Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MSA.exe---> OTL log


  • This topic is locked This topic is locked
14 replies to this topic

#1 pkat423

pkat423

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 17 September 2009 - 03:57 PM

Ok so I started this quest for information on the Am I infected forum because I could not run any programs that were required to post the logs here. I am not sure where I got the infection...teenagers are wonderful. But I know I am infected with msa.exe for I notice msa and b.exe in the task manager. Kill them and of course they come back. Every antivirus or antispyware program I try to run will not operate....even hjt. I open the program...it acts like its going to work and then it shuts down. When I try to reopen the program I am told I dont have the rights to do so or the program is inaccessible. I attempt to go to websites and I am redirected no matter what addy I put in the bar...even www.bleepingcomputer.com is difficult to navigate to. The person that helped me there had me download and run OTL for it is the only program that would work. Here is the log from that scan. Thanks so much! Anxiously waiting your reply, Paula

System:

Microsoft XP Home 32 Bit Service Pack 3
2.0 GHz 1.25 GB Ram

OTL Extras logfile created on: 9/17/2009 3:51:49 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 78.55% Memory free
2.98 Gb Paging File | 2.89 Gb Available in Paging File | 96.88% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 31.48 Gb Total Space | 9.81 Gb Free Space | 31.15% Space Free | Partition Type: NTFS
Drive D: | 186.31 Gb Total Space | 32.88 Gb Free Space | 17.65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FRED
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Winmx\WinMX.exe" = C:\Program Files\Winmx\WinMX.exe:*:Enabled:WinMX Application -- (Frontcode Technologies)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{6AF5CAB9-FD0A-494F-8AA6-784D4B5D06C5}" = Microsoft Baseline Security Analyzer 2.1
"{6CCF80FD-EBBE-4FA8-AAB2-FF28BD3FC2B7}" = The Nations Gold Edition
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}" = ATI Parental Control & Encoder
"{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}" = VIA Integrated Setup Wizard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5E211F5-7E9A-4D0A-88F0-D5E1FB849ABA}" = ATI Catalyst Control Center
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"7-Zip" = 7-Zip 4.65
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Belarc Advisor" = Belarc Advisor 8.1
"Cake Mania Main Street1.0" = Cake Mania Main Street
"Carnival Mania ." = Carnival Mania .
"CCleaner" = CCleaner (remove only)
"CLUE Accusations and Alibis" = CLUE Accusations and Alibis
"C-Media Audio Driver" = C-Media WDM Audio Driver
"Cooking Quest ." = Cooking Quest .
"DMX4_is1" = DriverMax 4
"Easy Video Splitter_is1" = Easy Video Splitter 1.28
"GameCheater 1.2" = GameCheater 1.2
"Gemini Lost1.0.0.125" = Gemini Lost
"HijackThis" = HijackThis 2.0.2
"InstallShield_{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}" = VIA Integrated Setup Wizard
"IsoBuster_is1" = IsoBuster 2.4
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Oregon Trail 5" = Oregon Trail 5
"Super Ranch1.0" = Super Ranch
"uTorrent" = µTorrent
"VCDEasy_is1" = VCDEasy
"VLC media player" = VLC media player 1.0.1
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"WinAVIVideoConverter_is1" = WinAVIVideoConverter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Winmx Community 1" = Winmx Community 1
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/28/2009 3:15:21 PM | Computer Name = FRED | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 8/28/2009 3:15:31 PM | Computer Name = FRED | Source = Perflib | ID = 2002
Description = The open procedure for service "WmiApRpl" in DLL "C:\WINDOWS\System32\wbem\wmiaprpl.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 9/1/2009 12:41:00 PM | Computer Name = FRED | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 9/14/2009 4:26:41 PM | Computer Name = FRED | Source = Application Error | ID = 1000
Description = Faulting application carnival mania.exe, version 0.0.0.0, faulting
module carnival mania.exe, version 0.0.0.0, fault address 0x0014f2b1.

Error - 9/14/2009 5:36:20 PM | Computer Name = FRED | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/14/2009 6:14:59 PM | Computer Name = FRED | Source = Application Hang | ID = 1002
Description = Hanging application GameCheater.exe, version 1.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2009 7:48:41 PM | Computer Name = FRED | Source = ESENT | ID = 490
Description = svchost (1152) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 9/17/2009 1:33:37 PM | Computer Name = FRED | Source = Avira AntiVir | ID = 4110
Description = An unknown error occurred during init of the engine! Returned error
code: 0x35

[ System Events ]
Error - 9/17/2009 3:01:37 PM | Computer Name = FRED | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000000D'
while processing the file 'addins' on the volume 'HarddiskVolume1'. It has stopped
monitoring the volume.

Error - 9/17/2009 3:10:38 PM | Computer Name = FRED | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 9/17/2009 3:10:44 PM | Computer Name = FRED | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_ROOTREPEAL\0000 disappeared from the system
without first being prepared for removal.

Error - 9/17/2009 3:10:44 PM | Computer Name = FRED | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 9/17/2009 3:10:49 PM | Computer Name = FRED | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/17/2009 3:13:23 PM | Computer Name = FRED | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%5

Error - 9/17/2009 3:13:23 PM | Computer Name = FRED | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio avipbb BANTExt Fips intelppm ssmdrv

Error - 9/17/2009 3:44:01 PM | Computer Name = FRED | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/17/2009 3:44:11 PM | Computer Name = FRED | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.


< End of report >

BC AdBot (Login to Remove)

 


#2 pkat423

pkat423
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 17 September 2009 - 05:12 PM

It was brought to my attn that I posted the wrong otl log...my apologies please refer to this one. Thanks, Paula

OTL logfile created on: 9/17/2009 3:51:42 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 78.55% Memory free
2.98 Gb Paging File | 2.89 Gb Available in Paging File | 96.88% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 31.48 Gb Total Space | 9.81 Gb Free Space | 31.15% Space Free | Partition Type: NTFS
Drive D: | 186.31 Gb Total Space | 32.88 Gb Free Space | 17.65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FRED
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/09/10 18:57:00 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/17 15:50:52 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Stopped])
SRV - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/03/21 23:48:54 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
SRV - [2006/03/17 15:37:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/08/31 13:31:41 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Stopped])
SRV - [2009/07/03 10:49:06 | 01,029,456 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2008/11/09 16:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Auto | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2003/08/13 19:16:38 | 00,404,736 | R--- | M] (Sensaura Ltd) -- C:\WINDOWS\System32\drivers\ALCXSENS.SYS -- (ALCXSENS [On_Demand | Stopped])
DRV - [2003/08/20 12:31:52 | 00,462,940 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Stopped])
DRV - [2006/03/21 23:56:22 | 01,522,688 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])
DRV - [2009/02/13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Stopped])
DRV - [2009/07/28 16:33:56 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Stopped])
DRV - [2009/03/30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [System | Stopped])
DRV - [2008/03/06 11:51:14 | 00,003,840 | ---- | M] () -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt [System | Stopped])
DRV - File not found -- -- (catchme [On_Demand | Running])
DRV - [2005/12/15 13:57:46 | 01,368,000 | ---- | M] (C-Media Inc) -- C:\WINDOWS\System32\drivers\cmuda.sys -- (cmuda [On_Demand | Stopped])
DRV - [2005/01/10 10:15:24 | 00,138,752 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys -- (ctsfm2k [On_Demand | Stopped])
DRV - [2009/06/16 10:28:50 | 00,046,592 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys -- (FET5X86V [On_Demand | Running])
DRV - [2001/08/17 12:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\DRIVERS\fetnd5.sys -- (FETNDIS [On_Demand | Stopped])
DRV - [2009/07/03 10:49:08 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2001/08/17 13:53:42 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\loop.sys -- (msloop [On_Demand | Stopped])
DRV - [2003/07/17 04:10:06 | 00,007,040 | R--- | M] (VIA Networking Technologies, Inc. ) -- C:\WINDOWS\System32\ntsim.sys -- (NTSIM [On_Demand | Stopped])
DRV - [2005/01/10 10:15:30 | 00,106,496 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys -- (ossrv [On_Demand | Stopped])
DRV - [2007/06/15 02:47:26 | 01,127,936 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\P17.sys -- (P17 [On_Demand | Stopped])
DRV - [2003/03/31 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/04/13 12:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2009/09/05 12:42:21 | 00,685,816 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2009/05/11 10:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Stopped])
DRV - [2003/07/02 04:42:00 | 00,027,904 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1 [Boot | Running])
DRV - [2003/08/05 02:14:32 | 00,077,056 | R--- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\System32\DRIVERS\viasraid.sys -- (viasraid [Boot | Running])
DRV - [2002/08/16 13:30:40 | 00,016,066 | ---- | M] ( ) -- C:\WINDOWS\System32\VNICPKT5.SYS -- (VNICPKT5 [On_Demand | Stopped])
DRV - [2003/08/04 03:29:08 | 00,006,912 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\Drivers\vulfnth.sys -- (vulfnths [On_Demand | Stopped])
DRV - [2003/08/04 03:29:32 | 00,011,392 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\Drivers\vulfntr.sys -- (vulfntrs [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/28 19:22:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/31 13:31:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/17 13:52:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/10 18:57:07 | 00,000,000 | ---D | M]

[2009/09/17 13:52:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions
[2009/09/17 13:52:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/17 14:33:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\11kvtg38.default\extensions
[2009/09/17 14:33:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\11kvtg38.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/17 12:23:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/10 18:57:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/31 13:32:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/09/10 18:56:58 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/10 18:56:58 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/08/31 13:31:41 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/09/10 18:57:02 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/07/30 03:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/30 03:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/30 03:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 03:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/30 03:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/30 03:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/30 03:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [MSConfig] D:\Stuff From C Again\Downloads\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1251489215109 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/28 13:19:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
NetSvcs: Ip6FwHlp - Service key not found. File not found

========== Files/Folders - Created Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/09/17 15:50:51 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/09/17 15:48:28 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/09/17 15:45:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/09/17 15:00:36 | 00,000,229 | ---- | C] () -- C:\Boot.bak
[2009/09/17 15:00:34 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/09/17 15:00:33 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/09/17 14:59:45 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/09/17 14:59:45 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/09/17 14:59:45 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/09/17 14:59:45 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/09/17 14:59:45 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/09/17 14:59:45 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/09/17 14:59:45 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/09/17 14:59:45 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/09/17 14:59:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/17 14:59:24 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/09/17 14:58:58 | 03,316,245 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2009/09/17 14:50:58 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/09/17 14:26:56 | 00,396,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
[2009/09/17 13:55:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2009/09/17 13:52:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2009/09/17 13:52:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2009/09/17 13:39:05 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/17 13:38:51 | 00,006,656 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/17 13:36:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2009/09/17 13:36:19 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2009/09/17 13:33:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\win32k.sys
[2009/09/17 13:32:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood(2)
[2009/09/17 12:27:01 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/17 12:27:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/14 16:49:49 | 00,000,000 | ---D | C] -- C:\Program Files\GameCheater 1.2
[2009/09/14 16:23:09 | 00,000,000 | ---D | C] -- C:\Program Files\Oberon Media
[2009/09/11 23:52:00 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/09/11 23:51:35 | 00,230,912 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM9I.DLL
[2009/09/11 23:50:40 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys
[2009/09/11 23:50:40 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2009/09/11 23:46:42 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2009/09/11 23:46:42 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2009/09/11 23:45:14 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2009/09/11 23:45:14 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2009/09/11 02:08:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/09/11 02:07:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\Gemini Lost
[2009/09/11 02:07:45 | 00,000,000 | ---D | C] -- C:\Program Files\Gemini Lost
[2009/09/09 00:33:01 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/09/07 12:26:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/09/07 12:02:56 | 00,000,000 | ---D | C] -- C:\Program Files\JoWooD
[2009/09/06 15:34:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\hitpointstudios
[2009/09/06 15:27:29 | 00,000,880 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CLUE Accusations and Alibis.lnk
[2009/09/06 15:27:04 | 00,000,000 | ---D | C] -- C:\Program Files\CLUE Accusations and Alibis
[2009/09/05 13:55:16 | 00,274,432 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\WINDOWS\TLCUninstall.exe
[2009/09/05 13:55:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\The Learning Company
[2009/09/05 13:55:07 | 00,000,000 | ---D | C] -- C:\Program Files\The Learning Company
[2009/09/05 13:54:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\setup32.INI
[2009/09/05 13:19:21 | 00,000,000 | ---D | C] -- C:\Program Files\Smart Projects
[2009/09/05 12:55:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2009/09/05 12:52:28 | 00,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Pro.lnk
[2009/09/05 12:52:25 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Pro
[2009/09/05 12:42:21 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/09/04 11:19:43 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/09/04 10:36:35 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/09/04 10:36:03 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/09/04 10:36:02 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/09/04 10:36:02 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/09/04 10:36:02 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/09/04 10:36:02 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/09/04 10:35:57 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/09/04 10:35:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/09/04 09:20:02 | 00,000,000 | ---D | C] -- C:\Program Files\GameMill Entertainment
[2009/09/01 12:43:16 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/09/01 12:42:30 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/09/01 12:42:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/09/01 12:39:58 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/09/01 12:39:55 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/09/01 12:39:45 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/09/01 12:39:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/08/31 15:58:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/08/31 13:34:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/08/31 13:32:02 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/08/31 13:32:02 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/31 13:32:02 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/31 13:32:02 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/31 13:32:02 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/08/31 13:31:36 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/08/31 13:08:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2009/08/31 13:08:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iWin
[2009/08/31 13:08:35 | 00,000,000 | ---D | C] -- C:\games
[2009/08/31 13:05:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cake Mania Main Street
[2009/08/31 13:05:21 | 00,000,000 | ---D | C] -- C:\Program Files\Cake Mania Main Street
[2009/08/30 03:18:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SuperRanch
[2009/08/30 03:18:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/30 01:42:51 | 00,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2009/08/30 01:42:18 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009/08/30 01:35:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/08/29 00:43:44 | 00,000,000 | ---D | C] -- C:\Program Files\Winmx
[2009/08/29 00:40:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\Super Ranch
[2009/08/29 00:40:21 | 00,000,000 | ---D | C] -- C:\Program Files\Super Ranch
[2009/08/28 21:51:35 | 00,000,000 | ---D | C] -- C:\Program Files\Easy Video Splitter
[2009/08/28 21:40:48 | 00,000,000 | ---D | C] -- C:\Program Files\WinAVIVideoConverter
[2009/08/28 20:46:59 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2009/08/28 20:46:59 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009/08/28 20:44:58 | 00,000,000 | ---D | C] -- C:\Program Files\VCDEasy
[2009/08/28 20:43:43 | 00,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2009/08/28 20:25:09 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2009/08/28 19:35:34 | 00,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2009/08/28 19:28:56 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/08/28 19:28:56 | 00,000,000 | ---D | C] -- C:\Program Files\Belarc
[2009/08/28 19:22:14 | 00,000,870 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Baseline Security Analyzer 2.1.lnk
[2009/08/28 19:22:10 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Baseline Security Analyzer 2
[2009/08/28 19:17:16 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/08/28 19:03:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/08/28 19:03:15 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/08/28 19:03:07 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/08/28 19:02:38 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/08/28 19:02:38 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/08/28 19:02:37 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/08/28 19:02:37 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/08/28 19:02:37 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/08/28 19:02:37 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/08/28 19:02:37 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/08/28 19:02:37 | 00,000,000 | ---D | C] -- C:\8fa06df6e30d7dfb25c0603682043238
[2009/08/28 18:58:47 | 00,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/08/28 18:58:27 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2009/08/28 18:57:00 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/08/28 18:56:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2009/08/28 18:56:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2009/08/28 18:44:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/08/28 18:44:30 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/08/28 18:44:27 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/08/28 18:21:32 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/08/28 18:21:23 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/08/28 18:19:52 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/08/28 18:19:52 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/08/28 18:19:52 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/08/28 18:19:52 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/08/28 18:19:52 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/08/28 18:19:52 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/08/28 18:19:51 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/08/28 18:19:51 | 00,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/08/28 18:19:51 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/08/28 18:19:51 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/08/28 18:19:50 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/08/28 18:19:49 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/08/28 18:19:12 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/08/28 18:18:44 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/08/28 18:18:22 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2009/08/28 18:17:56 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/08/28 18:17:17 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/08/28 18:17:07 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2009/08/28 18:16:39 | 00,247,326 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmdll.dll
[2009/08/28 18:16:28 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2009/08/28 18:16:25 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2009/08/28 18:16:01 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/08/28 18:16:00 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/08/28 18:16:00 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/08/28 18:13:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/08/28 18:07:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/08/28 18:07:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2009/08/28 18:07:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/08/28 18:07:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/08/28 18:04:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/08/28 17:58:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/08/28 17:57:48 | 00,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2009/08/28 17:57:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2009/08/28 17:57:30 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2009/08/28 17:51:06 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2009/08/28 17:51:06 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmllite.dll
[2009/08/28 17:51:05 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2009/08/28 17:51:04 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2009/08/28 17:51:04 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2009/08/28 17:51:01 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2009/08/28 17:51:01 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2009/08/28 17:51:01 | 00,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tzchange.exe
[2009/08/28 17:50:57 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2009/08/28 17:50:57 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2009/08/28 17:50:56 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2009/08/28 17:50:56 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2009/08/28 17:50:55 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2009/08/28 17:50:55 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2009/08/28 17:50:55 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2009/08/28 17:50:55 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2009/08/28 17:50:54 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2009/08/28 17:50:54 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2009/08/28 17:50:50 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll
[2009/08/28 17:50:50 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2009/08/28 17:50:50 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2009/08/28 17:50:50 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2009/08/28 17:50:50 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2009/08/28 17:50:50 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2009/08/28 17:50:50 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2009/08/28 17:50:49 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2009/08/28 17:50:49 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2009/08/28 17:50:45 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2009/08/28 17:50:45 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2009/08/28 17:50:45 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2009/08/28 17:50:45 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2009/08/28 17:50:41 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2009/08/28 17:50:41 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2009/08/28 17:50:41 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2009/08/28 17:50:41 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2009/08/28 17:50:41 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2009/08/28 17:50:41 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2009/08/28 17:50:40 | 00,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2009/08/28 17:50:39 | 00,144,384 | ---- | C] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\hdaudbus.sys
[2009/08/28 17:50:38 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2009/08/28 17:50:38 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2009/08/28 17:50:38 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2009/08/28 17:50:38 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2009/08/28 17:50:38 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2009/08/28 17:50:38 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2009/08/28 17:50:38 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2009/08/28 17:50:38 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2009/08/28 17:50:36 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2009/08/28 17:50:36 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2009/08/28 17:50:36 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2009/08/28 17:50:36 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2009/08/28 17:50:36 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2009/08/28 17:50:36 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2009/08/28 17:50:36 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2009/08/28 17:50:36 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2009/08/28 17:50:36 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2009/08/28 17:50:36 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2009/08/28 17:50:35 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2009/08/28 17:50:33 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2009/08/28 17:50:33 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2009/08/28 17:50:31 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2009/08/28 17:10:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\provisioning
[2009/08/28 17:09:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/08/28 17:03:45 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/08/28 17:03:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2009/08/28 17:00:27 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2009/08/28 17:00:27 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spnpinst.exe
[2009/08/28 17:00:27 | 00,007,208 | ---- | C] () -- C:\WINDOWS\System32\secupd.sig
[2009/08/28 17:00:27 | 00,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/08/28 16:48:46 | 24,689,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/08/28 16:48:14 | 00,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2009/08/28 16:48:14 | 00,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2009/08/28 16:32:27 | 00,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2009/08/28 16:29:35 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mf3216.dll
[2009/08/28 16:29:35 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evtgprov.dll
[2009/08/28 16:29:34 | 00,614,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\h323msp.dll
[2009/08/28 16:29:34 | 00,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipnathlp.dll
[2009/08/28 16:29:34 | 00,265,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\h323.tsp
[2009/08/28 16:27:06 | 00,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2009/08/28 16:27:06 | 00,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shmedia.dll
[2009/08/28 16:27:05 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\osk.exe
[2009/08/28 16:27:02 | 00,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\crypt32.dll
[2009/08/28 16:27:02 | 00,545,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hhctrl.ocx
[2009/08/28 16:27:02 | 00,247,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\newdev.dll
[2009/08/28 16:27:02 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\itircl.dll
[2009/08/28 16:27:02 | 00,138,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\itss.dll
[2009/08/28 16:27:02 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\locator.exe
[2009/08/28 16:27:02 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\magnify.exe
[2009/08/28 16:27:02 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cryptsvc.dll
[2009/08/28 16:27:02 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\narrator.exe
[2009/08/28 16:27:02 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hhsetup.dll
[2009/08/28 16:27:02 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\hh.exe
[2009/08/28 16:27:01 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2009/08/28 16:25:43 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wzcdlg.dll
[2009/08/28 16:25:43 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wzcsapi.dll
[2009/08/28 16:25:42 | 01,703,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netshell.dll
[2009/08/28 16:25:42 | 00,483,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wzcsvc.dll
[2009/08/28 16:25:25 | 01,516,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjet40.dll
[2009/08/28 16:25:25 | 00,559,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrepl40.dll
[2009/08/28 16:25:25 | 00,518,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msexch40.dll
[2009/08/28 16:25:25 | 00,355,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxbde40.dll
[2009/08/28 16:25:25 | 00,355,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspbde40.dll
[2009/08/28 16:25:25 | 00,326,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msexcl40.dll
[2009/08/28 16:25:25 | 00,264,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstext40.dll
[2009/08/28 16:25:25 | 00,248,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjtes40.dll
[2009/08/28 16:25:25 | 00,030,749 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbajet32.dll
[2009/08/28 16:25:24 | 00,838,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mswdat10.dll
[2009/08/28 16:25:24 | 00,621,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mswstr10.dll
[2009/08/28 16:25:24 | 00,432,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrd2x40.dll
[2009/08/28 16:25:24 | 00,380,445 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\expsrv.dll
[2009/08/28 16:25:24 | 00,322,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrd3x40.dll
[2009/08/28 16:25:24 | 00,151,583 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjint40.dll
[2009/08/28 16:25:24 | 00,060,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjter40.dll
[2009/08/28 16:25:23 | 00,219,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msltus40.dll
[2009/08/28 16:24:03 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msgsvc.dll
[2009/08/28 16:22:17 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp1hfm.exe
[2009/08/28 16:21:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2009/08/28 16:20:31 | 00,757,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WMADMOD.dll
[2009/08/28 16:20:31 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MPG4DMOD.dll
[2009/08/28 16:20:31 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MP4SDMOD.dll
[2009/08/28 16:20:31 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MP43DMOD.dll
[2009/08/28 16:20:31 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmvdmod.dll
[2009/08/28 16:20:31 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdmod.dll
[2009/08/28 16:13:00 | 01,082,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\esent.dll
[2009/08/28 16:07:19 | 00,274,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstask.dll
[2009/08/28 16:07:19 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\schedsvc.dll
[2009/08/28 16:07:19 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2009/08/28 16:02:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/08/28 16:00:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/08/28 16:00:32 | 00,026,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2009/08/28 16:00:31 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2009/08/28 15:59:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/08/28 15:58:50 | 00,354,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winhttp.dll
[2009/08/28 15:58:50 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2009/08/28 15:58:50 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2009/08/28 15:58:50 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2009/08/28 15:55:41 | 00,323,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2009/08/28 15:55:41 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2009/08/28 15:55:41 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2009/08/28 15:55:41 | 00,031,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2009/08/28 15:55:41 | 00,018,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui
[2009/08/28 15:55:40 | 00,213,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl
[2009/08/28 15:55:40 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui
[2009/08/28 15:55:39 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2009/08/28 15:55:39 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2009/08/28 15:53:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2009/08/28 15:47:45 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbehci.sys
[2009/08/28 15:47:39 | 00,027,165 | ---- | C] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\drivers\fetnd5.sys
[2009/08/28 15:47:39 | 00,027,165 | ---- | C] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\dllcache\fetnd5.sys
[2009/08/28 15:47:28 | 00,020,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbuhci.sys
[2009/08/28 15:38:16 | 00,037,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\isapnp.sys
[2009/08/28 15:26:31 | 00,724,992 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\VNICDiag.exe
[2009/08/28 15:26:31 | 00,118,784 | ---- | C] (VIA Technologies Inc.) -- C:\WINDOWS\System32\VNICDiag.cpl
[2009/08/28 15:26:31 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\VNICPKT.DLL
[2009/08/28 15:26:31 | 00,062,601 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\vnicobj.dll
[2009/08/28 15:26:31 | 00,040,960 | ---- | C] (VIA Technologies Inc.) -- C:\WINDOWS\System32\VNICMon.exe
[2009/08/28 15:26:31 | 00,021,396 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\vnicim.sys
[2009/08/28 15:26:31 | 00,016,066 | ---- | C] ( ) -- C:\WINDOWS\System32\VNICPKT5.sys
[2009/08/28 15:26:31 | 00,008,004 | ---- | C] () -- C:\WINDOWS\vnicim.cat
[2009/08/28 15:26:31 | 00,003,473 | ---- | C] () -- C:\WINDOWS\vnicimtp.inf
[2009/08/28 15:26:31 | 00,002,051 | ---- | C] () -- C:\WINDOWS\vnicimmp.inf
[2009/08/28 15:25:13 | 00,007,040 | R--- | C] (VIA Networking Technologies, Inc. ) -- C:\WINDOWS\System32\ntsim.sys
[2009/08/28 15:22:14 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 6.0.lnk
[2009/08/28 15:22:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/08/28 15:22:08 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/08/28 15:20:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cache
[2009/08/28 15:10:43 | 00,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\splitter.sys
[2009/08/28 15:10:41 | 00,083,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdmaud.sys
[2009/08/28 15:10:40 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dmusic.sys
[2009/08/28 15:10:39 | 00,056,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swmidi.sys
[2009/08/28 15:10:38 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aec.sys
[2009/08/28 15:10:36 | 00,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kmixer.sys
[2009/08/28 15:10:34 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmkaud.sys
[2009/08/28 15:10:33 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sysaudio.sys
[2009/08/28 15:10:15 | 00,765,952 | R--- | C] (Sensaura Ltd) -- C:\WINDOWS\System\crlds3d.dll
[2009/08/28 15:10:14 | 00,404,736 | R--- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\drivers\ALCXSENS.SYS
[2009/08/28 15:10:14 | 00,141,016 | R--- | C] () -- C:\WINDOWS\System32\ALSNDMGR.WAV
[2009/08/28 15:10:11 | 10,435,072 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSNDMGR.CPL
[2009/08/28 15:10:11 | 00,057,344 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2009/08/28 15:10:10 | 00,462,940 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS
[2009/08/28 15:10:10 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdmaud.drv
[2009/08/28 15:08:35 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\loop.sys
[2009/08/28 15:08:35 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\loop.sys
[2009/08/28 15:04:41 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2009/08/28 15:04:41 | 00,011,392 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\drivers\vulfntr.sys
[2009/08/28 15:04:41 | 00,006,912 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\drivers\vulfnth.sys
[2009/08/28 15:00:54 | 00,077,056 | R--- | C] (VIA Technologies inc,.ltd) -- C:\WINDOWS\System32\drivers\viasraid.sys
[2009/08/28 15:00:37 | 00,000,000 | ---D | C] -- C:\Program Files\VIA
[2009/08/28 14:54:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2009/08/28 14:54:21 | 00,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2009/08/28 14:53:07 | 00,000,008 | ---- | C] () -- C:\DFIMB.DAT
[2009/08/28 14:44:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/08/28 14:21:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2009/08/28 14:20:38 | 00,001,875 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Catalyst Control Center.lnk
[2009/08/28 14:19:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2009/08/28 14:19:04 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/08/28 14:19:04 | 00,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nabtsfec.sys
[2009/08/28 14:19:04 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wstdecod.dll
[2009/08/28 14:19:04 | 00,033,280 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax
[2009/08/28 14:19:04 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbisurf.ax
[2009/08/28 14:19:04 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wstcodec.sys
[2009/08/28 14:19:04 | 00,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\streamip.sys
[2009/08/28 14:19:04 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\slip.sys
[2009/08/28 14:19:04 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndisip.sys
[2009/08/28 14:19:03 | 01,428,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvidctl.dll
[2009/08/28 14:19:03 | 00,118,272 | ---- | C] () -- C:\WINDOWS\System32\mpeg2data.ax
[2009/08/28 14:19:03 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2009/08/28 14:19:03 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2009/08/28 14:19:03 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax
[2009/08/28 14:19:03 | 00,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msdv.sys
[2009/08/28 14:19:03 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2009/08/28 14:19:03 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bdaplgin.ax
[2009/08/28 14:19:03 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ccdecode.sys
[2009/08/28 14:19:03 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msyuv.dll
[2009/08/28 14:19:03 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2009/08/28 14:19:03 | 00,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mpe.sys
[2009/08/28 14:19:03 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bdasup.sys
[2009/08/28 14:19:02 | 00,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys
[2009/08/28 14:19:02 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2009/08/28 14:19:02 | 00,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys
[2009/08/28 14:19:02 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksolay.ax
[2009/08/28 14:19:02 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mskssrv.sys
[2009/08/28 14:19:02 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mstee.sys
[2009/08/28 14:19:02 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspclock.sys
[2009/08/28 14:19:02 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspqm.sys
[2009/08/28 14:19:02 | 00,004,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swenum.sys
[2009/08/28 14:19:02 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2009/08/28 14:19:01 | 00,211,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qasf.dll
[2009/08/28 14:19:01 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009/08/28 14:19:01 | 00,148,992 | ---- | C] () -- C:\WINDOWS\System32\mpg2splt.ax
[2009/08/28 14:19:01 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\encapi.dll
[2009/08/28 14:19:00 | 02,113,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdiagn.dll
[2009/08/28 14:19:00 | 01,689,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3d9.dll
[2009/08/28 14:19:00 | 01,298,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdiag.exe
[2009/08/28 14:19:00 | 01,179,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3d8.dll
[2009/08/28 14:19:00 | 00,212,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpvoice.dll
[2009/08/28 14:19:00 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dsdmo.dll
[2009/08/28 14:19:00 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmime.dll
[2009/08/28 14:19:00 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpvvox.dll
[2009/08/28 14:19:00 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmstyle.dll
[2009/08/28 14:19:00 | 00,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmusic.dll
[2009/08/28 14:19:00 | 00,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmsynth.dll
[2009/08/28 14:19:00 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpvsetup.exe
[2009/08/28 14:19:00 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmscript.dll
[2009/08/28 14:19:00 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dsdmoprp.dll
[2009/08/28 14:19:00 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmcompos.dll
[2009/08/28 14:19:00 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdllreg.exe
[2009/08/28 14:19:00 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmloader.dll
[2009/08/28 14:19:00 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmband.dll
[2009/08/28 14:19:00 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpvacm.dll
[2009/08/28 14:19:00 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dswave.dll
[2009/08/28 14:18:59 | 01,293,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dsound3d.dll
[2009/08/28 14:18:59 | 01,227,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dx8vb.dll
[2009/08/28 14:18:59 | 00,824,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dim700.dll
[2009/08/28 14:18:59 | 00,619,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dx7vb.dll
[2009/08/28 14:18:59 | 00,375,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnet.dll
[2009/08/28 14:18:59 | 00,367,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dsound.dll
[2009/08/28 14:18:59 | 00,279,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ddraw.dll
[2009/08/28 14:18:59 | 00,229,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dplayx.dll
[2009/08/28 14:18:59 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnhupnp.dll
[2009/08/28 14:18:59 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpwsockx.dll
[2009/08/28 14:18:59 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnhpast.dll
[2009/08/28 14:18:59 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dplaysvr.exe
[2009/08/28 14:18:59 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ddrawex.dll
[2009/08/28 14:18:59 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpmodemx.dll
[2009/08/28 14:18:59 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnsvr.exe
[2009/08/28 14:18:59 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3d8thk.dll
[2009/08/28 14:18:59 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnlobby.dll
[2009/08/28 14:18:59 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnaddr.dll
[2009/08/28 14:16:34 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/08/28 14:16:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/08/28 14:16:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2009/08/28 14:16:05 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/08/28 14:16:00 | 00,307,200 | R--- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiiiexx.dll
[2009/08/28 14:15:58 | 00,006,005 | R--- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2009/08/28 14:15:57 | 00,121,995 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/08/28 14:15:56 | 01,114,674 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativcaxx.cpa
[2009/08/28 14:15:56 | 00,058,560 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativckxx.vp
[2009/08/28 14:15:56 | 00,027,504 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativvpxx.vp
[2009/08/28 14:15:56 | 00,000,929 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativcaxx.vp
[2009/08/28 14:15:43 | 00,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2009/08/28 14:15:40 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009/08/28 14:15:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2009/08/28 13:34:26 | 00,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2009/08/28 13:33:24 | 00,002,422 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2009/08/28 13:23:52 | 00,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2009/08/28 13:23:38 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2009/08/28 13:22:45 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009/08/28 13:22:27 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2009/08/28 13:21:20 | 00,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/08/28 13:21:09 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2009/08/28 13:21:08 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2009/08/28 13:21:08 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2009/08/28 13:21:08 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2009/08/28 13:21:07 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2009/08/28 13:21:07 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2009/08/28 13:21:06 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2009/08/28 13:21:06 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2009/08/28 13:21:05 | 00,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2009/08/28 13:21:05 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2009/08/28 13:21:04 | 00,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2009/08/28 13:21:03 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2009/08/28 13:21:03 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2009/08/28 13:21:02 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2009/08/28 13:21:01 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2009/08/28 13:21:01 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2009/08/28 13:21:01 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2009/08/28 13:21:00 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2009/08/28 13:21:00 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2009/08/28 13:21:00 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2009/08/28 13:21:00 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2009/08/28 13:20:59 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2009/08/28 13:20:58 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2009/08/28 13:20:57 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2009/08/28 13:20:56 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2009/08/28 13:20:56 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2009/08/28 13:20:55 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2009/08/28 13:20:55 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpapi.dll
[2009/08/28 13:20:55 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2009/08/28 13:20:54 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2009/08/28 13:20:54 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2009/08/28 13:20:54 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2009/08/28 13:20:54 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2009/08/28 13:20:54 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2009/08/28 13:20:54 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2009/08/28 13:20:54 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2009/08/28 13:20:54 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2009/08/28 13:20:53 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2009/08/28 13:20:53 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2009/08/28 13:20:53 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2009/08/28 13:20:53 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2009/08/28 13:20:53 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2009/08/28 13:20:53 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2009/08/28 13:20:53 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2009/08/28 13:20:52 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2009/08/28 13:20:50 | 00,205,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seo.dll
[2009/08/28 13:20:50 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2009/08/28 13:20:49 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2009/08/28 13:20:48 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/08/28 13:20:48 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/08/28 13:20:48 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_rwnh.dll
[2009/08/28 13:20:47 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2009/08/28 13:20:47 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2009/08/28 13:20:47 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2009/08/28 13:20:45 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2009/08/28 13:20:45 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2009/08/28 13:20:45 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2009/08/28 13:20:44 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2009/08/28 13:20:44 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2009/08/28 13:20:43 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2009/08/28 13:20:43 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2009/08/28 13:20:43 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2009/08/28 13:20:43 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2009/08/28 13:20:43 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2009/08/28 13:20:42 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2009/08/28 13:20:42 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2009/08/28 13:20:42 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2009/08/28 13:20:42 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2009/08/28 13:20:41 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2009/08/28 13:20:41 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2009/08/28 13:20:40 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2009/08/28 13:20:37 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2009/08/28 13:20:34 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2009/08/28 13:20:34 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2009/08/28 13:20:29 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2009/08/28 13:20:29 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2009/08/28 13:20:28 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2009/08/28 13:20:26 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/08/28 13:20:26 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2009/08/28 13:20:25 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2009/08/28 13:20:25 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2009/08/28 13:20:25 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2009/08/28 13:20:25 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2009/08/28 13:20:25 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2009/08/28 13:20:25 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2009/08/28 13:20:24 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2009/08/28 13:20:24 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2009/08/28 13:20:24 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2009/08/28 13:20:24 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2009/08/28 13:20:24 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2009/08/28 13:20:24 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2009/08/28 13:20:23 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2009/08/28 13:20:23 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2009/08/28 13:20:23 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2009/08/28 13:20:23 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2009/08/28 13:20:22 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2009/08/28 13:20:22 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2009/08/28 13:20:22 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2009/08/28 13:20:22 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2009/08/28 13:20:22 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2009/08/28 13:20:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2009/08/28 13:20:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2009/08/28 13:20:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2009/08/28 13:20:21 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2009/08/28 13:20:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2009/08/28 13:20:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2009/08/28 13:20:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2009/08/28 13:20:20 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2009/08/28 13:20:20 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2009/08/28 13:20:19 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2009/08/28 13:20:19 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2009/08/28 13:20:18 | 00,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2009/08/28 13:20:17 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2009/08/28 13:20:17 | 00,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2009/08/28 13:20:17 | 00,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2009/08/28 13:20:17 | 00,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2009/08/28 13:20:17 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2009/08/28 13:20:17 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009/08/28 13:20:16 | 00,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2009/08/28 13:20:16 | 00,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2009/08/28 13:20:16 | 00,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2009/08/28 13:20:16 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2009/08/28 13:20:16 | 00,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2009/08/28 13:20:16 | 00,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2009/08/28 13:20:16 | 00,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2009/08/28 13:20:15 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2009/08/28 13:20:15 | 00,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2009/08/28 13:20:15 | 00,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2009/08/28 13:20:15 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2009/08/28 13:20:15 | 00,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2009/08/28 13:20:15 | 00,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2009/08/28 13:20:14 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009/08/28 13:20:14 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2009/08/28 13:20:14 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2009/08/28 13:20:14 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2009/08/28 13:20:14 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2009/08/28 13:20:14 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2009/08/28 13:20:09 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2009/08/28 13:20:04 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2009/08/28 13:20:00 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2009/08/28 13:19:59 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2009/08/28 13:19:59 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2009/08/28 13:19:57 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2009/08/28 13:19:57 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2009/08/28 13:19:56 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2009/08/28 13:19:56 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2009/08/28 13:19:55 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2009/08/28 13:19:54 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2009/08/28 13:19:54 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2009/08/28 13:19:53 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/08/28 13:19:53 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2009/08/28 13:19:53 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2009/08/28 13:19:53 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2009/08/28 13:19:51 | 00,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
[2009/08/28 13:19:47 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2009/08/28 13:19:46 | 00,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2009/08/28 13:19:46 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2009/08/28 13:19:44 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2009/08/28 13:19:44 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2009/08/28 13:19:44 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2009/08/28 13:19:43 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2009/08/28 13:19:43 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/08/28 13:19:43 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2009/08/28 13:19:43 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2009/08/28 13:19:42 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2009/08/28 13:19:42 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2009/08/28 13:19:42 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2009/08/28 13:19:42 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2009/08/28 13:19:42 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2009/08/28 13:19:42 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2009/08/28 13:19:41 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/08/28 13:19:40 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2009/08/28 13:19:40 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2009/08/28 13:19:38 | 00,312,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqueue.dll
[2009/08/28 13:19:38 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2009/08/28 13:19:37 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2009/08/28 13:19:32 | 02,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpsnap.dll
[2009/08/28 13:19:32 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpadm.dll
[2009/08/28 13:19:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2009/08/28 13:19:15 | 00,000,000 | ---D | C] -- C:\Program Files\xerox
[2009/08/28 13:19:15 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2009/08/28 13:19:04 | 00,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/08/28 13:19:04 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/08/28 13:19:04 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/08/28 13:19:04 | 00,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2009/08/28 13:19:04 | 00,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2009/08/28 13:19:01 | 00,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml
[2009/08/28 13:19:00 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/08/28 13:19:00 | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/08/28 13:18:59 | 00,299,552 | ---- | C] () -- C:\WINDOWS\WMSysPrx.prx
[2009/08/28 13:18:51 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/28 13:18:50 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2009/08/28 13:17:48 | 00,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2009/08/28 13:17:48 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2009/08/28 13:17:47 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/08/28 13:17:47 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/08/28 13:17:39 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/08/28 13:17:39 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/08/28 13:17:39 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/08/28 13:17:39 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/08/28 13:17:39 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/08/28 13:17:39 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/08/28 13:17:20 | 04,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2009/08/28 13:17:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2009/08/28 13:16:50 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2009/08/28 13:16:50 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2009/08/28 13:16:50 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2009/08/28 13:16:50 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2009/08/28 13:16:50 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atrace.dll
[2009/08/28 13:16:50 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2009/08/28 13:16:49 | 00,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe
[2009/08/28 13:16:49 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notiflag.exe
[2009/08/28 13:16:49 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brpinfo.dll
[2009/08/28 13:16:49 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hcappres.dll
[2009/08/28 13:16:47 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2009/08/28 13:16:47 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2009/08/28 13:16:42 | 00,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg723.acm
[2009/08/28 13:16:42 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe
[2009/08/28 13:16:42 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmsrvc.exe
[2009/08/28 13:16:42 | 00,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2009/08/28 13:16:42 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2009/08/28 13:16:42 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmevtmsg.dll
[2009/08/28 13:16:42 | 00,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2009/08/28 13:16:41 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe
[2009/08/28 13:16:41 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wb32.exe
[2009/08/28 13:16:41 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cb32.exe
[2009/08/28 13:16:40 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acctres.dll
[2009/08/28 13:16:40 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2009/08/28 13:16:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2009/08/28 13:16:39 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2009/08/28 13:16:36 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2009/08/28 13:16:36 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2009/08/28 13:16:36 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2009/08/28 13:16:36 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2009/08/28 13:16:36 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2009/08/28 13:16:36 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icfgnt5.dll
[2009/08/28 13:16:36 | 00,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2009/08/28 13:16:35 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2009/08/28 13:16:35 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2009/08/28 13:16:35 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll
[2009/08/28 13:16:35 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoapr.dll
[2009/08/28 13:16:35 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2009/08/28 13:16:34 | 00,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoap1.dll
[2009/08/28 13:16:34 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wisc10.dll
[2009/08/28 13:16:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2009/08/28 13:16:33 | 00,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieinfo5.ocx
[2009/08/28 13:16:30 | 00,520,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpvis.dll
[2009/08/28 13:16:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2009/08/28 13:16:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2009/08/28 13:16:29 | 01,669,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe
[2009/08/28 13:16:29 | 00,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgr.dll
[2009/08/28 13:16:29 | 00,319,542 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmres.dll
[2009/08/28 13:16:29 | 00,163,897 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmutil.dll
[2009/08/28 13:16:29 | 00,110,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmfilt.dll
[2009/08/28 13:16:29 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2009/08/28 13:16:28 | 00,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2009/08/28 13:16:25 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srsvc.dll
[2009/08/28 13:16:25 | 00,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sr.sys
[2009/08/28 13:16:25 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srclient.dll
[2009/08/28 13:16:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2009/08/28 13:16:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\PCHealth
[2009/08/28 13:16:24 | 00,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2009/08/28 13:16:24 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msh261.drv
[2009/08/28 13:16:24 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2009/08/28 13:16:24 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2009/08/28 13:16:24 | 00,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2009/08/28 13:16:24 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2009/08/28 13:16:22 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2009/08/28 13:16:22 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2009/08/28 13:16:22 | 00,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2009/08/28 13:16:21 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcomm.dll
[2009/08/28 13:16:21 | 00,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2009/08/28 13:16:18 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2009/08/28 13:16:14 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2009/08/28 13:16:12 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2009/08/28 13:16:12 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2009/08/28 13:16:09 | 00,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/08/28 13:15:59 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2009/08/28 13:15:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2009/08/28 13:15:12 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2009/08/28 13:15:12 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2009/08/28 13:15:12 | 00,000,000 | ---D | C] -- C:\Program Files\Online Services
[2009/08/28 13:15:05 | 00,000,000 | ---D | C] -- C:\Program Files\Messenger
[2009/08/28 13:15:04 | 01,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2009/08/28 13:15:04 | 00,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2009/08/28 13:15:03 | 02,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2009/08/28 13:15:03 | 00,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2009/08/28 13:15:03 | 00,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2009/08/28 13:15:03 | 00,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2009/08/28 13:15:03 | 00,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2009/08/28 13:15:03 | 00,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2009/08/28 13:15:03 | 00,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2009/08/28 13:15:03 | 00,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2009/08/28 13:15:03 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2009/08/28 13:15:03 | 00,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2009/08/28 13:15:02 | 01,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2009/08/28 13:15:02 | 01,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2009/08/28 13:15:02 | 00,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2009/08/28 13:15:02 | 00,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2009/08/28 13:15:02 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2009/08/28 13:15:02 | 00,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2009/08/28 13:15:02 | 00,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2009/08/28 13:15:02 | 00,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2009/08/28 13:15:02 | 00,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2009/08/28 13:15:01 | 00,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2009/08/28 13:15:01 | 00,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2009/08/28 13:15:01 | 00,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2009/08/28 13:15:01 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2009/08/28 13:15:01 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2009/08/28 13:15:01 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2009/08/28 13:14:53 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2009/08/28 13:14:53 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2009/08/28 13:14:53 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2009/08/28 13:14:53 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2009/08/28 13:14:53 | 00,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2009/08/28 13:14:52 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2009/08/28 13:14:52 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2009/08/28 13:14:52 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2009/08/28 13:14:52 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2009/08/28 13:14:52 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2009/08/28 13:14:52 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2009/08/28 13:14:52 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2009/08/28 13:14:52 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2009/08/28 13:14:52 | 00,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll
[2009/08/28 13:14:48 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2009/08/28 13:14:48 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2009/08/28 13:14:48 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2009/08/28 13:14:48 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2009/08/28 13:14:47 | 00,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2009/08/28 13:14:47 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2009/08/28 13:14:47 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2009/08/28 13:14:47 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2009/08/28 13:14:47 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2009/08/28 13:14:47 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2009/08/28 13:14:47 | 00,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2009/08/28 13:14:47 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2009/08/28 13:14:47 | 00,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2009/08/28 13:14:47 | 00,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2009/08/28 13:14:47 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2009/08/28 13:14:46 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2009/08/28 13:14:46 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2009/08/28 13:14:46 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2009/08/28 13:14:46 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2009/08/28 13:14:46 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2009/08/28 13:14:46 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2009/08/28 13:14:46 | 00,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2009/08/28 13:14:46 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2009/08/28 13:14:46 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2009/08/28 13:14:46 | 00,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2009/08/28 13:14:46 | 00,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2009/08/28 13:14:46 | 00,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2009/08/28 13:14:45 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2009/08/28 13:14:45 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2009/08/28 13:14:45 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2009/08/28 13:14:45 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2009/08/28 13:14:45 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2009/08/28 13:14:45 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2009/08/28 13:14:45 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2009/08/28 13:14:45 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdtcp.sys
[2009/08/28 13:14:45 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2009/08/28 13:14:45 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe
[2009/08/28 13:14:45 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2009/08/28 13:14:45 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe
[2009/08/28 13:14:45 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2009/08/28 13:14:45 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe
[2009/08/28 13:14:45 | 00,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdpipe.sys
[2009/08/28 13:14:45 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2009/08/28 13:14:45 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe
[2009/08/28 13:14:45 | 00,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2009/08/28 13:14:45 | 00,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2009/08/28 13:14:44 | 00,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2009/08/28 13:14:44 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2009/08/28 13:14:44 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe
[2009/08/28 13:14:44 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2009/08/28 13:14:44 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qwinsta.exe
[2009/08/28 13:14:44 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2009/08/28 13:14:44 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msg.exe
[2009/08/28 13:14:44 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2009/08/28 13:14:44 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2009/08/28 13:14:44 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qappsrv.exe
[2009/08/28 13:14:44 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2009/08/28 13:14:44 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe
[2009/08/28 13:14:44 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdmodem.dll
[2009/08/28 13:14:44 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2009/08/28 13:14:44 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2009/08/28 13:14:44 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe
[2009/08/28 13:14:44 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2009/08/28 13:14:44 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2009/08/28 13:14:44 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe
[2009/08/28 13:14:44 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe
[2009/08/28 13:14:44 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2009/08/28 13:14:44 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcfgex.dll
[2009/08/28 13:14:43 | 00,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2009/08/28 13:14:43 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2009/08/28 13:14:43 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtsadmin.tlb
[2009/08/28 13:14:43 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2009/08/28 13:14:43 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtc.exe
[2009/08/28 13:14:43 | 00,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2009/08/28 13:14:42 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2009/08/28 13:14:42 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2009/08/28 13:14:42 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2009/08/28 13:14:42 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2009/08/28 13:14:42 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2009/08/28 13:14:42 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2009/08/28 13:14:41 | 00,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2009/08/28 13:14:41 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2009/08/28 13:14:41 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2009/08/28 13:14:41 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2009/08/28 13:14:41 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2009/08/28 13:14:41 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmi2xml.dll
[2009/08/28 13:14:37 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipicmp.dll
[2009/08/28 13:14:37 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmimsg.dll
[2009/08/28 13:14:37 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.tlb
[2009/08/28 13:14:37 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmitimep.dll
[2009/08/28 13:14:37 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmtr.dll
[2009/08/28 13:14:37 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmt.exe
[2009/08/28 13:14:36 | 00,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\updprov.dll
[2009/08/28 13:14:36 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmplprov.dll
[2009/08/28 13:14:36 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trnsprov.dll
[2009/08/28 13:14:36 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpcons.dll
[2009/08/28 13:14:36 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.tlb
[2009/08/28 13:14:36 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unsecapp.exe
[2009/08/28 13:14:36 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.dll
[2009/08/28 13:14:35 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll
[2009/08/28 13:14:35 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2009/08/28 13:14:35 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprov.dll
[2009/08/28 13:14:35 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2009/08/28 13:14:35 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2009/08/28 13:14:35 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fwdprov.dll
[2009/08/28 13:14:35 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2009/08/28 13:14:30 | 00,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2009/08/28 13:14:30 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2009/08/28 13:14:30 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2009/08/28 13:14:30 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2009/08/28 13:14:30 | 00,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2009/08/28 13:14:29 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstscax.dll
[2009/08/28 13:14:29 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll
[2009/08/28 13:14:29 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2009/08/28 13:14:29 | 00,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstsc.exe
[2009/08/28 13:14:29 | 00,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpwd.sys
[2009/08/28 13:14:29 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2009/08/28 13:14:29 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\remotepg.dll
[2009/08/28 13:14:29 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt.exe
[2009/08/28 13:14:29 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2009/08/28 13:14:29 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauserv.dll
[2009/08/28 13:14:28 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\termsrv.dll
[2009/08/28 13:14:28 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2009/08/28 13:14:28 | 00,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sessmgr.exe
[2009/08/28 13:14:28 | 00,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2009/08/28 13:14:28 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2009/08/28 13:14:28 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2009/08/28 13:14:28 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2009/08/28 13:14:28 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2009/08/28 13:14:28 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2009/08/28 13:14:28 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2009/08/28 13:14:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2009/08/28 13:14:27 | 00,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2009/08/28 13:14:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2009/08/28 13:14:24 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2009/08/28 13:14:18 | 00,196,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpdr.sys
[2009/08/28 13:14:18 | 00,040,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\termdd.sys
[2009/08/28 09:08:53 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\audstub.sys
[2009/08/28 09:08:09 | 00,057,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\redbook.sys
[2009/08/28 09:07:41 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2009/08/28 09:06:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2009/08/28 09:06:22 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll
[2009/08/28 09:06:22 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll
[2009/08/28 09:06:21 | 01,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2009/08/28 09:06:21 | 00,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spttseng.dll
[2009/08/28 09:06:21 | 00,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2009/08/28 09:06:21 | 00,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2009/08/28 09:06:21 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2009/08/28 09:06:21 | 00,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2009/08/28 09:06:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2009/08/28 09:06:20 | 00,000,000 | R--D | C] -- C:\Program Files
[2009/08/28 09:06:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2009/08/28 09:06:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files
[2009/08/28 09:06:19 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2009/08/28 09:06:18 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2009/08/28 09:06:18 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2009/08/28 09:06:18 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2009/08/28 09:06:18 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2009/08/28 09:06:18 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuq.dll
[2009/08/28 09:06:18 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuf.dll
[2009/08/28 09:06:18 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2009/08/28 09:06:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdazel.dll
[2009/08/28 09:06:17 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2009/08/28 09:06:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2009/08/28 09:06:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2009/08/28 09:06:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2009/08/28 09:06:16 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2009/08/28 09:06:16 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2009/08/28 09:06:16 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2009/08/28 09:06:16 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2009/08/28 09:06:16 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2009/08/28 09:06:16 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2009/08/28 09:06:16 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2009/08/28 09:06:16 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2009/08/28 09:06:16 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2009/08/28 09:06:16 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2009/08/28 09:06:16 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2009/08/28 09:06:16 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2009/08/28 09:06:16 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycc.dll
[2009/08/28 09:06:16 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbduzb.dll
[2009/08/28 09:06:16 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdur.dll
[2009/08/28 09:06:16 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtat.dll
[2009/08/28 09:06:16 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru1.dll
[2009/08/28 09:06:16 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru.dll
[2009/08/28 09:06:16 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmon.dll
[2009/08/28 09:06:16 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkyr.dll
[2009/08/28 09:06:16 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkaz.dll
[2009/08/28 09:06:16 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbu.dll
[2009/08/28 09:06:16 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdblr.dll
[2009/08/28 09:06:16 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdaze.dll
[2009/08/28 09:06:14 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2009/08/28 09:06:14 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2009/08/28 09:06:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2009/08/28 09:06:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2009/08/28 09:06:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2009/08/28 09:06:14 | 00,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2009/08/28 09:06:14 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhept.dll
[2009/08/28 09:06:14 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2009/08/28 09:06:14 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela3.dll
[2009/08/28 09:06:14 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2009/08/28 09:06:14 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2009/08/28 09:06:14 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela2.dll
[2009/08/28 09:06:14 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgkl.dll
[2009/08/28 09:06:14 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2009/08/28 09:06:14 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2009/08/28 09:06:14 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2009/08/28 09:06:14 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe319.dll
[2009/08/28 09:06:14 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe220.dll
[2009/08/28 09:06:14 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe.dll
[2009/08/28 09:06:13 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2009/08/28 09:06:13 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2009/08/28 09:06:13 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2009/08/28 09:06:13 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2009/08/28 09:06:13 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2009/08/28 09:06:13 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2009/08/28 09:06:13 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv1.dll
[2009/08/28 09:06:13 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv.dll
[2009/08/28 09:06:13 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdest.dll
[2009/08/28 09:06:13 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2009/08/28 09:06:13 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2009/08/28 09:06:13 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt1.dll
[2009/08/28 09:06:13 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt.dll
[2009/08/28 09:06:11 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2009/08/28 09:06:11 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2009/08/28 09:06:11 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2009/08/28 09:06:11 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2009/08/28 09:06:11 | 00,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2009/08/28 09:06:11 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz.dll
[2009/08/28 09:06:11 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2009/08/28 09:06:11 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2009/08/28 09:06:11 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2009/08/28 09:06:11 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2009/08/28 09:06:11 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2009/08/28 09:06:11 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2009/08/28 09:06:11 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2009/08/28 09:06:11 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2009/08/28 09:06:11 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2009/08/28 09:06:11 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycl.dll
[2009/08/28 09:06:11 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl1.dll
[2009/08/28 09:06:11 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl.dll
[2009/08/28 09:06:11 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl.dll
[2009/08/28 09:06:11 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu.dll
[2009/08/28 09:06:11 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz2.dll
[2009/08/28 09:06:11 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz1.dll
[2009/08/28 09:06:11 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcr.dll
[2009/08/28 09:06:11 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdal.dll
[2009/08/28 09:06:11 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2009/08/28 09:06:11 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2009/08/28 09:06:11 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2009/08/28 09:06:11 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdro.dll
[2009/08/28 09:06:11 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl1.dll
[2009/08/28 09:06:11 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu1.dll
[2009/08/28 09:06:09 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2009/08/28 09:06:09 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2009/08/28 09:06:09 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2009/08/28 09:06:09 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irenum.sys
[2009/08/28 09:06:08 | 00,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\dgrpsetu.dll
[2009/08/28 09:06:08 | 00,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll
[2009/08/28 09:06:08 | 00,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll
[2009/08/28 09:06:08 | 00,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnclass.dll
[2009/08/28 09:06:08 | 00,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgsetup.dll
[2009/08/28 09:06:08 | 00,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll
[2009/08/28 09:06:08 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2009/08/28 09:06:08 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2009/08/28 09:06:08 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\olesvr.dll
[2009/08/28 09:06:08 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2009/08/28 09:06:08 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tapi.dll
[2009/08/28 09:06:08 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2009/08/28 09:06:08 | 00,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wfwnet.drv
[2009/08/28 09:06:08 | 00,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2009/08/28 09:06:08 | 00,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ver.dll
[2009/08/28 09:06:08 | 00,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2009/08/28 09:06:08 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell.dll
[2009/08/28 09:06:08 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2009/08/28 09:06:08 | 00,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\timer.drv
[2009/08/28 09:06:08 | 00,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2009/08/28 09:06:08 | 00,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.drv
[2009/08/28 09:06:08 | 00,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2009/08/28 09:06:08 | 00,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vga.drv
[2009/08/28 09:06:08 | 00,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2009/08/28 09:06:08 | 00,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sound.drv
[2009/08/28 09:06:08 | 00,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2009/08/28 09:06:07 | 00,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvideo.dll
[2009/08/28 09:06:07 | 00,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2009/08/28 09:06:07 | 00,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifile.dll
[2009/08/28 09:06:07 | 00,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2009/08/28 09:06:07 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\olecli.dll
[2009/08/28 09:06:07 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2009/08/28 09:06:07 | 00,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mciavi.drv
[2009/08/28 09:06:07 | 00,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2009/08/28 09:06:07 | 00,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avicap.dll
[2009/08/28 09:06:07 | 00,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2009/08/28 09:06:07 | 00,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\mmsystem.dll
[2009/08/28 09:06:07 | 00,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\commdlg.dll
[2009/08/28 09:06:07 | 00,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2009/08/28 09:06:07 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mciwave.drv
[2009/08/28 09:06:07 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2009/08/28 09:06:07 | 00,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mciseq.drv
[2009/08/28 09:06:07 | 00,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2009/08/28 09:06:07 | 00,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lzexpand.dll
[2009/08/28 09:06:07 | 00,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2009/08/28 09:06:07 | 00,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouse.drv
[2009/08/28 09:06:07 | 00,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2009/08/28 09:06:07 | 00,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\keyboard.drv
[2009/08/28 09:06:07 | 00,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2009/08/28 09:06:07 | 00,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mmtask.tsk
[2009/08/28 09:06:07 | 00,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2009/08/28 09:06:06 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\winspool.drv
[2009/08/28 09:06:06 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
[2009/08/28 09:06:06 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2009/08/28 09:06:06 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskman.exe
[2009/08/28 09:06:06 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2009/08/28 09:06:06 | 00,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2009/08/28 09:06:05 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2009/08/28 09:05:57 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/08/28 09:05:57 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/08/28 09:05:57 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009/08/28 09:05:57 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/08/28 09:05:57 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/08/28 09:05:56 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/08/28 09:05:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2009/08/28 09:05:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2009/08/28 09:05:38 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/08/28 09:05:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings
[2009/08/28 09:05:19 | 00,095,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/28 09:03:38 | 00,000,299 | RHS- | C] () -- C:\boot.ini
[2009/08/28 09:03:35 | 00,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/08/28 08:59:54 | 00,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2009/08/28 08:59:54 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2009/08/28 08:59:54 | 00,000,000 | R--D | C] -- C:\WINDOWS\Web
[2009/08/28 08:59:54 | 00,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\system32
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\system
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\security
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\repair
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\mui
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\Media
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\java
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\ime
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\Help
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\Config
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\addins
[2009/08/28 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS
[2006/10/27 08:26:56 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2005/05/03 11:38:42 | 00,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2003/10/02 10:48:18 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2003/03/31 08:00:00 | 00,000,517 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/03/31 08:00:00 | 00,000,435 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/02/18 18:26:28 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2002/04/11 01:41:06 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/09/17 15:50:52 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/09/17 15:43:59 | 00,000,435 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/17 15:43:47 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/09/17 15:11:55 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/17 15:01:30 | 00,000,000 | ---- | M] () -- C:\WINDOWS\win32k.sys
[2009/09/17 15:00:36 | 00,000,299 | RHS- | M] () -- C:\boot.ini
[2009/09/17 14:59:01 | 03,316,245 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2009/09/17 14:26:56 | 00,396,288 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
[2009/09/17 13:45:43 | 00,000,517 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/17 13:45:43 | 00,000,229 | ---- | M] () -- C:\Boot.bak
[2009/09/17 13:39:22 | 00,006,656 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/17 13:35:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/16 19:47:13 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/15 12:42:26 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/09/14 02:12:36 | 00,229,888 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/09/06 15:27:29 | 00,000,880 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CLUE Accusations and Alibis.lnk
[2009/09/05 13:54:34 | 00,000,000 | ---- | M] () -- C:\WINDOWS\setup32.INI
[2009/09/05 12:52:28 | 00,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Pro.lnk
[2009/09/05 12:42:21 | 00,685,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/09/04 10:36:37 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/09/01 12:39:55 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/08/31 13:31:40 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/08/31 13:31:40 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/31 13:31:40 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/31 13:31:40 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/31 13:31:40 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/08/30 01:42:51 | 00,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2009/08/28 22:09:03 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/08/28 22:09:03 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/08/28 20:46:59 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2009/08/28 19:22:14 | 00,000,870 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Baseline Security Analyzer 2.1.lnk
[2009/08/28 19:11:12 | 00,095,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/28 19:07:38 | 00,501,230 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/28 19:07:38 | 00,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/28 19:07:38 | 00,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/28 18:57:00 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/08/28 18:44:39 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/08/28 18:44:30 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/08/28 18:14:06 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/08/28 18:03:44 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/08/28 17:57:48 | 00,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2009/08/28 17:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/08/28 17:07:42 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/08/28 15:35:17 | 00,000,008 | ---- | M] () -- C:\DFIMB.DAT
[2009/08/28 15:22:14 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 6.0.lnk
[2009/08/28 14:20:38 | 00,001,875 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Catalyst Control Center.lnk
[2009/08/28 13:33:24 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2009/08/28 13:23:49 | 00,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2009/08/28 13:22:27 | 00,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2009/08/28 13:21:20 | 00,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/08/28 13:19:04 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/08/28 13:19:04 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/08/28 13:19:04 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/08/28 13:19:04 | 00,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2009/08/28 13:19:04 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/08/28 13:19:04 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/08/28 13:18:59 | 00,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2009/08/28 13:18:51 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/28 13:17:47 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/08/28 13:17:47 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/08/28 13:17:39 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/08/28 13:17:39 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/08/28 13:17:39 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/08/28 13:17:39 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/08/28 13:17:39 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/08/28 13:17:39 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/08/28 13:16:09 | 00,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/08/28 13:15:57 | 00,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2009/08/28 13:15:57 | 00,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2008/04/13 20:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll
[7 C:\WINDOWS\system32\*.tmp files]

< %systemroot%\system32\scecli.dll >
[2008/04/13 20:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
[7 C:\WINDOWS\system32\*.tmp files]

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
[2008/04/13 20:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logevent.dll
[7 C:\WINDOWS\system32\*.tmp files]

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B83BF1A6
< End of report >

#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:04 AM

Posted 03 October 2009 - 09:54 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#4 pkat423

pkat423
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 13 October 2009 - 05:18 AM

Ok...my computer is still infected. Here are the logs that were asked for. I still cannot open hijack this or other scanners. OTL is the only one that works. Thanks for the help!

OTL Log File

OTL logfile created on: 10/13/2009 6:12:35 AM - Run 4
OTL by OldTimer - Version 3.0.20.0 Folder = C:\Documents and Settings\Paula K\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 65.09% Memory free
2.98 Gb Paging File | 2.65 Gb Available in Paging File | 88.70% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 31.48 Gb Total Space | 8.04 Gb Free Space | 25.55% Space Free | Partition Type: NTFS
Drive D: | 186.31 Gb Total Space | 24.58 Gb Free Space | 13.19% Space Free | Partition Type: NTFS
Drive E: | 129.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FRED
Current User Name: Paula K
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/10/13 06:11:40 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paula K\My Documents\Downloads\OTL(2).exe
PRC - [2009/10/09 11:16:02 | 00,289,072 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009/09/21 12:42:26 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/09/21 12:42:26 | 00,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/09/10 18:57:00 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/31 13:31:41 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/08/31 13:31:41 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/11/09 16:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/02 00:15:46 | 00,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008/04/13 20:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/03/21 23:48:54 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2003/03/31 08:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/09/21 12:42:26 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2009/08/31 13:31:41 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2008/11/09 16:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2006/03/21 23:48:54 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2006/03/17 15:37:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009/09/05 12:42:21 | 00,685,816 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2009/07/28 16:33:56 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])
DRV - [2009/07/03 10:49:08 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2009/06/16 10:28:50 | 00,046,592 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys -- (FET5X86V [On_Demand | Running])
DRV - [2009/05/11 10:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2009/03/30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2009/02/13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running])
DRV - [2008/04/13 12:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2007/06/15 02:47:26 | 01,127,936 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\P17.sys -- (P17 [On_Demand | Running])
DRV - [2006/03/21 23:56:22 | 01,522,688 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2005/01/10 10:15:30 | 00,106,496 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2005/01/10 10:15:24 | 00,138,752 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2003/08/20 12:31:52 | 00,462,940 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Stopped])
DRV - [2003/08/13 19:16:38 | 00,404,736 | R--- | M] (Sensaura Ltd) -- C:\WINDOWS\System32\drivers\ALCXSENS.SYS -- (ALCXSENS [On_Demand | Stopped])
DRV - [2003/08/05 02:14:32 | 00,077,056 | R--- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\System32\DRIVERS\viasraid.sys -- (viasraid [Boot | Running])
DRV - [2003/08/04 03:29:32 | 00,011,392 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\Drivers\vulfntr.sys -- (vulfntrs [On_Demand | Stopped])
DRV - [2003/08/04 03:29:08 | 00,006,912 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\Drivers\vulfnth.sys -- (vulfnths [On_Demand | Stopped])
DRV - [2003/07/17 04:10:06 | 00,007,040 | R--- | M] (VIA Networking Technologies, Inc. ) -- C:\WINDOWS\System32\ntsim.sys -- (NTSIM [On_Demand | Stopped])
DRV - [2003/07/02 04:42:00 | 00,027,904 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1 [Boot | Running])
DRV - [2003/03/31 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2002/08/16 13:30:40 | 00,016,066 | ---- | M] ( ) -- C:\WINDOWS\System32\VNICPKT5.SYS -- (VNICPKT5 [On_Demand | Stopped])
DRV - [2001/08/17 13:53:42 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\loop.sys -- (msloop [On_Demand | Stopped])
DRV - [2001/08/17 12:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\DRIVERS\fetnd5.sys -- (FETNDIS [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1004336348-515967899-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKU\S-1-5-21-1004336348-515967899-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1004336348-515967899-682003330-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1004336348-515967899-682003330-1004\S-1-5-21-1004336348-515967899-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1004336348-515967899-682003330-1004\S-1-5-21-1004336348-515967899-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/28 19:22:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/31 13:31:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/17 13:52:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/10 18:57:07 | 00,000,000 | ---D | M]

[2009/08/28 18:44:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paula K\Application Data\mozilla\Extensions
[2009/08/28 18:44:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paula K\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/12 14:08:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paula K\Application Data\mozilla\Firefox\Profiles\frjmtdd2.default\extensions
[2009/08/28 19:26:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paula K\Application Data\mozilla\Firefox\Profiles\frjmtdd2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/01 07:43:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paula K\Application Data\mozilla\Firefox\Profiles\frjmtdd2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/12 14:08:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/10 18:57:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/31 13:32:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/09/10 18:56:58 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/10 18:56:58 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/08/31 13:31:41 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/09/10 18:57:02 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/07/30 03:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/30 03:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/30 03:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 03:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/30 03:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/30 03:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/30 03:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1004336348-515967899-682003330-1004\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-21-1004336348-515967899-682003330-1004..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1004336348-515967899-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1251489215109 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/28 13:19:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/09/03 16:47:14 | 00,000,037 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{c3f56114-93d0-11de-b4b3-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{c3f56114-93d0-11de-b4b3-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c3f56114-93d0-11de-b4b3-806d6172696f}\Shell\AutoRun\command - "" = E:\PhotoApp.exe -- [2008/09/03 16:47:14 | 02,205,056 | R--- | M] (Walgreens, Inc.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/09 17:52:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2009/09/17 12:27:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/09 19:56:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2009/09/22 18:39:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2009/09/17 18:03:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/10/09 12:55:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Walgreens
[2009/09/14 16:23:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paula K\Application Data\AlterLab
[2009/09/18 00:26:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paula K\Application Data\Malwarebytes
[2009/10/09 19:56:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paula K\Application Data\Merscom
[2009/09/22 18:39:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paula K\Application Data\Sports Interactive
[2009/09/16 13:53:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paula K\Application Data\VitySoft
[2009/10/09 12:58:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paula K\Application Data\W Photo Studio
[2009/10/09 12:51:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paula K\Application Data\W Photo Studio Viewer
[2009/10/09 12:57:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paula K\Application Data\Walgreens
[2009/10/12 13:09:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paula K\Local Settings\Application Data\Roblox
[2009/10/12 13:08:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paula K\Local Settings\Application Data\RobloxDownloads
[2009/10/12 13:08:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paula K\Local Settings\Application Data\RobloxVersions
[2009/10/05 18:58:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paula K\Local Settings\Application Data\SupportSoft
[2009/10/09 12:57:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2009/10/05 18:58:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SupportSoft
[2009/10/12 01:01:10 | 00,000,000 | ---D | C] -- C:\Program Files\GenoPro Beta
[2009/09/17 12:27:01 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/17 17:47:26 | 00,000,000 | ---D | C] -- C:\Program Files\MSConfig CleanUp
[2009/10/09 17:48:02 | 00,000,000 | ---D | C] -- C:\Program Files\Nanny 911
[2009/09/22 22:11:08 | 00,000,000 | ---D | C] -- C:\Program Files\Sports Interactive
[2009/09/17 18:03:42 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/09/21 18:46:43 | 00,000,000 | ---D | C] -- C:\Program Files\Steam
[2009/10/05 18:58:22 | 00,000,000 | ---D | C] -- C:\Program Files\support.com
[2009/09/17 13:39:05 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/17 17:55:02 | 00,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2009/10/09 12:57:51 | 00,000,000 | ---D | C] -- C:\Program Files\Walgreens
[2009/09/22 22:11:08 | 00,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry
[2009/10/09 19:49:48 | 00,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2009/10/09 19:49:47 | 01,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2009/10/09 19:49:47 | 00,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2009/10/09 19:49:46 | 05,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2009/10/09 19:49:45 | 00,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2009/10/09 19:49:44 | 01,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2009/10/09 19:49:44 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2009/10/09 19:49:43 | 01,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2009/10/09 19:49:43 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2009/10/09 19:49:42 | 04,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2009/10/09 19:49:42 | 00,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2009/10/09 19:49:41 | 00,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2009/10/09 19:49:41 | 00,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2009/10/09 19:49:40 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2009/10/09 19:49:40 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2009/10/09 19:49:40 | 00,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2009/10/09 19:49:39 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2009/10/09 19:49:38 | 00,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2009/10/09 19:49:38 | 00,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2009/10/09 19:49:37 | 00,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2009/10/09 19:49:37 | 00,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2009/10/09 19:49:36 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2009/10/09 19:49:36 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2009/10/09 19:49:36 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2009/10/09 19:49:32 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2009/10/09 19:49:32 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2009/10/09 19:49:27 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2009/10/09 17:54:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/10/09 17:48:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\Nanny 911
[2009/09/22 18:39:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paula K\My Documents\Sports Interactive
[2009/09/22 18:39:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Sports Interactive
[2009/09/22 18:39:36 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2009/09/22 18:39:36 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2009/09/22 18:39:36 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2009/09/22 18:39:35 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2009/09/22 18:39:34 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2009/09/22 18:39:34 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2009/09/22 18:39:34 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2009/09/22 18:39:33 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2009/09/22 18:39:32 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2009/09/22 18:39:32 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2009/09/22 18:39:31 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2009/09/22 18:39:31 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2009/09/22 18:39:30 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2009/09/22 18:39:29 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2009/09/22 18:39:28 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2009/09/22 18:39:28 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2009/09/22 18:39:27 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2009/09/22 18:39:26 | 01,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2009/09/22 18:39:26 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2009/09/22 18:39:26 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2009/09/22 18:39:25 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2009/09/22 18:39:24 | 00,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2009/09/22 18:39:24 | 00,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2009/09/22 18:39:23 | 01,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2009/09/22 18:39:23 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2009/09/22 18:39:22 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2009/09/22 18:39:22 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2009/09/22 18:39:21 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2009/09/22 18:39:02 | 01,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2009/09/22 18:39:02 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2009/09/22 18:38:57 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2009/09/22 18:38:56 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2009/09/22 18:38:55 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2009/09/22 18:38:55 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2009/09/22 18:38:54 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2009/09/22 18:38:54 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2009/09/22 18:38:53 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2009/09/22 18:38:53 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2009/09/22 18:38:52 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2009/09/22 18:38:52 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2009/09/22 18:38:51 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2009/09/22 18:38:50 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2009/09/22 18:38:37 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2009/09/22 18:38:36 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2009/09/22 18:38:36 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2009/09/22 18:38:35 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2009/09/22 18:38:34 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2009/09/22 18:38:34 | 00,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2009/09/22 18:38:33 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2009/09/22 18:38:32 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2009/09/22 18:38:32 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2009/09/22 18:38:30 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2009/09/22 18:38:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2009/09/21 22:36:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paula K\Desktop\football
[2009/09/17 21:24:06 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/17 21:24:03 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/17 21:19:50 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/09/17 21:17:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/09/17 20:58:43 | 00,000,000 | ---D | C] -- C:\atypeshr
[2009/09/17 20:50:45 | 00,000,000 | ---D | C] -- C:\TYPOR
[2009/09/17 20:50:42 | 00,398,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VBRUN300.DLL
[2009/09/17 20:50:42 | 00,064,432 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System\THREED.VBX
[2009/09/17 20:50:42 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\DDEML.DLL
[2009/09/17 15:00:33 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/09/17 14:59:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/17 14:50:58 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/09/17 13:32:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood(2)
[2009/08/28 15:26:31 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\VNICPKT.DLL
[2009/08/28 15:26:31 | 00,016,066 | ---- | C] ( ) -- C:\WINDOWS\System32\VNICPKT5.sys
[2002/04/11 01:41:06 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 30 Days ==========

[2009/10/12 20:52:47 | 00,001,984 | ---- | M] () -- C:\Documents and Settings\Paula K\Desktop\Wandering Willows.lnk
[2009/10/12 20:52:47 | 00,001,084 | ---- | M] () -- C:\Documents and Settings\Paula K\Desktop\Get More Games at PlayFirst.com.lnk
[2009/10/12 17:11:27 | 00,016,384 | ---- | M] () -- C:\Documents and Settings\Paula K\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/12 12:42:30 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/12 01:27:33 | 00,007,833 | ---- | M] () -- C:\Documents and Settings\Paula K\My Documents\Document1.xml
[2009/10/12 01:27:33 | 00,005,632 | ---- | M] () -- C:\Documents and Settings\Paula K\My Documents\Document1.v1x.gno
[2009/10/12 01:27:33 | 00,005,632 | ---- | M] () -- C:\Documents and Settings\Paula K\My Documents\Document1.gno
[2009/10/12 01:01:15 | 00,000,855 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GenoPro Beta.lnk
[2009/10/09 17:56:27 | 00,001,557 | ---- | M] () -- C:\Documents and Settings\Paula K\Desktop\Nanny 911.lnk
[2009/10/09 12:58:05 | 00,001,918 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Walgreens W Photo Studio.lnk
[2009/10/08 12:29:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/08 12:29:38 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/08 12:29:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/08 12:28:17 | 02,639,688 | -H-- | M] () -- C:\Documents and Settings\Paula K\Local Settings\Application Data\IconCache.db
[2009/10/08 12:28:10 | 00,000,016 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/10/05 18:59:40 | 00,000,949 | ---- | M] () -- C:\net_save.dna
[2009/09/22 22:27:46 | 00,000,517 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/22 22:27:46 | 00,000,435 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/22 22:27:46 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/09/22 22:19:35 | 00,000,918 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Football Manager 2009.lnk
[2009/09/21 18:50:55 | 00,001,620 | ---- | M] () -- C:\Documents and Settings\Paula K\Desktop\Football Manager 2009 Demo.lnk
[2009/09/21 18:46:43 | 00,001,886 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2009/09/21 12:42:40 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/09/19 21:01:43 | 00,075,998 | ---- | M] () -- C:\Documents and Settings\Paula K\Desktop\tifi-ikeapoor.jpg
[2009/09/17 21:34:25 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/17 21:24:08 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/17 20:50:42 | 00,009,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2009/09/17 15:43:47 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/09/17 13:45:43 | 00,000,229 | ---- | M] () -- C:\Boot.bak
[2009/09/16 22:44:02 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Paula K\Local Settings\Application Data\housecall.guid.cache
[2009/09/14 02:12:36 | 00,229,888 | ---- | M] () -- C:\WINDOWS\PEV.exe

========== Files - No Company Name ==========
[2009/10/12 20:52:47 | 00,001,984 | ---- | C] () -- C:\Documents and Settings\Paula K\Desktop\Wandering Willows.lnk
[2009/10/12 20:52:47 | 00,001,084 | ---- | C] () -- C:\Documents and Settings\Paula K\Desktop\Get More Games at PlayFirst.com.lnk
[2009/10/12 01:27:23 | 00,005,632 | ---- | C] () -- C:\Documents and Settings\Paula K\My Documents\Document1.v1x.gno
[2009/10/12 01:27:22 | 00,007,833 | ---- | C] () -- C:\Documents and Settings\Paula K\My Documents\Document1.xml
[2009/10/12 01:27:22 | 00,005,632 | ---- | C] () -- C:\Documents and Settings\Paula K\My Documents\Document1.gno
[2009/10/12 01:01:15 | 00,000,855 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GenoPro Beta.lnk
[2009/10/09 17:56:27 | 00,001,557 | ---- | C] () -- C:\Documents and Settings\Paula K\Desktop\Nanny 911.lnk
[2009/10/09 12:58:05 | 00,001,918 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Walgreens W Photo Studio.lnk
[2009/10/08 12:28:10 | 00,000,016 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/10/05 18:59:40 | 00,000,949 | ---- | C] () -- C:\net_save.dna
[2009/09/23 15:38:09 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/09/22 22:19:35 | 00,000,918 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Football Manager 2009.lnk
[2009/09/21 18:50:55 | 00,001,620 | ---- | C] () -- C:\Documents and Settings\Paula K\Desktop\Football Manager 2009 Demo.lnk
[2009/09/21 18:46:43 | 00,001,886 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2009/09/19 21:01:40 | 00,075,998 | ---- | C] () -- C:\Documents and Settings\Paula K\Desktop\tifi-ikeapoor.jpg
[2009/09/17 21:34:25 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/17 21:24:08 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/17 20:58:44 | 00,034,864 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2009/09/17 20:50:42 | 00,027,153 | ---- | C] () -- C:\WINDOWS\SETUP1.EXE
[2009/09/17 20:50:42 | 00,018,688 | ---- | C] () -- C:\WINDOWS\System\CMDIALOG.VBX
[2009/09/17 20:50:42 | 00,007,008 | ---- | C] () -- C:\WINDOWS\System\SETUPKIT.DLL
[2009/09/17 15:00:36 | 00,000,229 | ---- | C] () -- C:\Boot.bak
[2009/09/17 15:00:34 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/09/17 14:59:45 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/09/16 22:44:02 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Paula K\Local Settings\Application Data\housecall.guid.cache
[2009/09/05 13:54:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\setup32.INI
[2009/09/05 12:42:21 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/08/28 21:04:29 | 00,016,384 | ---- | C] () -- C:\Documents and Settings\Paula K\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/28 15:04:41 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2009/08/28 14:23:13 | 00,013,104 | ---- | C] () -- C:\Documents and Settings\Paula K\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/28 14:22:59 | 00,000,130 | ---- | C] () -- C:\Documents and Settings\Paula K\Local Settings\Application Data\fusioncache.dat
[2009/08/28 14:19:04 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/08/28 13:34:24 | 02,639,688 | -H-- | C] () -- C:\Documents and Settings\Paula K\Local Settings\Application Data\IconCache.db
[2009/08/28 13:23:34 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Paula K\Application Data\desktop.ini
[2009/08/28 09:05:57 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/10/27 08:26:56 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2005/05/03 11:38:42 | 00,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2003/10/02 10:48:18 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2003/03/31 08:00:00 | 00,000,517 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/03/31 08:00:00 | 00,000,435 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/02/18 18:26:28 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1F85068
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B83BF1A6
< End of report >

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:04 AM

Posted 14 October 2009 - 12:37 PM

Hello again,

I am very sorry to say your post was erroneously closed (re-opened now).

Please let me know if you are still there and need help.

Excuses again for all confusion and delay.

Edited by elise025, 20 October 2009 - 05:44 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,612 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:04 AM

Posted 20 October 2009 - 09:29 AM

Please note the previous post :(

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#7 pkat423

pkat423
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 22 October 2009 - 01:46 AM

Its fine I understand the confusion with so many people and different posts. Yes, I still need assistance. Thank you for looking into my problem. Thanks again, Paula

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,612 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:04 AM

Posted 22 October 2009 - 02:37 AM

Hello Paula,

If you cannot run the following program, just let me know :(

ROOTREPEAL
-------------
We need to check for rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive.
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
In your next reply, please include the following:
  • RootRepeal.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#9 pkat423

pkat423
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 22 October 2009 - 09:19 PM

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/22 22:13
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: a683fihq.SYS
Image Path: C:\WINDOWS\System32\Drivers\a683fihq.SYS
Address: 0xB959E000 Size: 425984 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB1155000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79FF000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_NTPNP7342
Image Path: \Driver\PCI_NTPNP7342
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB032E000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\Prefetch\ROOTREPEAL.EXE-2CE0DC5E.pf
Status: Visible to the Windows API, but not on disk.

Path: c:\windows\temp\mcafee_amiptevdqxjc9lg
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_piamcq9adqv0n1n
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_rqudrhqsfwjasgd
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_xbv5i1abiqp8qeh
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\documents and settings\paula k\application data\utorrent\resume.dat
Status: Size mismatch (API: 38206, Raw: 37918)

Path: c:\documents and settings\paula k\application data\utorrent\resume.dat.old
Status: Size mismatch (API: 37918, Raw: 37954)

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xf764787e

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sptd.sys" at address 0xf74f2fb2

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xf74f3340

#: 119 Function Name: NtOpenKey
Status: Hooked by "sptd.sys" at address 0xf74ed0b0

#: 160 Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xf74f3418

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "sptd.sys" at address 0xf74f3298

#: 247 Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xf7647bfe

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x897261e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x897261e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x897261e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x897261e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x897261e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x897261e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x897261e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x897261e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x897261e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x897261e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x897261e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x897261e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x897261e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x897261e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x897261e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x897261e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x897261e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x897261e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x897261e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x897261e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x897261e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x897261e8 Size: 121

Object: Hidden Code [Driver: a683fihqЅఅ䵃慖, IRP_MJ_CREATE]
Process: System Address: 0x894421e8 Size: 121

Object: Hidden Code [Driver: a683fihqЅఅ䵃慖, IRP_MJ_CLOSE]
Process: System Address: 0x894421e8 Size: 121

Object: Hidden Code [Driver: a683fihqЅఅ䵃慖, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x894421e8 Size: 121

Object: Hidden Code [Driver: a683fihqЅఅ䵃慖, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x894421e8 Size: 121

Object: Hidden Code [Driver: a683fihqЅఅ䵃慖, IRP_MJ_POWER]
Process: System Address: 0x894421e8 Size: 121

Object: Hidden Code [Driver: a683fihqЅఅ䵃慖, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x894421e8 Size: 121

Object: Hidden Code [Driver: a683fihqЅఅ䵃慖, IRP_MJ_PNP]
Process: System Address: 0x894421e8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x89446790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x89446790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x89446790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x89446790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89446790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89446790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89446790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89446790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x89446790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89446790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x89446790 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x8938a790 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x8938a790 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8938a790 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8938a790 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x8938a790 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8938a790 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x8938a790 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE]
Process: System Address: 0x8938b790 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE]
Process: System Address: 0x8938b790 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8938b790 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8938b790 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER]
Process: System Address: 0x8938b790 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8938b790 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP]
Process: System Address: 0x8938b790 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x897281e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x897281e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x897281e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x897281e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x897281e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x897281e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x897281e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x897281e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x897281e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x897281e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x897281e8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x8885b1e8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x8885b1e8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8885b1e8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8885b1e8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x8885b1e8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x8885b1e8 Size: 121

Object: Hidden Code [Driver: viasraid, IRP_MJ_CREATE]
Process: System Address: 0x897271e8 Size: 121

Object: Hidden Code [Driver: viasraid, IRP_MJ_CLOSE]
Process: System Address: 0x897271e8 Size: 121

Object: Hidden Code [Driver: viasraid, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x897271e8 Size: 121

Object: Hidden Code [Driver: viasraid, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x897271e8 Size: 121

Object: Hidden Code [Driver: viasraid, IRP_MJ_POWER]
Process: System Address: 0x897271e8 Size: 121

Object: Hidden Code [Driver: viasraid, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x897271e8 Size: 121

Object: Hidden Code [Driver: viasraid, IRP_MJ_PNP]
Process: System Address: 0x897271e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x894431e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x894431e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x894431e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x894431e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x894431e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x894431e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x894431e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x8882e1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8882e1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x8882e1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x8882e1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x8882e1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8882e1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8882e1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x8882e1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x8882e1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8882e1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8882e1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8882e1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8882e1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8882e1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8882e1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8882e1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8882e1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8882e1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x8882e1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8882e1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8882e1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8882e1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x8882e1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8882e1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8882e1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8882e1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8882e1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x8882e1e8 Size: 121

Object: Hidden Code [Driver: CdfsЅ扏煓Ёఆ䵃慖, IRP_MJ_CREATE]
Process: System Address: 0x89354790 Size: 121

Object: Hidden Code [Driver: CdfsЅ扏煓Ёఆ䵃慖, IRP_MJ_CLOSE]
Process: System Address: 0x89354790 Size: 121

Object: Hidden Code [Driver: CdfsЅ扏煓Ёఆ䵃慖, IRP_MJ_READ]
Process: System Address: 0x89354790 Size: 121

Object: Hidden Code [Driver: CdfsЅ扏煓Ёఆ䵃慖, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89354790 Size: 121

Object: Hidden Code [Driver: CdfsЅ扏煓Ёఆ䵃慖, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89354790 Size: 121

Object: Hidden Code [Driver: CdfsЅ扏煓Ёఆ䵃慖, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89354790 Size: 121

Object: Hidden Code [Driver: CdfsЅ扏煓Ёఆ䵃慖, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89354790 Size: 121

Object: Hidden Code [Driver: CdfsЅ扏煓Ёఆ䵃慖, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89354790 Size: 121

Object: Hidden Code [Driver: CdfsЅ扏煓Ёఆ䵃慖, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89354790 Size: 121

Object: Hidden Code [Driver: CdfsЅ扏煓Ёఆ䵃慖, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89354790 Size: 121

Object: Hidden Code [Driver: CdfsЅ扏煓Ёఆ䵃慖, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89354790 Size: 121

Object: Hidden Code [Driver: CdfsЅ扏煓Ёఆ䵃慖, IRP_MJ_CLEANUP]
Process: System Address: 0x89354790 Size: 121

Object: Hidden Code [Driver: CdfsЅ扏煓Ёఆ䵃慖, IRP_MJ_PNP]
Process: System Address: 0x89354790 Size: 121

==EOF==

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,612 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:04 AM

Posted 23 October 2009 - 01:39 AM

Hello pkat423,

In your OTL log I see evidence Combofix was run. We need to retrieve the log. It should be located at C:\combofix.txt

Please note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for unsupervised use. Please read Combofix's Disclaimer.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


P2P WARNING
-------------------
Going over your logs I noticed that you have uTorrentt installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


Download and run Win32kDiag:In your next reply, please include the following:
  • Combofix.txt
  • Win32kDiag.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,612 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:04 AM

Posted 25 October 2009 - 04:32 AM

Hi Paula, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#12 pkat423

pkat423
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 25 October 2009 - 06:08 PM

ComboFix 09-10-25.01 - Paula K 10/25/2009 17:26:27.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.885 [GMT -4:00]
Running from: C:\Documents and Settings\Paula K\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Administrator\Application Data\Desktopicon
C:\Documents and Settings\Administrator\Application Data\Desktopicon\eBayShortcuts.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-25 to 2009-10-25 )))))))))))))))))))))))))))))))
.

2009-10-25 19:47:38 . 2008-04-13 18:36:35 187776 ----a-w- C:\WINDOWS\system32\drivers\ACPI_2.sys
2009-10-24 21:53:23 . 2009-10-24 21:53:24 0 d-----w- C:\Documents and Settings\Paula K\Application Data\Ludia
2009-10-24 21:53:23 . 2009-10-24 21:53:23 0 d-----w- C:\Documents and Settings\All Users\Application Data\Ludia
2009-10-24 21:37:59 . 2009-10-24 21:37:59 0 d-----w- C:\Program Files\Ubisoft
2009-10-22 06:41:26 . 2009-10-25 20:50:42 0 d-----w- C:\Documents and Settings\All Users\Application Data\McAfee
2009-10-20 19:59:39 . 2009-10-20 20:30:25 0 d-----w- C:\Documents and Settings\Paula K\Application Data\GetRightToGo
2009-10-20 05:07:03 . 2009-10-20 05:28:18 0 d-----w- C:\Documents and Settings\Paula K\Application Data\SmartDraw
2009-10-20 05:07:03 . 2009-10-20 05:07:03 0 d-----w- C:\Documents and Settings\Paula K\System
2009-10-20 05:05:13 . 2009-10-23 03:20:10 0 d-----w- C:\Program Files\SmartDraw 2010
2009-10-20 04:57:21 . 2008-10-16 18:06:48 268648 ----a-w- C:\WINDOWS\system32\mucltui.dll
2009-10-20 04:57:21 . 2008-10-16 18:06:48 208744 ----a-w- C:\WINDOWS\system32\muweb.dll
2009-10-20 04:49:44 . 2006-10-26 23:56:10 32592 ----a-w- C:\WINDOWS\system32\msonpmon.dll
2009-10-20 04:35:06 . 2009-10-20 04:35:15 0 d-----w- C:\Program Files\Microsoft Works
2009-10-20 04:27:04 . 2009-10-20 04:27:04 0 d-----w- C:\Program Files\Microsoft.NET
2009-10-20 03:57:58 . 2009-10-20 04:01:30 0 d-----w- C:\WINDOWS\SHELLNEW
2009-10-20 03:55:54 . 2009-10-20 03:55:54 0 d-----w- C:\Documents and Settings\Paula K\Local Settings\Application Data\Microsoft Help
2009-10-20 03:54:46 . 2009-10-21 07:00:58 0 d-----w- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-10-20 03:53:00 . 2009-10-20 03:53:00 0 d-----r- C:\MSOCache
2009-10-16 15:07:31 . 2009-10-16 15:07:31 0 d-----w- C:\Program Files\Canopy Games
2009-10-16 01:50:16 . 2009-10-23 03:18:19 0 d-----w- C:\Documents and Settings\All Users\Application Data\Electronic Arts
2009-10-16 01:50:16 . 2009-10-16 01:50:16 0 d-----w- C:\ProgramData
2009-10-15 18:03:34 . 2009-10-23 03:18:19 0 d-----w- C:\Program Files\Electronic Arts
2009-10-15 17:44:53 . 2009-10-15 17:44:53 0 d-----w- C:\WINDOWS\system32\AGEIA
2009-10-15 17:44:52 . 2009-10-15 17:45:09 0 d-----w- C:\Program Files\AGEIA Technologies
2009-10-15 03:00:56 . 2009-10-15 03:00:56 0 d-----w- C:\Documents and Settings\All Users\Application Data\Trymedia
2009-10-13 17:58:40 . 2009-10-13 17:58:40 0 d-----w- C:\WINDOWS\Wandering Willows
2009-10-13 17:58:39 . 2009-10-13 17:58:40 0 d-----w- C:\Program Files\Wandering Willows
2009-10-12 17:09:14 . 2009-10-12 17:19:54 0 d-----w- C:\Documents and Settings\Paula K\Local Settings\Application Data\Roblox
2009-10-12 17:08:45 . 2009-10-12 17:09:03 0 d-----w- C:\Documents and Settings\Paula K\Local Settings\Application Data\RobloxDownloads
2009-10-12 17:08:45 . 2009-10-12 17:08:45 0 d-----w- C:\Documents and Settings\Paula K\Local Settings\Application Data\RobloxVersions
2009-10-09 23:56:21 . 2009-10-09 23:56:21 0 d-----w- C:\Documents and Settings\Paula K\Application Data\Merscom
2009-10-09 23:56:21 . 2009-10-09 23:56:21 0 d-----w- C:\Documents and Settings\All Users\Application Data\Merscom
2009-10-09 21:52:13 . 2009-10-09 21:52:13 0 d-----w- C:\Documents and Settings\All Users\Application Data\Fugazo
2009-10-09 21:48:02 . 2009-10-09 21:56:25 0 d-----w- C:\Program Files\Nanny 911
2009-10-09 21:48:02 . 2009-10-09 21:48:02 0 d-----w- C:\WINDOWS\Nanny 911
2009-10-09 16:58:12 . 2009-10-09 16:58:13 0 d-----w- C:\Documents and Settings\Paula K\Application Data\W Photo Studio
2009-10-09 16:57:57 . 2009-10-09 16:57:57 0 d-----w- C:\Documents and Settings\Paula K\Application Data\Walgreens
2009-10-09 16:57:53 . 2009-10-09 16:57:53 0 d-----w- C:\Program Files\Common Files\HP
2009-10-09 16:57:51 . 2009-10-09 16:57:51 0 d-----w- C:\Program Files\Walgreens
2009-10-09 16:55:51 . 2009-10-09 16:57:59 0 d-----w- C:\Documents and Settings\All Users\Application Data\Walgreens
2009-10-09 16:51:43 . 2009-10-09 16:52:28 0 d-----w- C:\Documents and Settings\Paula K\Application Data\W Photo Studio Viewer
2009-10-05 22:58:22 . 2009-10-05 23:00:23 0 d-----w- C:\Program Files\support.com
2009-10-05 22:58:22 . 2009-10-05 22:58:22 0 d-----w- C:\Documents and Settings\Paula K\Local Settings\Application Data\SupportSoft
2009-10-05 22:58:17 . 2009-10-05 22:58:17 0 d-----w- C:\Program Files\Common Files\SupportSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-25 20:47:25 . 2009-08-28 18:23:13 27800 ----a-w- C:\Documents and Settings\Paula K\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-24 21:29:48 . 2009-08-29 00:46:48 0 d-----w- C:\Documents and Settings\Paula K\Application Data\uTorrent
2009-10-23 02:13:25 . 2009-09-04 15:19:43 0 d-----w- C:\Program Files\CCleaner
2009-10-16 15:07:30 . 2009-08-28 18:15:40 0 d--h--w- C:\Program Files\InstallShield Installation Information
2009-10-15 17:57:51 . 2009-09-22 22:39:42 0 d-----w- C:\Documents and Settings\All Users\Application Data\Sports Interactive
2009-10-14 14:14:22 . 2009-08-30 05:43:49 0 d-----w- C:\Documents and Settings\Paula K\Application Data\vlc
2009-10-13 00:53:13 . 2009-09-11 06:08:03 0 d-----w- C:\Documents and Settings\Paula K\Application Data\PlayFirst
2009-10-13 00:53:13 . 2009-09-11 06:08:03 0 d-----w- C:\Documents and Settings\All Users\Application Data\PlayFirst
2009-10-07 20:14:29 . 2009-08-30 07:18:20 0 d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP
2009-09-25 05:37:11 . 2006-06-23 15:33:58 667136 ------w- C:\WINDOWS\system32\wininet.dll
2009-09-25 05:37:09 . 2004-08-04 07:56:42 81920 ------w- C:\WINDOWS\system32\ieencode.dll
2009-09-23 02:20:17 . 2009-09-22 22:39:44 0 d-----w- C:\Documents and Settings\Paula K\Application Data\Sports Interactive
2009-09-23 02:16:07 . 2009-09-23 02:11:08 0 d--h--w- C:\Program Files\Zero G Registry
2009-09-23 02:11:08 . 2009-09-23 02:11:08 0 d-----w- C:\Program Files\Sports Interactive
2009-09-22 22:31:25 . 2009-08-29 04:40:21 0 d-----w- C:\Program Files\Super Ranch
2009-09-21 16:42:40 . 2009-09-23 19:38:09 15688 ----a-w- C:\WINDOWS\system32\lsdelete.exe
2009-09-21 16:30:53 . 2009-09-17 17:08:37 15 ----a-w- C:\Documents and Settings\Paula K\settings.dat
2009-09-18 04:26:50 . 2009-09-18 04:26:50 0 d-----w- C:\Documents and Settings\Paula K\Application Data\Malwarebytes
2009-09-18 03:10:00 . 2009-09-18 03:10:00 0 d-----w- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2009-09-18 01:34:25 . 2009-09-18 01:34:25 664 ----a-w- C:\WINDOWS\system32\d3d9caps.dat
2009-09-18 01:24:10 . 2009-09-18 01:24:10 0 d-----w- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-09-18 01:24:08 . 2009-09-17 16:27:01 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-17 23:05:26 . 2009-09-17 22:03:42 0 d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-17 22:04:54 . 2009-09-17 22:03:42 0 d-----w- C:\Program Files\Spybot - Search & Destroy
2009-09-17 22:01:12 . 2009-09-17 22:01:12 0 d-----w- C:\Documents and Settings\Administrator\Application Data\Safer Networking
2009-09-17 21:55:03 . 2009-09-17 21:55:02 0 d-----w- C:\Program Files\Unlocker
2009-09-17 21:47:26 . 2009-09-17 21:47:26 0 d-----w- C:\Program Files\MSConfig CleanUp
2009-09-17 17:39:05 . 2009-09-17 17:39:05 0 d-----w- C:\Program Files\Trend Micro
2009-09-17 16:27:01 . 2009-09-17 16:27:01 0 d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-16 17:53:42 . 2009-09-16 17:53:42 0 d-----w- C:\Documents and Settings\Paula K\Application Data\VitySoft
2009-09-14 20:23:29 . 2009-09-14 20:23:29 0 d-----w- C:\Documents and Settings\Paula K\Application Data\AlterLab
2009-09-12 03:52:00 . 2009-09-12 03:52:00 0 d--h--w- C:\Documents and Settings\All Users\Application Data\CanonBJ
2009-09-11 15:37:46 . 2009-08-28 21:58:46 0 d-----w- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-09-11 14:18:39 . 2003-03-31 12:00:00 136192 ----a-w- C:\WINDOWS\system32\msv1_0.dll
2009-09-10 18:54:06 . 2009-09-18 01:24:06 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53:50 . 2009-09-18 01:24:03 19160 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2009-09-07 16:26:44 . 2009-09-07 16:26:44 0 d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2009-09-07 16:02:56 . 2009-09-07 16:02:56 0 d-----w- C:\Program Files\JoWooD
2009-09-06 19:34:40 . 2009-09-06 19:34:40 0 d-----w- C:\Documents and Settings\All Users\Application Data\hitpointstudios
2009-09-05 17:55:16 . 2009-09-05 17:55:07 0 d-----w- C:\Program Files\The Learning Company
2009-09-05 17:19:21 . 2009-09-05 17:19:21 0 d-----w- C:\Program Files\Smart Projects
2009-09-05 16:58:30 . 2009-09-05 16:52:25 0 d-----w- C:\Program Files\DAEMON Tools Pro
2009-09-05 16:55:18 . 2009-09-05 16:55:01 0 d-----w- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2009-09-05 16:55:00 . 2009-09-05 16:54:36 0 d-----w- C:\Documents and Settings\Paula K\Application Data\DAEMON Tools Pro
2009-09-05 16:42:21 . 2009-09-05 16:42:21 685816 ----a-w- C:\WINDOWS\system32\drivers\sptd.sys
2009-09-04 21:44:40 . 2009-10-09 23:49:48 515416 ----a-w- C:\WINDOWS\system32\XAudio2_5.dll
2009-09-04 21:44:40 . 2009-10-09 23:49:47 238936 ----a-w- C:\WINDOWS\system32\xactengine3_5.dll
2009-09-04 21:44:40 . 2009-10-09 23:49:42 69464 ----a-w- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-09-04 21:29:34 . 2009-10-09 23:49:45 235344 ----a-w- C:\WINDOWS\system32\d3dx11_42.dll
2009-09-04 21:29:34 . 2009-10-09 23:49:44 453456 ----a-w- C:\WINDOWS\system32\d3dx10_42.dll
2009-09-04 21:29:32 . 2009-10-09 23:49:47 1974616 ----a-w- C:\WINDOWS\system32\D3DCompiler_42.dll
2009-09-04 21:29:32 . 2009-10-09 23:49:46 5501792 ----a-w- C:\WINDOWS\system32\d3dcsx_42.dll
2009-09-04 21:29:30 . 2009-10-09 23:49:44 1892184 ----a-w- C:\WINDOWS\system32\D3DX9_42.dll
2009-09-04 21:03:36 . 2003-03-31 12:00:00 58880 ----a-w- C:\WINDOWS\system32\msasn1.dll
2009-09-01 16:42:26 . 2009-09-01 16:39:45 0 d-----w- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-09-01 16:39:58 . 2009-09-01 16:39:58 0 dc-h--w- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-01 16:39:45 . 2009-09-01 16:39:45 0 d-----w- C:\Program Files\Lavasoft
2009-08-31 19:58:08 . 2009-08-31 19:58:08 0 d-----w- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2009-08-31 17:31:40 . 2009-08-31 17:32:02 411368 ----a-w- C:\WINDOWS\system32\deploytk.dll
2009-08-31 17:31:36 . 2009-08-31 17:31:36 0 d-----w- C:\Program Files\Java
2009-08-31 17:08:50 . 2009-08-31 17:08:50 0 d-----w- C:\Documents and Settings\Paula K\Application Data\iWin
2009-08-31 17:08:50 . 2009-08-31 17:08:50 0 d-----w- C:\Documents and Settings\All Users\Application Data\iWin Games
2009-08-31 17:08:50 . 2009-08-31 17:08:50 0 d-----w- C:\Documents and Settings\All Users\Application Data\iWin
2009-08-30 17:13:50 . 2009-08-29 04:43:44 0 d-----w- C:\Program Files\Winmx
2009-08-30 07:22:00 . 2009-08-30 07:18:22 0 d-----w- C:\Documents and Settings\All Users\Application Data\SuperRanch
2009-08-30 05:42:18 . 2009-08-30 05:42:18 0 d-----w- C:\Program Files\VideoLAN
2009-08-30 05:35:53 . 2009-08-30 05:35:53 0 d-----w- C:\Documents and Settings\Paula K\Application Data\AdobeUM
2009-08-30 05:35:37 . 2009-08-30 05:35:36 0 d-----w- C:\Program Files\Common Files\Adobe
2009-08-29 01:51:35 . 2009-08-29 01:51:35 0 d-----w- C:\Program Files\Easy Video Splitter
2009-08-29 01:40:49 . 2009-08-29 01:40:48 0 d-----w- C:\Program Files\WinAVIVideoConverter
2009-08-29 00:46:59 . 2009-08-29 00:46:59 0 d-----w- C:\Program Files\uTorrent
2009-08-29 00:45:09 . 2009-08-29 00:45:08 0 d-----w- C:\Documents and Settings\Paula K\Application Data\VCDEasy
2009-08-29 00:45:04 . 2009-08-29 00:44:58 0 d-----w- C:\Program Files\VCDEasy
2009-08-29 00:43:44 . 2009-08-29 00:43:43 0 d-----w- C:\Program Files\7-Zip
2009-08-28 23:44:24 . 2009-08-28 18:15:16 0 d-----w- C:\Program Files\Common Files\InstallShield
2009-08-28 23:22:11 . 2009-08-28 23:22:10 0 d-----w- C:\Program Files\Microsoft Baseline Security Analyzer 2
2009-08-28 23:03:15 . 2009-08-28 23:03:15 0 d-----w- C:\Program Files\MSBuild
2009-08-28 23:03:07 . 2009-08-28 23:03:07 0 d-----w- C:\Program Files\Reference Assemblies
2009-08-28 22:58:28 . 2009-08-28 22:58:27 0 d-----w- C:\Program Files\Windows Media Connect 2
2009-08-28 22:44:39 . 2009-08-28 22:44:39 0 ----a-w- C:\WINDOWS\nsreg.dat
2009-08-28 22:00:09 . 2009-08-28 21:57:32 0 d-----w- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-08-28 21:59:09 . 2009-08-28 21:58:46 0 d-----w- C:\Documents and Settings\Paula K\Application Data\Yahoo!
2009-08-28 21:59:05 . 2009-08-28 21:57:30 0 d-----w- C:\Program Files\Yahoo!
2009-08-28 19:35:17 . 2009-08-28 18:53:07 8 ----a-w- C:\DFIMB.DAT
2009-08-28 19:00:55 . 2009-08-28 19:00:37 0 d-----w- C:\Program Files\VIA
2009-08-28 18:23:00 . 2009-08-28 18:23:00 0 d-----w- C:\Documents and Settings\Paula K\Application Data\ATI
2009-08-28 18:22:59 . 2009-08-28 18:22:59 130 ----a-w- C:\Documents and Settings\Paula K\Local Settings\Application Data\fusioncache.dat
2009-08-28 18:21:03 . 2009-08-28 18:21:03 0 d-----w- C:\Program Files\Common Files\ATI Technologies
2009-08-28 18:20:14 . 2009-08-28 18:15:43 0 d-----w- C:\Program Files\ATI Technologies
2009-08-28 17:19:15 . 2009-08-28 17:19:15 0 d-----w- C:\Program Files\microsoft frontpage
2009-08-28 17:16:09 . 2009-08-28 17:16:09 21640 ----a-w- C:\WINDOWS\system32\emptyregdb.dat
2009-08-26 08:00:21 . 2003-03-31 12:00:00 247326 ----a-w- C:\WINDOWS\system32\strmdll.dll
2009-08-05 09:01:48 . 2009-08-28 18:19:01 204800 ----a-w- C:\WINDOWS\system32\mswebdvd.dll
2009-08-05 00:44:46 . 2003-03-31 12:00:00 2189184 ------w- C:\WINDOWS\system32\ntoskrnl.exe
2009-08-04 14:20:08 . 2002-08-29 01:04:56 2066048 ------w- C:\WINDOWS\system32\ntkrnlpa.exe
2009-07-29 04:37:01 . 2003-03-31 12:00:00 81920 ----a-w- C:\WINDOWS\system32\fontsub.dll
2009-07-29 04:37:01 . 2003-03-31 12:00:00 119808 ----a-w- C:\WINDOWS\system32\t2embed.dll
2009-07-29 04:12:56 . 2009-09-18 00:50:42 27153 ----a-w- C:\WINDOWS\SETUP1.EXE
2009-07-28 20:33:56 . 2009-09-04 14:36:02 55656 ----a-w- C:\WINDOWS\system32\drivers\avgntflt.sys
.

WIN32 LOG

Ok am not sure if thats been done correctly...this is the log that is available.


Running from: C:\Documents and Settings\Paula K\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Paula K\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,612 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:04 AM

Posted 26 October 2009 - 04:23 AM

Thats not the complete combofix.txt. :(

Please make sure you copy/paste the complete log! I also see Combofix was run 4 times. Please look in C:\qoobox and post me the oldest combofix log from there as well (look at the number in the filename and post the log with the highest number).

I did not ask you to run Combofix again, I merely asked to see the older log. Please do not run Combofix or any other tools unless instructed.

I understand things can be quite confusing, but please keep in mind that running tools like Combofix unsupervised can cause really big problems. Those tools are not standard cleaning tools, and most times depending on the log output a helper knows what has to be done. That is the reason why I need the log from the very first Combofix run.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,612 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:04 AM

Posted 29 October 2009 - 08:47 AM

Hi Paula, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,612 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:04 AM

Posted 31 October 2009 - 04:37 AM

Due to lack of feedback, this topic is now closed.

If you are the original topic starter and you need this topic re-opened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users