | 00,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2009/04/22 13:43:43 | 00,113,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2009/04/22 14:33:47 | 00,034,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2009/04/22 13:43:43 | 00,113,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/04/21 23:01:11 | 00,522,240 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Neil McGilloway\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (0142641239930246mcinstcleanup [Auto | Stopped])
SRV - [2004/08/10 08:00:00 | 00,019,968 | ---- | M] () -- C:\WINDOWS\system32\6to4v32.dll -- (6to4 [Auto | Running])
SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/04/21 23:01:52 | 00,215,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2009/04/22 15:49:02 | 00,123,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2004/08/10 08:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/21 23:02:27 | 00,890,880 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])
SRV - [2009/04/21 23:02:27 | 00,890,880 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR [Auto | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2004/08/04 00:56:44 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2009/04/21 23:01:54 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2007/11/07 09:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2009/04/21 23:02:00 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Stopped])
SRV - [2004/08/10 05:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2007/07/18 12:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [On_Demand | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - File not found -- -- (npkcmsvc [Disabled | Stopped])
SRV - [2009/04/21 23:01:55 | 00,147,523 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2009/04/21 23:02:43 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
SRV - [2009/04/21 23:01:57 | 00,045,132 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2009/04/21 23:02:47 | 00,933,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2002/09/09 20:54:06 | 00,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\ASNDIS5.SYS -- (ASNDIS5 [On_Demand | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/01/07 18:07:16 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2004/10/06 03:33:00 | 00,163,328 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Stopped])
DRV - [2004/10/06 03:31:00 | 01,036,928 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Stopped])
DRV - [2005/06/17 17:01:22 | 00,099,584 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs [Disabled | Running])
DRV - [2005/06/17 17:00:58 | 00,029,696 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\DRIVERS\InCDPass.sys -- (InCDPass [System | Running])
DRV - [2005/06/17 10:00:52 | 00,028,160 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm [System | Running])
DRV - [2005/04/15 06:05:00 | 02,564,032 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2001/08/17 13:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\irsir.sys -- (irsir [On_Demand | Running])
DRV - [2005/05/27 09:31:28 | 00,022,016 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvusbsta.sys -- (LVUSBSta [On_Demand | Stopped])
DRV - [2004/03/16 23:04:00 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2007/11/22 06:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Stopped])
DRV - [2007/11/22 06:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Stopped])
DRV - [2007/11/22 06:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2007/11/22 06:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2007/12/02 12:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Stopped])
DRV - [2007/07/13 06:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV - [2007/08/28 05:58:00 | 00,005,760 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\ATKACPI.sys -- (MTsensor [On_Demand | Running])
DRV - [2007/08/15 07:27:18 | 00,009,600 | ---- | M] () -- C:\WINDOWS\System32\Drivers\n558.sys -- (n558 [On_Demand | Stopped])
DRV - [2005/07/26 05:02:00 | 03,211,040 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2004/08/10 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/05/12 18:54:10 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2005/05/27 09:32:52 | 01,317,152 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\LVCM.sys -- (QCMerced [On_Demand | Stopped])
DRV - [2004/07/05 17:14:58 | 00,057,088 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\R592.sys -- (R592 [Boot | Running])
DRV - [2004/09/17 01:42:54 | 00,027,264 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\risdpntk.sys -- (risdpntk [Boot | Running])
DRV - [2009/01/21 07:49:40 | 00,118,656 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Stopped])
DRV - [2009/03/23 14:07:26 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/03/23 14:07:28 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/03/23 14:07:26 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2004/12/22 02:23:00 | 00,186,240 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2004/08/03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2004/10/06 03:32:00 | 00,702,592 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Stopped])
DRV - [2005/06/17 20:41:46 | 00,274,432 | ---- | M] (ZyDAS Technology Corporation) -- C:\WINDOWS\system32\DRIVERS\zd1211u.sys -- (ZD1211U(ASUS) [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-527237240-261903793-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-527237240-261903793-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-527237240-261903793-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKU\S-1-5-21-527237240-261903793-725345543-1003\S-1-5-21-527237240-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-527237240-261903793-725345543-1003\S-1-5-21-527237240-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.comcast.net/"
FF - prefs.js..extensions.enabledItems: {5BE976F3-7F58-45B3-93E1-77C25FDC6546}:1.0
FF - prefs.js..extensions.enabledItems: {7B330090-0791-40A1-9601-47147B327D18}:1.0
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.07
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/09 19:15:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/18 23:54:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/18 23:54:11 | 00,000,000 | ---D | M]

[2009/03/09 20:31:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Neil McGilloway\Application Data\mozilla\Extensions
[2009/03/09 20:31:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Neil McGilloway\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/22 19:24:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Neil McGilloway\Application Data\mozilla\Firefox\Profiles\5cfjldav.default\extensions
[2009/03/20 11:02:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Neil McGilloway\Application Data\mozilla\Firefox\Profiles\5cfjldav.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009/04/22 19:24:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/19 02:48:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{5BE976F3-7F58-45B3-93E1-77C25FDC6546}
[2009/04/19 15:27:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{7B330090-0791-40A1-9601-47147B327D18}
[2009/04/08 16:33:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/08 16:33:45 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/08 16:33:45 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/19 15:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/19 15:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/19 15:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/19 15:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/19 15:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/19 15:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/02/19 15:33:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (201 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 jL.chura.pl
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install (NVIDIA Corporation)
O4 - HKLM..\Run: [Power_Gear] C:\Program Files\GENERIC\Power4 Gear\BatteryLife.exe 1 (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WD Button Manager] WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [Wireless Console] C:\Program Files\Generic\Wireless Console\wcourier.exe ()
O4 - HKU\.DEFAULT..\Run: [] C:\WINDOWS\TEMP\j1ra6qem9n.exe ()
O4 - HKU\.DEFAULT..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\982202062.exe ()
O4 - HKU\.DEFAULT..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Windows Resurections] C:\WINDOWS\TEMP\j1ra6qem9n.exe ()
O4 - HKU\S-1-5-18..\Run: [] C:\WINDOWS\TEMP\j1ra6qem9n.exe ()
O4 - HKU\S-1-5-18..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\982202062.exe ()
O4 - HKU\S-1-5-18..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [Windows Resurections] C:\WINDOWS\TEMP\j1ra6qem9n.exe ()
O4 - HKU\S-1-5-21-527237240-261903793-725345543-1003..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot (Logitech Inc.)
O4 - HKU\S-1-5-21-527237240-261903793-725345543-1003..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe (Ahead Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Hotkey.lnk = C:\Program Files\Keyboard\Keyboard Hotkey\Hotkey.exe (ASUS)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-527237240-261903793-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-527237240-261903793-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-527237240-261903793-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-527237240-261903793-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-527237240-261903793-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O7 - HKU\S-1-5-21-527237240-261903793-725345543-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [Bluetooth Namespace] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-527237240-261903793-725345543-1003\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1236634939000 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\ntos.exe) - C:\WINDOWS\system32\ntos.exe [FILE handle not seen by OS]
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/09 17:31:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[11 C:\*.tmp files]
[7 C:\WINDOWS\System32\*.tmp files]
[2009/04/22 21:49:26 | 02,999,323 | ---- | C] () -- C:\Documents and Settings\Neil McGilloway\Desktop\ComboFix.exe
[2009/04/22 19:10:23 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/04/22 19:03:34 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\hsf9ikmifj934g.dll
[2009/04/22 17:20:02 | 00,018,510 | ---- | C] () -- C:\CFCollect.zip
[2009/04/22 17:19:02 | 00,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.execf
[2009/04/22 17:18:36 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/04/22 16:23:19 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\hsfiun3487dll
[2009/04/22 16:15:58 | 00,232,960 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/04/22 16:15:58 | 00,182,784 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/04/22 16:15:58 | 00,158,208 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/04/22 16:15:58 | 00,131,072 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/04/22 16:15:58 | 00,118,784 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/04/22 16:15:58 | 00,100,892 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/04/22 16:15:58 | 00,088,576 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/04/22 16:12:21 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/22 14:55:47 | 00,000,220 | R--- | C] () -- C:\Documents and Settings\Neil McGilloway\My Documents\ATT00006.dat
[2009/04/21 20:26:48 | 13,718,160 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Neil McGilloway\Desktop\drweb-cureit.exe
[2009/04/21 20:13:34 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/21 18:27:49 | 00,522,240 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Neil McGilloway\Desktop\OTListIt2.exe
[2009/04/21 18:02:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/04/21 12:41:09 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresja.dll
[2009/04/21 12:41:09 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresko.dll
[2009/04/21 12:41:09 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresfr.dll
[2009/04/21 12:41:08 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresde.dll
[2009/04/21 12:41:08 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehreschs.dll
[2009/04/21 12:40:51 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2009/04/21 12:40:46 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2009/04/21 12:40:42 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2009/04/21 12:40:41 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2009/04/21 12:40:41 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2009/04/21 12:40:40 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2009/04/21 12:40:40 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2009/04/21 12:40:39 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2009/04/21 12:40:38 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2009/04/21 12:40:38 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2009/04/21 12:40:37 | 00,363,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2009/04/21 12:40:37 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2009/04/21 12:40:37 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2009/04/21 12:40:37 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2009/04/21 12:40:37 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2009/04/21 12:40:37 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2009/04/21 12:40:36 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2009/04/21 12:40:36 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2009/04/21 12:40:35 | 00,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2009/04/21 12:40:35 | 00,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2009/04/21 12:40:31 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2009/04/21 12:40:31 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2009/04/21 12:40:30 | 00,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2009/04/21 12:40:28 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2009/04/21 12:40:28 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2009/04/21 12:40:27 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2009/04/21 12:40:26 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2009/04/21 12:40:26 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2009/04/21 12:40:26 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2009/04/21 12:40:26 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2009/04/21 12:40:24 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2009/04/21 12:40:23 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2009/04/21 12:40:22 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2009/04/21 12:40:22 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2009/04/21 12:40:21 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2009/04/21 12:40:20 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2009/04/21 12:40:19 | 00,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2009/04/21 12:40:19 | 00,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2009/04/21 12:40:19 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2009/04/21 12:40:19 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2009/04/21 12:40:19 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2009/04/21 12:40:19 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2009/04/21 12:40:19 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2009/04/21 12:40:18 | 00,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2009/04/21 12:40:18 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2009/04/21 12:40:17 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2009/04/21 12:40:17 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2009/04/21 12:40:17 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2009/04/21 12:40:17 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2009/04/21 12:40:17 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2009/04/21 12:40:17 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2009/04/21 12:40:17 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2009/04/21 12:40:17 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2009/04/21 12:40:17 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2009/04/21 12:40:17 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2009/04/21 12:40:16 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2009/04/21 12:40:16 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2009/04/21 12:40:16 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2009/04/21 12:40:16 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2009/04/21 12:40:16 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2009/04/21 12:40:16 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2009/04/21 12:40:14 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2009/04/21 12:40:10 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2009/04/21 12:40:09 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2009/04/21 12:40:08 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/04/21 12:40:07 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/04/21 12:40:07 | 00,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2009/04/21 12:40:07 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2009/04/21 12:40:05 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2009/04/21 12:40:05 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2009/04/21 12:40:01 | 00,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2009/04/21 12:40:00 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2009/04/21 12:39:59 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2009/04/21 12:39:59 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2009/04/21 12:39:58 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2009/04/21 12:39:58 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2009/04/21 12:39:58 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2009/04/21 12:39:58 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2009/04/21 12:39:58 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2009/04/21 12:39:57 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2009/04/21 12:39:57 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2009/04/21 12:39:57 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2009/04/21 12:39:57 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2009/04/21 12:39:57 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2009/04/21 12:39:56 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2009/04/21 12:39:56 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2009/04/21 12:39:56 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2009/04/21 12:39:56 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2009/04/21 12:39:55 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2009/04/21 12:39:52 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2009/04/21 12:39:51 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2009/04/21 12:39:50 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2009/04/21 12:39:49 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2009/04/21 12:39:46 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2009/04/21 12:39:40 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2009/04/21 12:39:40 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2009/04/21 12:39:29 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2009/04/21 12:39:29 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2009/04/21 12:39:29 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2009/04/21 12:39:29 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2009/04/21 12:39:29 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2009/04/21 12:39:28 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2009/04/21 12:39:26 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2009/04/21 12:39:26 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2009/04/21 12:39:26 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2009/04/21 12:39:26 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2009/04/21 12:39:24 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2009/04/21 12:39:24 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2009/04/21 12:39:23 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/04/21 12:39:23 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2009/04/21 12:39:23 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2009/04/21 12:39:23 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2009/04/21 12:39:22 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2009/04/21 12:39:22 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2009/04/21 12:39:22 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2009/04/21 12:39:22 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2009/04/21 12:39:22 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2009/04/21 12:39:22 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2009/04/21 12:39:22 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2009/04/21 12:39:22 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2009/04/21 12:39:22 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2009/04/21 12:39:22 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2009/04/21 12:39:21 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2009/04/21 12:39:21 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2009/04/21 12:39:21 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2009/04/21 12:39:21 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2009/04/21 12:39:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2009/04/21 12:39:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2009/04/21 12:39:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2009/04/21 12:39:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2009/04/21 12:39:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2009/04/21 12:39:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2009/04/21 12:39:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2009/04/21 12:39:20 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2009/04/21 12:39:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2009/04/21 12:39:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2009/04/21 12:39:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2009/04/21 12:39:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2009/04/21 12:39:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2009/04/21 12:39:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2009/04/21 12:39:20 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2009/04/21 12:39:20 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2009/04/21 12:39:20 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2009/04/21 12:39:19 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2009/04/21 12:39:19 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2009/04/21 12:39:19 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2009/04/21 12:39:19 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2009/04/21 12:39:19 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2009/04/21 12:39:19 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2009/04/21 12:39:18 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2009/04/21 12:39:18 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2009/04/21 12:39:18 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2009/04/21 12:39:16 | 00,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2009/04/21 12:39:16 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2009/04/21 12:39:15 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2009/04/21 12:39:15 | 00,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2009/04/21 12:39:15 | 00,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2009/04/21 12:39:15 | 00,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2009/04/21 12:39:13 | 00,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2009/04/21 12:39:12 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2009/04/21 12:39:12 | 00,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2009/04/21 12:39:12 | 00,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2009/04/21 12:39:12 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2009/04/21 12:39:12 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2009/04/21 12:39:12 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2009/04/21 12:39:11 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009/04/21 12:39:11 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2009/04/21 12:39:11 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2009/04/21 12:39:11 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2009/04/21 12:39:11 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2009/04/21 12:39:11 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2009/04/21 12:39:11 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2009/04/21 12:39:11 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2009/04/21 12:39:10 | 00,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2009/04/21 12:39:10 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2009/04/21 12:39:06 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2009/04/21 12:39:01 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2009/04/21 12:38:58 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2009/04/21 12:38:58 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2009/04/21 12:38:58 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2009/04/21 12:38:58 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2009/04/21 12:38:57 | 00,039,936 | ---- | C