Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Variant of rootkit


  • This topic is locked This topic is locked
29 replies to this topic

#1 lazyvista

lazyvista

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 29 September 2009 - 05:36 PM

I've been passed to this forum. Here is a link to the [post="http://www.bleepingcomputer.com/forums/t/260647/rootkit-removal-notice/"]Other Thread.[/post]

My operating system is Windows 2000.

Here is the log that was produced from Win32kDiag.exe.

Running from: C:Documents and SettingsSteve.DADS2800DesktopWin32kDiag.exe

Log file at : C:Documents and SettingsSteve.DADS2800DesktopWin32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:WINNT'...





Finished!

Here is a paste of DDS.txt and the attachment of attach.txt. I'm unable to post a copy of the Rootrepeal log because it abends when I execute it.

Rootrepeal error is 'DeviceIoControl Error! Error Code = 0x0'.


DDS (Ver_09-09-29.01) - NTFSx86
Run by Steve at 19:51:59.23 on Tue 09/29/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.511.90 [GMT -5:00]


============== Running Processes ===============

C:WINNTsystem32spoolsv.exe
C:Program FilesCommon FilesArcSoftConnection ServiceBinACService.exe
C:WINNTsystem32E_S00RP1.EXE
C:WINNTsystem32hidserv.exe
C:Program FilesJavajre6binjqs.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
C:Program FilesMcAfeeMPFMPFSrv.exe
C:WINNTsystem32nvsvc32.exe
C:WINNTsystem32regsvc.exe
C:WINNTsystem32MSTask.exe
C:Program FilesSiteAdvisor6261SAService.exe
C:WINNTsystem32stisvc.exe
C:WINNTSystem32WBEMWinMgmt.exe
C:WINNTExplorer.EXE
c:PROGRA~1mcafee.comagentmcagent.exe
C:WINNTSOUNDMAN.EXE
C:Program FilesHewlett-PackardDigital ImagingUnloadhpqcmon.exe
C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnf.exe
C:Program FilesSiteAdvisor6261SiteAdv.exe
C:WINNTsystem32RUNDLL32.EXE
C:PROGRA~1EPSONS~1EVENTM~1EEventManager.exe
C:Program FilesCommon FilesArcSoftConnection ServiceBinACDaemon.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesMicrosoft ActiveSyncWCESCOMM.EXE
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
C:Program FilesiPodbiniPodService.exe
C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
C:PROGRA~1MICROS~2OfficeOUTLOOK.EXE
C:Program FilesCommon FilesSystemMAPI1033ntMAPISP32.EXE
C:PROGRA~1McAfeeMSMMcSmtFwk.exe
C:Program FilesLavasoftAd-AwareAAWService.exe
C:Program FilesLavasoftAd-AwareAAWTray.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsSteve.DADS2800DesktopVirusScanStuffdds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ntserver/Index.asp
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filescommon filesadobeacrobatactivexAcroIEHelper.dll
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:program filessiteadvisor6261SiteAdv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:progra~1mcafeeviruss~1scriptsn.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:program filessiteadvisor6261SiteAdv.dll
TB: {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - No File
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%system32browseui.dll
uRun: [H/PC Connection Agent] "c:program filesmicrosoft activesyncWCESCOMM.EXE"
uRun: [updateMgr] "c:program filesadobeacrobat 7.0readerAdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
uRun: [ResChanger 2005] c:program filesreschanger 2005ResChanger2005.exe
uRun: [SUPERAntiSpyware] c:program filessuperantispywareSUPERAntiSpyware.exe
mRun: [Synchronization Manager] mobsync.exe /logon
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NeroCheck] c:winntsystem32NeroCheck.exe
mRun: [CamMonitor] c:program fileshewlett-packarddigital imagingunloadhpqcmon.exe
mRun: [Share-to-Web Namespace Daemon] c:program fileshewlett-packardhp share-to-webhpgs2wnd.exe
mRun: [mswspl] c:program fileswindows media playerwmplayer.exe
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
mRun: [QuickTime Task] "c:program filesquicktimeqttask.exe" -atboottime
mRun: [AtiPTA] atiptaxx.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:winntsystem32NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [mcagent_exe] "c:program filesmcafee.comagentmcagent.exe" /runkey
mRun: [SiteAdvisor] "c:program filessiteadvisor6261SiteAdv.exe"
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 8.0readerReader_sl.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:winntsystem32NvMcTray.dll,NvTaskbarInit
mRun: [EEventManager] c:progra~1epsons~1eventm~1EEventManager.exe
mRun: [ArcSoft Connection Service] c:program filescommon filesarcsoftconnection servicebinACDaemon.exe
mRun: [SunJavaUpdateSched] "c:program filesjavajre6binjusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:program filesmalwarebytes' anti-malwarembam.exe" /runcleanupscript
dRunOnce: [^SetupICWDesktop] c:program filesinternet explorerconnection wizardicwconn1.exe /desktop
StartupFolder: c:docume~1steve~1.dadstartm~1programsstartuppictur~1.lnk - c:program filessonysony picture utilityvolumewatcherSPUVolumeWatcher.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupmicros~1.lnk - c:program filesmicrosoft officeofficeOSA9.EXE
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:program filesmicrosoft activesyncinetrepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:program filesmicrosoft activesyncinetrepl.dll
DPF: DirectAnimation Java Classes - file://c:winntjavaclassesdajava.cab
DPF: Microsoft XML Parser for Java - file://c:winntjavaclassesxmldso.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:program filesmicrosoft activesyncaatp.dll
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:program filessiteadvisor6261SiteAdv.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:program filesmicrosoft activesynccenetflt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:program filesmicrosoft activesynccenetflt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:program filesmicrosoft activesynccenetflt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:program filesmicrosoft activesynccenetflt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:program filesmicrosoft activesynccenetflt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:program filesmicrosoft activesynccenetflt.dll
Notify: !SASWinLogon - c:program filessuperantispywareSASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:program filessuperantispywareSASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:winntsystem32driversLbd.sys [2009-9-21 64160]
R0 viasraid;viasraid;c:winntsystem32driversviasraid.sys [2004-4-9 78988]
R1 mfehidk;McAfee Inc. mfehidk;c:winntsystem32driversmfehidk.sys [2008-8-7 214024]
R1 SASDIFSV;SASDIFSV;c:program filessuperantispywaresasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:program filessuperantispywareSASKUTIL.SYS [2009-9-15 74480]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:program fileslavasoftad-awareAAWService.exe [2009-7-3 1028432]
R2 McProxy;McAfee Proxy Service;c:progra~1common~1mcafeemcproxymcproxy.exe [2009-4-1 359952]
R2 McShield;McAfee Real-time Scanner;c:progra~1mcafeeviruss~1mcshield.exe [2009-4-16 144704]
R3 McSysmon;McAfee SystemGuards;c:progra~1mcafeeviruss~1mcsysmon.exe [2009-4-16 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:winntsystem32driversmfeavfk.sys [2008-8-7 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:winntsystem32driversmfebopk.sys [2008-8-7 35272]
R3 mferkdk;McAfee Inc. mferkdk;c:winntsystem32driversmferkdk.sys [2008-8-7 34216]
R3 mfesmfk;McAfee Inc. mfesmfk;c:winntsystem32driversmfesmfk.sys [2008-8-7 40552]
R3 PxHelper;PxHelper;c:winntsystem32driversPxHelper.sys [2004-4-10 16512]
R3 SASENUM;SASENUM;c:program filessuperantispywareSASENUM.SYS [2009-9-15 7408]
R3 usbhub20;USB 2.0 Root Hub Support;c:winntsystem32driversusbhub20.sys [2004-4-9 49776]
S2 878TVCard;Bt878 TV Card - Video Capture;c:winntsystem32driversBt878.sys [2008-10-14 214692]
S2 878TVTuner;Bt878 TV Card - TV Tuner;c:winntsystem32driversBtTuner.sys [2008-10-14 11392]
S2 878Xbar;Bt878 TV Card - Crossbar;c:winntsystem32driversBtXbar.sys [2008-10-14 8448]
S2 BT848;Conexant's BtPCI WDM Video Capture;c:winntsystem32driversBT848.sys [2007-9-24 371349]
S3 viafilter;VIA USB Filter;c:winntsystem32driversviausb.sys [2004-4-9 9038]

=============== Created Last 30 ================

2009-09-27 20:07 16,384 a------t c:winntsystem32Perflib_Perfdata_4f4.dat
2009-09-27 20:05 16,384 a------t c:winntsystem32Perflib_Perfdata_22c.dat
2009-09-27 16:16 --d----- c:docume~1alluse~1applic~1SUPERAntiSpyware.com
2009-09-27 16:16 --d----- c:program filesSUPERAntiSpyware
2009-09-27 16:16 --d----- c:docume~1steve~1.dadapplic~1SUPERAntiSpyware.com
2009-09-27 16:15 --d----- c:program filescommon filesWise Installation Wizard
2009-09-27 15:57 --d----- c:docume~1steve~1.dadapplic~1Malwarebytes
2009-09-27 15:57 38,224 a------- c:winntsystem32driversmbamswissarmy.sys
2009-09-27 15:57 18,520 a------- c:winntsystem32driversmbam.sys
2009-09-27 15:57 --d----- c:program filesMalwarebytes' Anti-Malware
2009-09-27 15:57 --d----- c:docume~1alluse~1applic~1Malwarebytes
2009-09-26 07:23 16,384 a------t c:winntsystem32Perflib_Perfdata_6f8.dat
2009-09-23 07:28 16,384 a------t c:winntsystem32Perflib_Perfdata_50c.dat
2009-09-21 21:41 16,384 a------t c:winntsystem32Perflib_Perfdata_240.dat
2009-09-21 21:23 118 a------- c:winntsystem32MRT.INI
2009-09-21 20:05 16,384 a------t c:winntsystem32Perflib_Perfdata_518.dat
2009-09-21 19:56 64,160 a------- c:winntsystem32driversLbd.sys
2009-09-21 19:52 -cd-h--- c:docume~1alluse~1applic~1{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-21 06:59 16,384 a------t c:winntsystem32Perflib_Perfdata_270.dat
2009-09-20 09:23 68 a------- c:winntsystem32gasfkyirpiraeh.dat
2009-09-20 09:18 56,793 a------- c:winntsystem32gasfkysodqnjpi.dat
2009-09-20 09:18 18,944 a------- c:winntsystem32gasfkykecpihvr.dll
2009-09-20 09:18 69,120 a------- c:winntsystem32driversgasfkydfnerndb.sys
2009-09-20 09:18 41,984 a------- c:winntsystem32gasfkyimvsccrx.dll
2009-09-03 07:27 16,384 a------t c:winntsystem32Perflib_Perfdata_4d8.dat
2009-09-02 15:44 45 a------- c:documents and settingssteve.dads2800jagex_runescape_preferences2.dat

==================== Find3M ====================

2009-09-18 18:23 37 a------- c:documents and settingssteve.dads2800jagex_runescape_preferences.dat
2009-08-05 00:04 90,164 a------- c:winntsystem32atl.dll
2009-08-04 19:48 16,384 a------t c:winntsystem32Perflib_Perfdata_500.dat
2009-07-30 16:18 16,384 a------t c:winntsystem32Perflib_Perfdata_4f8.dat
2009-07-27 06:27 165,136 a------- c:winntsystem32t2embed.dll
2009-07-27 06:27 81,168 a------- c:winntsystem32fontsub.dll
2009-07-25 05:23 411,368 a------- c:winntsystem32deploytk.dll
2009-07-13 20:07 16,384 a------t c:winntsystem32Perflib_Perfdata_260.dat
2009-07-13 08:13 78,608 a------- c:winntsystem32avifil32.dll
2009-07-13 03:18 233,472 a------- c:winntsystem32wmpdxm.dll
2009-07-10 13:49 601,088 a------- c:winntsystem32INETCOMM.DLL
2009-07-10 13:49 47,616 a------- c:winntsystem32INETRES.DLL
2009-07-10 13:49 229,376 a------- c:winntsystem32MSOEACCT.DLL
2009-07-10 13:49 91,136 a------- c:winntsystem32MSOERT2.DLL
2009-07-10 13:47 44,032 a------- c:winntsystem32MSIDENT.DLL
2006-03-26 21:16 173 a---h--- c:documents and settingssteve.dads2800hpothb07.dat
2004-04-09 17:46 21,952 ----h--- c:program filesfolder.htt
2004-04-09 17:46 271 ----h--- c:program filesdesktop.ini
2003-03-29 20:00 269 a------- c:documents and settingssteve.dads2800SteveLogin.bat
2000-07-26 07:00 32,528 a------- c:winntinfwbfirdma.sys

============= FINISH: 19:52:35.73 ===============

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 29 September 2009 - 09:59 PM.


BC AdBot (Login to Remove)

 


#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:08:46 AM

Posted 16 October 2009 - 10:26 PM

Hello, lazyvista.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Please note that I am in the process of my training so it may take a while for me to get back to you, as each of my fixes need to be checked by a coach first.

We need to run RSIT
  • Download random's system information tool (RSIT) by random/random and save it to your desktop.
  • Double click on RSIT.exe.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
In your next reply, please include the following:
  • Log.txt
  • info.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#3 lazyvista

lazyvista
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 17 October 2009 - 09:07 AM

Here is the output.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Steve at 2009-10-17 09:01:48
Microsoft Windows 2000 Professional Service Pack 4
System drive C: has 13 GB (17%) free of 76 GB
Total RAM: 511 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:01:49 AM, on 10/17/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\WINNT\System32\SCardSvr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\System32\locator.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Steve.DADS2800\Desktop\RSIT.exe
C:\Program Files\trend micro\Steve.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ntserver/Index.asp
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [mswspl] C:\Program Files\Windows Media Player\wmplayer.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [ResChanger 2005] C:\Program Files\ResChanger 2005\ResChanger2005.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\FlashUtil10b.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Buselpeq - Illusion & Hope. - (no file)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINNT\system32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

--
End of file - 8271 bytes

======Scheduled tasks folder======

C:\WINNT\tasks\Ad-Aware Update (Weekly).job
C:\WINNT\tasks\McQcTask.job
C:\WINNT\tasks\{1BDEB539-DA2B-41A4-97BD-E3FF82BCD63A}_DADS2800_Steve.job
C:\WINNT\tasks\{D91E47F1-2F1C-4FD2-9A1B-E3E3C29BBD2B}_DADS2800_Steve.job
C:\WINNT\tasks\{EFD46C1F-5B6B-457F-BD7E-23E7F1E81B7A}_DADS2800_Steve.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}]
C:\Program Files\SiteAdvisor\6261\SiteAdv.dll [2008-05-16 927008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-07-08 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - @msdxmLC.dll,-1@1033,&Radio - C:\WINNT\System32\msdxm.ocx [2005-03-31 844560]
{0BF43445-2F28-4351-9252-17FE6E806AA0} - McAfee SiteAdvisor - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll [2008-05-16 927008]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"=mobsync.exe /logon []
"SoundMan"=C:\WINNT\SOUNDMAN.EXE [2003-12-19 65024]
"CamMonitor"=C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe [2002-10-07 90112]
"Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-17 69632]
"mswspl"=C:\Program Files\Windows Media Player\wmplayer.exe [2002-12-11 73728]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2005-10-18 278528]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-12-11 155648]
"AtiPTA"=C:\WINNT\system32\atiptaxx.exe [2001-09-27 245760]
"NvCplDaemon"=C:\WINNT\system32\NvCpl.dll [2007-06-29 8466432]
"nwiz"=nwiz.exe /install []
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-07-10 645328]
"SiteAdvisor"=C:\Program Files\SiteAdvisor\6261\SiteAdv.exe [2007-08-24 36640]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"NvMediaCenter"=C:\WINNT\system32\NvMcTray.dll [2007-06-29 81920]
"EEventManager"=C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe [2008-02-19 591696]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-04-17 98616]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [2004-02-03 401491]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_8 -reboot 1 []
"ResChanger 2005"=C:\Program Files\ResChanger 2005\ResChanger2005.exe []
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-09-15 1998576]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2008-09-26 2356088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINNT\system32\Macromed\Flash\FlashUtil10b.exe [2009-02-02 240544]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

C:\Documents and Settings\Steve.DADS2800\Start Menu\Programs\Startup
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-10-17 08:48:35 ----D---- C:\Program Files\trend micro
2009-10-17 08:48:33 ----D---- C:\rsit
2009-10-05 18:19:25 ----D---- C:\Documents and Settings\Steve.DADS2800\Application Data\Eltima Software
2009-10-05 18:18:54 ----D---- C:\Program Files\Eltima Software
2009-09-27 16:16:07 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-27 16:16:00 ----D---- C:\Program Files\SUPERAntiSpyware
2009-09-27 16:16:00 ----D---- C:\Documents and Settings\Steve.DADS2800\Application Data\SUPERAntiSpyware.com
2009-09-27 16:15:36 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-09-27 15:57:21 ----D---- C:\Documents and Settings\Steve.DADS2800\Application Data\Malwarebytes
2009-09-27 15:57:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-27 15:57:16 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-26 07:23:10 ----A---- C:\WINNT\system32\javaws.exe
2009-09-26 07:23:10 ----A---- C:\WINNT\system32\javaw.exe
2009-09-26 07:23:10 ----A---- C:\WINNT\system32\java.exe
2009-09-21 21:24:11 ----HDC---- C:\WINNT\$NtUninstallKB961371-V2$
2009-09-21 21:24:06 ----HDC---- C:\WINNT\$NtUninstallKB956844$
2009-09-21 21:24:02 ----HDC---- C:\WINNT\$NtUninstallKB971961$
2009-09-21 21:23:57 ----HDC---- C:\WINNT\$NtUninstallKB968537$
2009-09-21 21:23:52 ----HDC---- C:\WINNT\$NtUninstallKB960859$
2009-09-21 21:23:26 ----A---- C:\WINNT\system32\MRT.INI
2009-09-21 21:21:45 ----A---- C:\WINNT\system32\wmpns.dll
2009-09-21 21:21:38 ----HDC---- C:\WINNT\$NtUninstallKB973540_WM9L$
2009-09-21 21:21:33 ----HDC---- C:\WINNT\$NtUninstallKB958470$
2009-09-21 21:21:27 ----HDC---- C:\WINNT\$NtUninstallKB971633_DX9$
2009-09-21 21:21:19 ----HDC---- C:\WINNT\$NtUninstallKB973354-OE6SP1-20090710.120000$
2009-09-21 21:21:13 ----HDC---- C:\WINNT\$NtUninstallKB973507$
2009-09-21 21:21:08 ----HDC---- C:\WINNT\$NtUninstallKB970238$
2009-09-21 21:21:02 ----HDC---- C:\WINNT\$NtUninstallKB973346$
2009-09-21 21:20:56 ----HDC---- C:\WINNT\$NtUninstallKB973869$
2009-09-21 21:20:46 ----HDC---- C:\WINNT\$NtUninstallKB972260-IE6SP1-20090722.120000$
2009-09-21 21:20:39 ----HDC---- C:\WINNT\$NtUninstallKB968816_WM9$
2009-09-21 21:20:34 ----HDC---- C:\WINNT\$NtUninstallKB961501$
2009-09-21 21:20:26 ----HDC---- C:\WINNT\$NtUninstallKB971557$
2009-09-21 19:52:52 ----HDC---- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-20 09:18:35 ----A---- C:\WINNT\system32\gasfkykecpihvr.dll

======List of files/folders modified in the last 1 months======

2009-10-17 08:48:35 ----AD---- C:\Program Files
2009-10-17 04:07:59 ----AD---- C:\WINNT\system32
2009-10-17 02:40:02 ----AD---- C:\WINNT\Temp
2009-10-16 20:06:35 ----AD---- C:\WINNT\security
2009-10-13 17:01:37 ----HD---- C:\WINNT\inf
2009-10-13 17:01:37 ----AD---- C:\WINNT
2009-10-13 06:52:26 ----A---- C:\WINNT\win.ini
2009-10-09 03:59:35 ----AD---- C:\WINNT\system32\drivers
2009-10-08 22:23:34 ----AD---- C:\WINNT\Debug
2009-10-08 22:23:08 ----A---- C:\WINNT\SchedLgU.Txt
2009-10-08 22:22:58 ----SHD---- C:\WINNT\CSC
2009-10-08 22:22:42 ----D---- C:\Program Files\McAfee
2009-10-08 06:59:02 ----D---- C:\WINNT\system32\NtmsData
2009-10-03 15:44:00 ----RASHDC---- C:\WINNT\system32\dllcache
2009-10-03 15:43:57 ----AD---- C:\WINNT\Help
2009-09-27 16:16:06 ----SHD---- C:\WINNT\Installer
2009-09-27 16:08:33 ----D---- C:\WINNT\ServicePackFiles
2009-09-26 07:22:38 ----D---- C:\Program Files\Java
2009-09-21 21:41:14 ----D---- C:\Program Files\QUICKENW
2009-09-21 21:34:33 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-21 21:34:19 ----D---- C:\Program Files\Microsoft ActiveSync
2009-09-21 21:34:12 ----D---- C:\Program Files\Microsoft Office
2009-09-21 21:24:10 ----A---- C:\WINNT\imsins.BAK
2009-09-21 21:21:23 ----D---- C:\Program Files\Outlook Express
2009-09-21 21:21:23 ----D---- C:\Program Files\Common Files\System
2009-09-21 20:11:36 ----SD---- C:\WINNT\Downloaded Program Files
2009-09-21 19:56:40 ----ASD---- C:\WINNT\Tasks
2009-09-21 19:51:53 ----D---- C:\WINNT\winsxs
2009-09-21 07:07:21 ----D---- C:\Program Files\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINNT\system32\drivers\AFS2K.sys [2004-04-10 82380]
R1 Cdr4_2K;Cdr4_2K; C:\WINNT\system32\drivers\Cdr4_2K.sys [2006-08-28 2432]
R1 Cdralw2k;Cdralw2k; C:\WINNT\system32\drivers\Cdralw2k.sys [2006-08-28 2560]
R1 kbdhid;Keyboard HID Driver; C:\WINNT\System32\DRIVERS\kbdhid.sys [1999-10-04 13744]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINNT\system32\drivers\mfehidk.sys [2009-07-08 214024]
R1 MPFP;MPFP; C:\WINNT\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 HidUsb;Microsoft HID Class Driver; C:\WINNT\System32\DRIVERS\hidusb.sys [1999-10-04 13904]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINNT\system32\drivers\ALCXSENS.SYS [2003-12-11 391424]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINNT\system32\drivers\ALCXWDM.SYS [2003-12-19 541548]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINNT\system32\DRIVERS\fetnd5bv.sys [2006-06-13 43008]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINNT\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINNT\system32\drivers\mfeavfk.sys [2009-07-08 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINNT\system32\drivers\mfebopk.sys [2009-07-08 35272]
R3 mferkdk;McAfee Inc. mferkdk; C:\WINNT\system32\drivers\mferkdk.sys [2009-07-08 34248]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINNT\system32\drivers\mfesmfk.sys [2009-07-08 40552]
R3 mouhid;Mouse HID Driver; C:\WINNT\System32\DRIVERS\mouhid.sys [2003-06-19 11632]
R3 nv;nv; C:\WINNT\system32\DRIVERS\nv4_mini.sys [2007-06-29 6807328]
R3 PxHelper;PxHelper; \??\C:\WINNT\system32\drivers\PxHelper.sys []
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 uhcd;Microsoft USB Universal Host Controller Driver; C:\WINNT\System32\DRIVERS\uhcd.sys [2003-06-19 32848]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbehci.sys [2003-06-19 19728]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINNT\System32\DRIVERS\usbhub.sys [2003-06-19 40176]
R3 usbhub20;USB 2.0 Root Hub Support; C:\WINNT\System32\DRIVERS\usbhub20.sys [2003-06-19 49776]
S2 878TVCard;Bt878 TV Card - Video Capture; C:\WINNT\system32\drivers\Bt878.sys [2005-09-04 214692]
S2 878TVTuner;Bt878 TV Card - TV Tuner; C:\WINNT\system32\drivers\BtTuner.sys [2005-09-04 11392]
S2 878Xbar;Bt878 TV Card - Crossbar; C:\WINNT\system32\drivers\BtXbar.sys [2005-09-04 8448]
S2 BT848;Conexant's BtPCI WDM Video Capture; C:\WINNT\system32\DRIVERS\BT848.sys [2007-09-24 371349]
S2 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINNT\system32\DRIVERS\atinmdxx.sys [2001-09-26 11280]
S3 ati2mtaa;ati2mtaa; C:\WINNT\system32\DRIVERS\ati2mtaa.sys [2001-09-27 291121]
S3 atinrvxx;ATI WDM Rage Theater Video; C:\WINNT\system32\DRIVERS\atinrvxx.sys [2001-09-26 65104]
S3 CCDECODE;Closed Caption Decoder; C:\WINNT\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINNT\System32\DRIVERS\fetnd5b.sys [2004-02-20 42496]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 MPE;BDA MPE Filter; C:\WINNT\system32\DRIVERS\MPE.sys [2004-07-09 15104]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINNT\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 SLIP;BDA Slip De-Framer; C:\WINNT\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINNT\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\System32\DRIVERS\usbprint.sys [2003-06-19 21872]
S3 usbscan;USB Scanner Driver; C:\WINNT\System32\DRIVERS\usbscan.sys [2003-06-19 12592]
S3 USBSTOR;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2003-06-19 21552]
S3 viafilter;VIA USB Filter; C:\WINNT\System32\Drivers\viausb.sys [2003-06-18 9038]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINNT\system32\DRIVERS\wceusbsh.sys [2003-12-22 104064]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S4 IntelIde;IntelIde; C:\WINNT\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINNT\System32\drivers\ws2ifsl.sys [2000-07-26 12016]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-04-17 102712]
R2 HidServ;HID Input Service; C:\WINNT\system32\hidserv.exe [2003-06-19 19728]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-21 1028432]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-10 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-07-08 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-07-10 894136]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINNT\system32\nvsvc32.exe [2007-06-29 155716]
R2 SiteAdvisor Service;SiteAdvisor Service; C:\Program Files\SiteAdvisor\6261\SAService.exe [2008-08-08 345376]
R2 StiSvc;Still Image Service; C:\WINNT\system32\stisvc.exe [2003-06-19 61712]
R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-10-18 323584]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-07-08 606736]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINNT\system32\Ati2evxx.exe [2000-11-30 57344]
S2 EPSON_PM_RPCV2_01;EPSON V3 Service2(03); C:\WINNT\system32\E_S00RP1.EXE [2002-07-01 62464]
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-07-08 365072]
S3 WmdmPmSN;Portable Media Serial Number Service; C:\WINNT\System32\svchost.exe [2000-07-26 7952]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-10-17 08:49:14

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe -runfromtemp -l0x0009/cont -removeonly
-->C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe -runfromtemp -l0x0009 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{028EC2AF-F501-4567-9CEA-140030DE8544}\setup.exe" -l0x9 -u
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2580F4DA-324F-4945-B16F-B2B867325085}\setup.exe" -l0x9 -u
7-Zip 4.23-->"C:\Program Files\7-Zip\Uninstall.exe"
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
Adobe Flash Player 10 ActiveX-->C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
ArcSoft Print Creations - Brochure-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F626E006-C06C-466A-B133-92C1991385CA}\Setup.exe" -l0x9 -1Brochure
ArcSoft Print Creations - Photo Calendar-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F626E006-C06C-466A-B133-92C1991385CA}\Setup.exe" -l0x9 -1Calendar
ArcSoft Print Creations-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F626E006-C06C-466A-B133-92C1991385CA}\Setup.exe" -l0x9
ATI Display Driver-->rundll32 C:\WINNT\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
CDex extraction audio-->"C:\Program Files\CDex_150\uninstall.exe"
Core FTP LE 1.3c-->C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG
DAO 3.5-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Intuit\DAO 3.5\Uninst.isu"
Diablo II-->C:\WINNT\DIIUnin.exe C:\WINNT\DIIUnin.dat
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
EPSON CardMonitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\Setup.exe" -l0x9 uninst
Epson Event Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48F22622-1CC2-4A83-9C1E-644DD96F832D}\Setup.exe" -l0x9 -u
EPSON PhotoStarter3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5983C895-DDA4-45D9-A8D1-877D5DE7693E}\Setup.exe" uninst
EPSON Print CD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\Setup.exe" -l0x9 -SYSTEM
EPSON Printer Software-->C:\WINNT\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON SPR300 Reference Guide-->C:\Program Files\epson\guide\spr300_e\uninstall.exe
EPSON WorkForce 600 Series Printer Uninstall-->C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FINSEKA.EXE /R /APD /P:"EPSON WorkForce 600 Series"
EpsonNet Config V3-->C:\Program Files\InstallShield Installation Information\{2B0CDD4D-5C1A-47F7-89E2-9BF604670ABC}\Setup.exe -runfromtemp -l0x0009 -removeonly
EpsonNet Print-->C:\Program Files\InstallShield Installation Information\{3E31400D-274E-4647-916C-2CACC3741799}\ENPSETUP.exe -runfromtemp -l0x0009 -EPSON -removeonly
FantasyFootball-->C:\WINNT\st6unst.exe -n "C:\Program Files\FantasyFootball\ST6UNST.LOG"
Film Factory-->C:\WINNT\IsUninst.exe -f"C:\Program Files\EPSON Software\Film Factory\Uninst.isu"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for MDAC 2.71 (KB911562)-->"C:\WINNT\$SQLUninstallMDAC27SP1-KB911562-x86-ENU$\spuninst\spuninst.exe"
Hotfix for MDAC 2.71 (KB927779)-->"C:\WINNT\$SQLUninstallMDAC27SP1-KB927779-x86-ENU$\spuninst\spuninst.exe"
hp instant support-->C:\PROGRA~1\HEWLET~1\hpis\Uninstall.exe t /s CeS
HP Memories Disc-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - Photosmart Cameras-->MsiExec.exe /X{471C85E9-6FCA-4862-A530-F51628A428FB}
iTunes-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{872653C6-5DDC-488B-B7C2-CF9E4D9335E5} /l1033
Java™ 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1 Hotfix (KB947742)-->"C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M947742\M947742Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft ActiveSync 3.7-->"C:\WINNT\ISUNINST.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll"
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINNT\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nero - Burning Rom-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
NVIDIA Drivers-->C:\WINNT\system32\nvudisp.exe UninstallGUI
Picture Package Music Transfer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe" -l0x9 -removeonly
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
Read in Microsoft Reader Add-in for Microsoft Word-->MsiExec.exe /I{84F1DAC1-E1BF-4A21-9D2B-DD3E12686A2C}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remote Desktop Connection-->MsiExec.exe /X{3E713D52-C967-41FB-AA24-3A92CC1025A4}
Roll-->C:\WINNT\UniFish3.exe C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
Security Update for DirectX 9 (KB941568)-->"C:\WINNT\$NtUninstallKB941568_DX9$\spuninst\spuninst.exe"
Security Update for DirectX 9 (KB951698)-->"C:\WINNT\$NtUninstallKB951698_DX9$\spuninst\spuninst.exe"
Security Update for DirectX 9.0 (KB971633)-->"C:\WINNT\$NtUninstallKB971633_DX9$\spuninst\spuninst.exe"
Security Update for DirectX 9.0b (KB961373)-->"C:\WINNT\$NtUninstallKB961373_DX9$\spuninst\spuninst.exe"
Security Update for Windows 2000 (KB904706)-->"C:\WINNT\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows 2000 (KB923689)-->"C:\WINNT\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows 2000 (KB941569)-->"C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINNT\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINNT\$NtUninstallKB952069_WM71$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINNT\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINNT\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB954600)-->"C:\WINNT\$NtUninstallKB954600_WM41$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINNT\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINNT\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINNT\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB973540)-->"C:\WINNT\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0009 /removeonly uninstall -removeonly
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SWF & FLV Player 3.0 (build 3.0.33.5106)-->"C:\Program Files\Eltima Software\SWF & FLV Player\unins000.exe"
Update Rollup 1 for Windows 2000 SP4-->"C:\WINNT\$NtUpdateRollupPackUninstall$\spuninst\spuninst.exe"
VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINNT\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows 2000 Hotfix - KB842773-->C:\WINNT\$NtUninstallKB842773$\spuninst\spuninst.exe
Windows 2000 Hotfix - KB867282-->C:\WINNT\$NtUninstallKB867282-IE6SP1-20050127.163319$\spuninst\spuninst.exe
Windows 2000 Hotfix - KB889293-->C:\WINNT\$NtUninstallKB889293-IE6SP1-20041111.235619$\spuninst\spuninst.exe
Windows 2000 Hotfix - KB890046-->"C:\WINNT\$NtUninstallKB890046$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB893756-->"C:\WINNT\$NtUninstallKB893756$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB896358-->"C:\WINNT\$NtUninstallKB896358$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB896422-->"C:\WINNT\$NtUninstallKB896422$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB896423-->"C:\WINNT\$NtUninstallKB896423$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB896424-->"C:\WINNT\$NtUninstallKB896424$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB897715-->"C:\WINNT\$NtUninstallKB897715-OE6SP1-20050503.210336$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB899587-->"C:\WINNT\$NtUninstallKB899587$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB899589-->"C:\WINNT\$NtUninstallKB899589$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB900725-->"C:\WINNT\$NtUninstallKB900725$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB901017-->"C:\WINNT\$NtUninstallKB901017$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB901214-->"C:\WINNT\$NtUninstallKB901214$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB902400-->"C:\WINNT\$NtUninstallKB902400$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB905414-->"C:\WINNT\$NtUninstallKB905414$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB905495-->"C:\WINNT\$NtUninstallKB905495-IE6SP1-20050805.184113$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB905749-->"C:\WINNT\$NtUninstallKB905749$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB905915-->"C:\WINNT\$NtUninstallKB905915-IE6SP1-20051122.175908$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB908519-->"C:\WINNT\$NtUninstallKB908519$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB908523-->"C:\WINNT\$NtUninstallKB908523$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB908531-->"C:\WINNT\$NtUninstallKB908531$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB911280-->"C:\WINNT\$NtUninstallKB911280$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB911567-->"C:\WINNT\$NtUninstallKB911567-OE6SP1-20060316.165634$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB912812-->"C:\WINNT\$NtUninstallKB912812-IE6SP1-20060322.182418$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB912919-->"C:\WINNT\$NtUninstallKB912919$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB913580-->"C:\WINNT\$NtUninstallKB913580$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB914388-->"C:\WINNT\$NtUninstallKB914388$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB914389-->"C:\WINNT\$NtUninstallKB914389$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917008-->"C:\WINNT\$NtUninstallKB917008$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917159-->"C:\WINNT\$NtUninstallKB917159$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917422-->"C:\WINNT\$NtUninstallKB917422$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917537-->"C:\WINNT\$NtUninstallKB917537$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917736-->"C:\WINNT\$NtUninstallKB917736$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917953-->"C:\WINNT\$NtUninstallKB917953$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB918118-->"C:\WINNT\$NtUninstallKB918118$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB918899-->"C:\WINNT\$NtUninstallKB918899-IE6SP1-20060725.123917$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920213-->"C:\WINNT\$NtUninstallKB920213$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920670-->"C:\WINNT\$NtUninstallKB920670$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920683-->"C:\WINNT\$NtUninstallKB920683$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920685-->"C:\WINNT\$NtUninstallKB920685$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920958-->"C:\WINNT\$NtUninstallKB920958$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB921398-->"C:\WINNT\$NtUninstallKB921398$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB921503-->"C:\WINNT\$NtUninstallKB921503$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB921883-->"C:\WINNT\$NtUninstallKB921883$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB922582-->"C:\WINNT\$NtUninstallKB922582$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB922616-->"C:\WINNT\$NtUninstallKB922616$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923191-->"C:\WINNT\$NtUninstallKB923191$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923414-->"C:\WINNT\$NtUninstallKB923414$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923561-->"C:\WINNT\$NtUninstallKB923561$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923694-->"C:\WINNT\$NtUninstallKB923694-OE6SP1-20061106.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923810-->"C:\WINNT\$NtUninstallKB923810$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923980-->"C:\WINNT\$NtUninstallKB923980$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB924191-->"C:\WINNT\$NtUninstallKB924191$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB924270-->"C:\WINNT\$NtUninstallKB924270$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB924667-->"C:\WINNT\$NtUninstallKB924667$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB925454-->"C:\WINNT\$NtUninstallKB925454-IE6SP1-20061116.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB925486-->"C:\WINNT\$NtUninstallKB925486-IE6SP1-20060918.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB925902-->"C:\WINNT\$NtUninstallKB925902$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB926122-->"C:\WINNT\$NtUninstallKB926122$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB926436-->"C:\WINNT\$NtUninstallKB926436$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB927891-->"C:\WINNT\$NtUninstallKB927891$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB928090-->"C:\WINNT\$NtUninstallKB928090-IE6SP1-20070125.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB928843-->"C:\WINNT\$NtUninstallKB928843$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB929969-->"C:\WINNT\$NtUninstallKB929969-IE6SP1-20061220.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB930178-->"C:\WINNT\$NtUninstallKB930178$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB931768-->"C:\WINNT\$NtUninstallKB931768-IE6SP1-20070219.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB931784-->"C:\WINNT\$NtUninstallKB931784$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB932168-->"C:\WINNT\$NtUninstallKB932168$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB933729-->"C:\WINNT\$NtUninstallKB933729$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB935839-->"C:\WINNT\$NtUninstallKB935839$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB935840-->"C:\WINNT\$NtUninstallKB935840$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB936021-->"C:\WINNT\$NtUninstallKB936021$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB937143-->"C:\WINNT\$NtUninstallKB937143-IE6SP1-20070717.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB937894-->"C:\WINNT\$NtUninstallKB937894$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB938127-->"C:\WINNT\$NtUninstallKB938127-IE6SP1-20070626.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB938464-->"C:\WINNT\$NtUninstallKB938464-IE6SP1-20080429.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB938827-->"C:\WINNT\$NtUninstallKB938827$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB938829-->"C:\WINNT\$NtUninstallKB938829$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB941202-->"C:\WINNT\$NtUninstallKB941202-OE6SP1-20070820.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB941644-->"C:\WINNT\$NtUninstallKB941644$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB941693-->"C:\WINNT\$NtUninstallKB941693$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB942615-->"C:\WINNT\$NtUninstallKB942615-IE6SP1-20071029.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB943055-->"C:\WINNT\$NtUninstallKB943055$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB943485-->"C:\WINNT\$NtUninstallKB943485$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB944338-->"C:\WINNT\$NtUninstallKB944338$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB944533-->"C:\WINNT\$NtUninstallKB944533-IE6SP1-20071210.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB945553-->"C:\WINNT\$NtUninstallKB945553$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB948590-->"C:\WINNT\$NtUninstallKB948590$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB950749-->"C:\WINNT\$NtUninstallKB950749$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB950974-->"C:\WINNT\$NtUninstallKB950974$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB951066-->"C:\WINNT\$NtUninstallKB951066-OE6SP1-20080625.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB951748-->"C:\WINNT\$NtUninstallKB951748$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB952004-->"C:\WINNT\$NtUninstallKB952004$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB952954-->"C:\WINNT\$NtUninstallKB952954$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB953838-->"C:\WINNT\$NtUninstallKB953838-IE6SP1-20080620.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB953839-->"C:\WINNT\$NtUninstallKB953839$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB954211-->"C:\WINNT\$NtUninstallKB954211$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB955069-->"C:\WINNT\$NtUninstallKB955069$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB956390-->"C:\WINNT\$NtUninstallKB956390-IE6SP1-20080820.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB956391-->"C:\WINNT\$NtUninstallKB956391$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB956802-->"C:\WINNT\$NtUninstallKB956802$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB956844-->"C:\WINNT\$NtUninstallKB956844$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB957095-->"C:\WINNT\$NtUninstallKB957095$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB957097-->"C:\WINNT\$NtUninstallKB957097$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB958215-->"C:\WINNT\$NtUninstallKB958215-IE6SP1-20081016.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB958470-->"C:\WINNT\$NtUninstallKB958470$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB958644-->"C:\WINNT\$NtUninstallKB958644$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB958687-->"C:\WINNT\$NtUninstallKB958687$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB958690-->"C:\WINNT\$NtUninstallKB958690$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB959426-->"C:\WINNT\$NtUninstallKB959426$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB960225-->"C:\WINNT\$NtUninstallKB960225$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB960714-->"C:\WINNT\$NtUninstallKB960714-IE6SP1-20081211.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB960715-->"C:\WINNT\$NtUninstallKB960715$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB960803-->"C:\WINNT\$NtUninstallKB960803$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB960859-->"C:\WINNT\$NtUninstallKB960859$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB961371-V2-->"C:\WINNT\$NtUninstallKB961371-V2$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB961501-->"C:\WINNT\$NtUninstallKB961501$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB963027-->"C:\WINNT\$NtUninstallKB963027-IE6SP1-20090303.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB967715-->"C:\WINNT\$NtUninstallKB967715$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB968537-->"C:\WINNT\$NtUninstallKB968537$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB970238-->"C:\WINNT\$NtUninstallKB970238$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB971557-->"C:\WINNT\$NtUninstallKB971557$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB971961-->"C:\WINNT\$NtUninstallKB971961$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB972260-->"C:\WINNT\$NtUninstallKB972260-IE6SP1-20090722.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB973346-->"C:\WINNT\$NtUninstallKB973346$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB973354-->"C:\WINNT\$NtUninstallKB973354-OE6SP1-20090710.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB973507-->"C:\WINNT\$NtUninstallKB973507$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB973869-->"C:\WINNT\$NtUninstallKB973869$\spuninst\spuninst.exe"
Windows 2000 Hotfix (SP5) Q818043-->C:\WINNT\$NtUninstallQ818043$\spuninst\spuninst.exe
Windows Installer 3.1 (KB893803)-->"C:\WINNT\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Player 9 Hotfix [See KB885492 for more information]-->C:\WINNT\$NtUninstallKB885492$\spuninst\spuninst.exe
Windows Media Player Hotfix [See KB837272 for more information]-->C:\WINNT\$NtUninstallKB837272$\spuninst\spuninst.exe
Windows Media Player Hotfix [See Q828026 for more information]-->C:\WINNT\$NtUninstallQ828026$\spuninst\spuninst.exe
Windows Media Player system update (9 Series)-->C:

#4 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:08:46 AM

Posted 18 October 2009 - 09:49 AM

Thanks for posting your log. Logs take a while to process due to intensive research that must be done. Please give me some time to look over your logs and I will post back soon :(

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#5 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:08:46 AM

Posted 18 October 2009 - 11:15 AM

Hello, lazyvista.
We need to run a GMER scan
  • Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  • Close all other open programs as there is a slight chance your computer will crash.
  • Double click the GMER program ******.exe. Your security programs may detect GMER's driver trying to load. Allow it.
  • You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  • Leaving the settings at default, click Scan.
  • When the scan is complete, click Save and save the log onto your desktop.
In your next reply, please include the following:
  • gmer.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#6 lazyvista

lazyvista
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 19 October 2009 - 07:35 AM

Here is the log. GMER did say there was a rootkit. Let me know what is next. Thanks Steve

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-19 07:31:02
Windows 5.0.2195 Service Pack 4
Running: 66cfu92s.exe; Driver: C:\DOCUME~1\STEVE~1.DAD\LOCALS~1\Temp\kxliapoc.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xEB43087E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xEB430BFE]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xBD3750B0]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xBD2B04D5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xBD2B0499]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xBD2B057E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xBD2B0592]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xBD2B05F8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xBD2B05E4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xBD2B0513]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xBD2B0620]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xBD2B0554]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xBD2B0471]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xBD2B0485]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xBD2B04E9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xBD2B065D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xBD2B05D0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xBD2B05BC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xBD2B0649]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xBD2B0635]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xBD2B04C1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xBD2B04AD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xBD2B0540]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xBD2B060C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xBD2B0527]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xBD2B04FD]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 80432F24 7 Bytes JMP BD2B0501 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 804A7172 5 Bytes JMP BD2B04D9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 804D00AC 5 Bytes JMP BD2B0517 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 804D0D08 5 Bytes JMP BD2B052B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 804D2AE6 5 Bytes JMP BD2B04ED \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 804DEB24 5 Bytes JMP BD2B0475 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenThread 804DEDE4 5 Bytes JMP BD2B0489 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 804DF958 5 Bytes JMP BD2B04B1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 804E2264 5 Bytes JMP BD2B049D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 804E32CC 6 Bytes JMP BD2B0544 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 804E7DDA 5 Bytes JMP BD2B04C5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 80512214 5 Bytes JMP BD2B0582 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80512430 5 Bytes JMP BD2B0596 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 8051263E 5 Bytes JMP BD2B05FC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80512894 5 Bytes JMP BD2B05E8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 80512D3E 6 Bytes JMP BD2B0624 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 805133F2 5 Bytes JMP BD2B0558 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80513672 5 Bytes JMP BD2B0661 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 80513908 5 Bytes JMP BD2B05C0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 80513BFC 5 Bytes JMP BD2B0639 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 80514268 5 Bytes JMP BD2B0610 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8051470A 5 Bytes JMP BD2B064D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 805148DA 5 Bytes JMP BD2B05D4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\WINNT\system32\services.exe[224] ADVAPI32.dll!RegCreateKeyA 7C2E96C8 5 Bytes JMP 01CD0F96
.text C:\WINNT\system32\services.exe[224] ADVAPI32.dll!RegCreateKeyW 7C2E9954 5 Bytes JMP 01CD0F85
.text C:\WINNT\system32\services.exe[224] ADVAPI32.dll!RegCreateKeyExA 7C2ED804 5 Bytes JMP 01CD0035
.text C:\WINNT\system32\services.exe[224] ADVAPI32.dll!RegOpenKeyA 7C2EDC59 4 Bytes JMP 01CD0FEF
.text C:\WINNT\system32\services.exe[224] ADVAPI32.dll!RegOpenKeyExA 7C2EF4C0 5 Bytes JMP 01CD0FC2
.text C:\WINNT\system32\services.exe[224] ADVAPI32.dll!RegCreateKeyExW 7C2EF8EA 5 Bytes JMP 01CD0046
.text C:\WINNT\system32\services.exe[224] ADVAPI32.dll!RegOpenKeyExW 7C2F49B1 5 Bytes JMP 01CD0FA7
.text C:\WINNT\system32\services.exe[224] ADVAPI32.dll!RegOpenKeyW 7C2F4C09 4 Bytes JMP 01CD0FD3
.text C:\WINNT\system32\services.exe[224] KERNEL32.dll!CreateFileA 7C58C243 5 Bytes JMP 01CE0000
.text C:\WINNT\system32\services.exe[224] KERNEL32.dll!CreateFileW 7C58C275 5 Bytes JMP 01CE0011
.text C:\WINNT\system32\services.exe[224] KERNEL32.dll!VirtualProtect 7C58E9EE 5 Bytes JMP 01CE0080
.text C:\WINNT\system32\services.exe[224] KERNEL32.dll!VirtualProtectEx 7C58EA08 5 Bytes JMP 01CE009C
.text C:\WINNT\system32\services.exe[224] KERNEL32.dll!LoadLibraryA 7C59026D 5 Bytes JMP 01CE0FC8
.text C:\WINNT\system32\services.exe[224] KERNEL32.dll!LoadLibraryW 7C59031E 5 Bytes JMP 01CE0054
.text C:\WINNT\system32\services.exe[224] KERNEL32.dll!LoadLibraryExA 7C59032E 5 Bytes JMP 01CE0FAA
.text C:\WINNT\system32\services.exe[224] KERNEL32.dll!LoadLibraryExW 7C590595 5 Bytes JMP 01CE0065
.text C:\WINNT\system32\services.exe[224] KERNEL32.dll!GetProcAddress 7C590CF7 5 Bytes JMP 01CE0125
.text C:\WINNT\system32\services.exe[224] KERNEL32.dll!CreateNamedPipeA 7C591C5F 5 Bytes JMP 01CE002C
.text C:\WINNT\system32\services.exe[224] KERNEL32.dll!CreateNamedPipeW 7C591CCF 5 Bytes JMP 01CE0FD9
.text C:\WINNT\system32\services.exe[224] KERNEL32.dll!CreatePipe 7C5946A1 5 Bytes JMP 01CE00BB
.text C:\WINNT\system32\services.exe[224] KERNEL32.dll!CreateProcessA 7C595040 5 Bytes JMP 01CE0114
.text C:\WINNT\system32\services.exe[224] KERNEL32.dll!CreateProcessW 7C596981 5 Bytes JMP 01CE0F5C
.text C:\WINNT\system32\services.exe[224] KERNEL32.dll!GetStartupInfoW 7C596B15 5 Bytes JMP 01CE00E7
.text C:\WINNT\system32\services.exe[224] KERNEL32.dll!GetStartupInfoA 7C596BAA 5 Bytes JMP 01CE00D6
.text C:\WINNT\system32\services.exe[224] KERNEL32.dll!WinExec 7C59752A 5 Bytes JMP 01CE00F8
.text C:\WINNT\system32\services.exe[224] MSVCRT.dll!_wsystem 78018E1D 5 Bytes JMP 01CC003A
.text C:\WINNT\system32\services.exe[224] MSVCRT.dll!system 78018EBF 5 Bytes JMP 01CC0029
.text C:\WINNT\system32\services.exe[224] MSVCRT.dll!_creat 7801A00D 5 Bytes JMP 01CC0FC6
.text C:\WINNT\system32\services.exe[224] MSVCRT.dll!_open 7801B65E 5 Bytes JMP 01CC000A
.text C:\WINNT\system32\services.exe[224] MSVCRT.dll!_wcreat 7801C0F3 5 Bytes JMP 01CC0FB5
.text C:\WINNT\system32\services.exe[224] MSVCRT.dll!_wopen 7801C1B1 5 Bytes JMP 01CC0FEF
.text C:\WINNT\system32\services.exe[224] WS2_32.DLL!socket 7503353D 5 Bytes JMP 01CB0FEF
.text C:\WINNT\system32\lsass.exe[236] KERNEL32.dll!CreateFileA 7C58C243 5 Bytes JMP 012E0000
.text C:\WINNT\system32\lsass.exe[236] KERNEL32.dll!CreateFileW 7C58C275 5 Bytes JMP 012E0FEF
.text C:\WINNT\system32\lsass.exe[236] KERNEL32.dll!VirtualProtect 7C58E9EE 5 Bytes JMP 012E004F
.text C:\WINNT\system32\lsass.exe[236] KERNEL32.dll!VirtualProtectEx 7C58EA08 5 Bytes JMP 012E0060
.text C:\WINNT\system32\lsass.exe[236] KERNEL32.dll!LoadLibraryA 7C59026D 5 Bytes JMP 012E0FA7
.text C:\WINNT\system32\lsass.exe[236] KERNEL32.dll!LoadLibraryW 7C59031E 5 Bytes JMP 012E0F8A
.text C:\WINNT\system32\lsass.exe[236] KERNEL32.dll!LoadLibraryExA 7C59032E 5 Bytes JMP 012E0F6B
.text C:\WINNT\system32\lsass.exe[236] KERNEL32.dll!LoadLibraryExW 7C590595 5 Bytes JMP 012E0034
.text C:\WINNT\system32\lsass.exe[236] KERNEL32.dll!GetProcAddress 7C590CF7 5 Bytes JMP 012E0EF1
.text C:\WINNT\system32\lsass.exe[236] KERNEL32.dll!CreateNamedPipeA 7C591C5F 5 Bytes JMP 012E0FDE
.text C:\WINNT\system32\lsass.exe[236] KERNEL32.dll!CreateNamedPipeW 7C591CCF 5 Bytes JMP 012E0FC3
.text C:\WINNT\system32\lsass.exe[236] KERNEL32.dll!CreatePipe 7C5946A1 5 Bytes JMP 012E0071
.text C:\WINNT\system32\lsass.exe[236] KERNEL32.dll!CreateProcessA 7C595040 5 Bytes JMP 012E0F0D
.text C:\WINNT\system32\lsass.exe[236] KERNEL32.dll!CreateProcessW 7C596981 5 Bytes JMP 012E00BA
.text C:\WINNT\system32\lsass.exe[236] KERNEL32.dll!GetStartupInfoW 7C596B15 5 Bytes JMP 012E0F1E
.text C:\WINNT\system32\lsass.exe[236] KERNEL32.dll!GetStartupInfoA 7C596BAA 5 Bytes JMP 012E0082
.text C:\WINNT\system32\lsass.exe[236] KERNEL32.dll!WinExec 7C59752A 5 Bytes JMP 012E0093
.text C:\WINNT\system32\lsass.exe[236] MSVCRT.dll!_wsystem 78018E1D 5 Bytes JMP 012C006E
.text C:\WINNT\system32\lsass.exe[236] MSVCRT.dll!system 78018EBF 5 Bytes JMP 012C005D
.text C:\WINNT\system32\lsass.exe[236] MSVCRT.dll!_creat 7801A00D 5 Bytes JMP 012C0022
.text C:\WINNT\system32\lsass.exe[236] MSVCRT.dll!_open 7801B65E 5 Bytes JMP 012C0000
.text C:\WINNT\system32\lsass.exe[236] MSVCRT.dll!_wcreat 7801C0F3 5 Bytes JMP 012C0033
.text C:\WINNT\system32\lsass.exe[236] MSVCRT.dll!_wopen 7801C1B1 5 Bytes JMP 012C0011
.text C:\WINNT\system32\lsass.exe[236] ADVAPI32.DLL!RegCreateKeyA 7C2E96C8 5 Bytes JMP 012D0042
.text C:\WINNT\system32\lsass.exe[236] ADVAPI32.DLL!RegCreateKeyW 7C2E9954 5 Bytes JMP 012D0053
.text C:\WINNT\system32\lsass.exe[236] ADVAPI32.DLL!RegCreateKeyExA 7C2ED804 5 Bytes JMP 012D0FB9
.text C:\WINNT\system32\lsass.exe[236] ADVAPI32.DLL!RegOpenKeyA 7C2EDC59 5 Bytes JMP 012D0FEF
.text C:\WINNT\system32\lsass.exe[236] ADVAPI32.DLL!RegOpenKeyExA 7C2EF4C0 5 Bytes JMP 012D0FD4
.text C:\WINNT\system32\lsass.exe[236] ADVAPI32.DLL!RegCreateKeyExW 7C2EF8EA 5 Bytes JMP 012D0F9E
.text C:\WINNT\system32\lsass.exe[236] ADVAPI32.DLL!RegOpenKeyExW 7C2F49B1 5 Bytes JMP 012D0027
.text C:\WINNT\system32\lsass.exe[236] ADVAPI32.DLL!RegOpenKeyW 7C2F4C09 5 Bytes JMP 012D0016
.text C:\WINNT\system32\lsass.exe[236] WS2_32.DLL!socket 7503353D 5 Bytes JMP 012B0FE5
.text C:\WINNT\system32\svchost.exe[408] ADVAPI32.DLL!RegCreateKeyA 7C2E96C8 5 Bytes JMP 00C50030
.text C:\WINNT\system32\svchost.exe[408] ADVAPI32.DLL!RegCreateKeyW 7C2E9954 5 Bytes JMP 00C5004D
.text C:\WINNT\system32\svchost.exe[408] ADVAPI32.DLL!RegCreateKeyExA 7C2ED804 5 Bytes JMP 00C5005E
.text C:\WINNT\system32\svchost.exe[408] ADVAPI32.DLL!RegOpenKeyA 7C2EDC59 5 Bytes JMP 00C50000
.text C:\WINNT\system32\svchost.exe[408] ADVAPI32.DLL!RegOpenKeyExA 7C2EF4C0 5 Bytes JMP 00C50FD3
.text C:\WINNT\system32\svchost.exe[408] ADVAPI32.DLL!RegCreateKeyExW 7C2EF8EA 5 Bytes JMP 00C50079
.text C:\WINNT\system32\svchost.exe[408] ADVAPI32.DLL!RegOpenKeyExW 7C2F49B1 5 Bytes JMP 00C50FB8
.text C:\WINNT\system32\svchost.exe[408] ADVAPI32.DLL!RegOpenKeyW 7C2F4C09 5 Bytes JMP 00C50FE4
.text C:\WINNT\system32\svchost.exe[408] KERNEL32.dll!CreateFileA 7C58C243 5 Bytes JMP 00C60000
.text C:\WINNT\system32\svchost.exe[408] KERNEL32.dll!CreateFileW 7C58C275 5 Bytes JMP 00C60FEF
.text C:\WINNT\system32\svchost.exe[408] KERNEL32.dll!VirtualProtect 7C58E9EE 5 Bytes JMP 00C60071
.text C:\WINNT\system32\svchost.exe[408] KERNEL32.dll!VirtualProtectEx 7C58EA08 5 Bytes JMP 00C60F66
.text C:\WINNT\system32\svchost.exe[408] KERNEL32.dll!LoadLibraryA 7C59026D 5 Bytes JMP 00C60038
.text C:\WINNT\system32\svchost.exe[408] KERNEL32.dll!LoadLibraryW 7C59031E 5 Bytes JMP 00C60FAC
.text C:\WINNT\system32\svchost.exe[408] KERNEL32.dll!LoadLibraryExA 7C59032E 5 Bytes JMP 00C60056
.text C:\WINNT\system32\svchost.exe[408] KERNEL32.dll!LoadLibraryExW 7C590595 5 Bytes JMP 00C60F8D
.text C:\WINNT\system32\svchost.exe[408] KERNEL32.dll!GetProcAddress 7C590CF7 5 Bytes JMP 00C60102
.text C:\WINNT\system32\svchost.exe[408] KERNEL32.dll!CreateNamedPipeA 7C591C5F 5 Bytes JMP 00C60FDE
.text C:\WINNT\system32\svchost.exe[408] KERNEL32.dll!CreateNamedPipeW 7C591CCF 5 Bytes JMP 00C60027
.text C:\WINNT\system32\svchost.exe[408] KERNEL32.dll!CreatePipe 7C5946A1 5 Bytes JMP 00C60082
.text C:\WINNT\system32\svchost.exe[408] KERNEL32.dll!CreateProcessA 7C595040 5 Bytes JMP 00C600E6
.text C:\WINNT\system32\svchost.exe[408] KERNEL32.dll!CreateProcessW 7C596981 5 Bytes JMP 00C60F39
.text C:\WINNT\system32\svchost.exe[408] KERNEL32.dll!GetStartupInfoW 7C596B15 5 Bytes JMP 00C60F55
.text C:\WINNT\system32\svchost.exe[408] KERNEL32.dll!GetStartupInfoA 7C596BAA 5 Bytes JMP 00C600A1
.text C:\WINNT\system32\svchost.exe[408] KERNEL32.dll!WinExec 7C59752A 5 Bytes JMP 00C600D5
.text C:\WINNT\system32\svchost.exe[408] MSVCRT.dll!_wsystem 78018E1D 5 Bytes JMP 00C40048
.text C:\WINNT\system32\svchost.exe[408] MSVCRT.dll!system 78018EBF 5 Bytes JMP 00C40037
.text C:\WINNT\system32\svchost.exe[408] MSVCRT.dll!_creat 7801A00D 5 Bytes JMP 00C40FC3
.text C:\WINNT\system32\svchost.exe[408] MSVCRT.dll!_open 7801B65E 5 Bytes JMP 00C40FEF
.text C:\WINNT\system32\svchost.exe[408] MSVCRT.dll!_wcreat 7801C0F3 5 Bytes JMP 00C40026
.text C:\WINNT\system32\svchost.exe[408] MSVCRT.dll!_wopen 7801C1B1 5 Bytes JMP 00C40FD4
.text C:\WINNT\system32\svchost.exe[408] WS2_32.dll!socket 7503353D 5 Bytes JMP 00C30FE5
.text C:\WINNT\System32\svchost.exe[528] ADVAPI32.DLL!RegCreateKeyA 7C2E96C8 5 Bytes JMP 00E70052
.text C:\WINNT\System32\svchost.exe[528] ADVAPI32.DLL!RegCreateKeyW 7C2E9954 5 Bytes JMP 00E70FBD
.text C:\WINNT\System32\svchost.exe[528] ADVAPI32.DLL!RegCreateKeyExA 7C2ED804 5 Bytes JMP 00E70063
.text C:\WINNT\System32\svchost.exe[528] ADVAPI32.DLL!RegOpenKeyA 7C2EDC59 5 Bytes JMP 00E70000
.text C:\WINNT\System32\svchost.exe[528] ADVAPI32.DLL!RegOpenKeyExA 7C2EF4C0 5 Bytes JMP 00E70FE4
.text C:\WINNT\System32\svchost.exe[528] ADVAPI32.DLL!RegCreateKeyExW 7C2EF8EA 5 Bytes JMP 00E70074
.text C:\WINNT\System32\svchost.exe[528] ADVAPI32.DLL!RegOpenKeyExW 7C2F49B1 5 Bytes JMP 00E70041
.text C:\WINNT\System32\svchost.exe[528] ADVAPI32.DLL!RegOpenKeyW 7C2F4C09 5 Bytes JMP 00E7001C
.text C:\WINNT\System32\svchost.exe[528] KERNEL32.dll!CreateFileA 7C58C243 5 Bytes JMP 00E80000
.text C:\WINNT\System32\svchost.exe[528] KERNEL32.dll!CreateFileW 7C58C275 5 Bytes JMP 00E80011
.text C:\WINNT\System32\svchost.exe[528] KERNEL32.dll!VirtualProtect 7C58E9EE 5 Bytes JMP 00E80F7A
.text C:\WINNT\System32\svchost.exe[528] KERNEL32.dll!VirtualProtectEx 7C58EA08 5 Bytes JMP 00E80085
.text C:\WINNT\System32\svchost.exe[528] KERNEL32.dll!LoadLibraryA 7C59026D 5 Bytes JMP 00E80FD3
.text C:\WINNT\System32\svchost.exe[528] KERNEL32.dll!LoadLibraryW 7C59031E 5 Bytes JMP 00E80FC2
.text C:\WINNT\System32\svchost.exe[528] KERNEL32.dll!LoadLibraryExA 7C59032E 5 Bytes JMP 00E80FB1
.text C:\WINNT\System32\svchost.exe[528] KERNEL32.dll!LoadLibraryExW 7C590595 5 Bytes JMP 00E80FA0
.text C:\WINNT\System32\svchost.exe[528] KERNEL32.dll!GetProcAddress 7C590CF7 5 Bytes JMP 00E80EED
.text C:\WINNT\System32\svchost.exe[528] KERNEL32.dll!CreateNamedPipeA 7C591C5F 5 Bytes JMP 00E80037
.text C:\WINNT\System32\svchost.exe[528] KERNEL32.dll!CreateNamedPipeW 7C591CCF 5 Bytes JMP 00E80FE4
.text C:\WINNT\System32\svchost.exe[528] KERNEL32.dll!CreatePipe 7C5946A1 5 Bytes JMP 00E80F69
.text C:\WINNT\System32\svchost.exe[528] KERNEL32.dll!CreateProcessA 7C595040 5 Bytes JMP 00E800B5
.text C:\WINNT\System32\svchost.exe[528] KERNEL32.dll!CreateProcessW 7C596981 5 Bytes JMP 00E80F13
.text C:\WINNT\System32\svchost.exe[528] KERNEL32.dll!GetStartupInfoW 7C596B15 5 Bytes JMP 00E80F2F
.text C:\WINNT\System32\svchost.exe[528] KERNEL32.dll!GetStartupInfoA 7C596BAA 5 Bytes JMP 00E80F4E
.text C:\WINNT\System32\svchost.exe[528] KERNEL32.dll!WinExec 7C59752A 5 Bytes JMP 00E800A4
.text C:\WINNT\System32\svchost.exe[528] MSVCRT.dll!_wsystem 78018E1D 5 Bytes JMP 00E60FA4
.text C:\WINNT\System32\svchost.exe[528] MSVCRT.dll!system 78018EBF 5 Bytes JMP 00E60FB5
.text C:\WINNT\System32\svchost.exe[528] MSVCRT.dll!_creat 7801A00D 5 Bytes JMP 00E60FD4
.text C:\WINNT\System32\svchost.exe[528] MSVCRT.dll!_open 7801B65E 5 Bytes JMP 00E60FE5
.text C:\WINNT\System32\svchost.exe[528] MSVCRT.dll!_wcreat 7801C0F3 5 Bytes JMP 00E60029
.text C:\WINNT\System32\svchost.exe[528] MSVCRT.dll!_wopen 7801C1B1 5 Bytes JMP 00E60000
.text C:\WINNT\System32\svchost.exe[528] WS2_32.dll!socket 7503353D 5 Bytes JMP 00E50000
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[856] KERNEL32.DLL!LoadLibraryA 7C59026D 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[856] KERNEL32.DLL!LoadLibraryW 7C59031E 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINNT\system32\MSTask.exe[1100] MSVCRT.dll!_wsystem 78018E1D 5 Bytes JMP 00CE0F8C
.text C:\WINNT\system32\MSTask.exe[1100] MSVCRT.dll!system 78018EBF 5 Bytes JMP 00CE0F9D
.text C:\WINNT\system32\MSTask.exe[1100] MSVCRT.dll!_creat 7801A00D 5 Bytes JMP 00CE0011
.text C:\WINNT\system32\MSTask.exe[1100] MSVCRT.dll!_open 7801B65E 5 Bytes JMP 00CE0FEF
.text C:\WINNT\system32\MSTask.exe[1100] MSVCRT.dll!_wcreat 7801C0F3 5 Bytes JMP 00CE0FBC
.text C:\WINNT\system32\MSTask.exe[1100] MSVCRT.dll!_wopen 7801C1B1 5 Bytes JMP 00CE0000
.text C:\WINNT\system32\MSTask.exe[1100] KERNEL32.dll!CreateFileA 7C58C243 5 Bytes JMP 00D00FEF
.text C:\WINNT\system32\MSTask.exe[1100] KERNEL32.dll!CreateFileW 7C58C275 5 Bytes JMP 00D00FD3
.text C:\WINNT\system32\MSTask.exe[1100] KERNEL32.dll!VirtualProtect 7C58E9EE 5 Bytes JMP 00D00F65
.text C:\WINNT\system32\MSTask.exe[1100] KERNEL32.dll!VirtualProtectEx 7C58EA08 5 Bytes JMP 00D00065
.text C:\WINNT\system32\MSTask.exe[1100] KERNEL32.dll!LoadLibraryA 7C59026D 5 Bytes JMP 00D00043
.text C:\WINNT\system32\MSTask.exe[1100] KERNEL32.dll!LoadLibraryW 7C59031E 5 Bytes JMP 00D00054
.text C:\WINNT\system32\MSTask.exe[1100] KERNEL32.dll!LoadLibraryExA 7C59032E 5 Bytes JMP 00D00FAA
.text C:\WINNT\system32\MSTask.exe[1100] KERNEL32.dll!LoadLibraryExW 7C590595 5 Bytes JMP 00D00F81
.text C:\WINNT\system32\MSTask.exe[1100] KERNEL32.dll!GetProcAddress 7C590CF7 5 Bytes JMP 00D000BF
.text C:\WINNT\system32\MSTask.exe[1100] KERNEL32.dll!CreateNamedPipeA 7C591C5F 5 Bytes JMP 00D00015
.text C:\WINNT\system32\MSTask.exe[1100] KERNEL32.dll!CreateNamedPipeW 7C591CCF 5 Bytes JMP 00D00026
.text C:\WINNT\system32\MSTask.exe[1100] KERNEL32.dll!CreatePipe 7C5946A1 5 Bytes JMP 00D00F3B
.text C:\WINNT\system32\MSTask.exe[1100] KERNEL32.dll!CreateProcessA 7C595040 5 Bytes JMP 00D00EF6
.text C:\WINNT\system32\MSTask.exe[1100] KERNEL32.dll!CreateProcessW 7C596981 5 Bytes JMP 00D000A3
.text C:\WINNT\system32\MSTask.exe[1100] KERNEL32.dll!GetStartupInfoW 7C596B15 5 Bytes JMP 00D00076
.text C:\WINNT\system32\MSTask.exe[1100] KERNEL32.dll!GetStartupInfoA 7C596BAA 5 Bytes JMP 00D00F20
.text C:\WINNT\system32\MSTask.exe[1100] KERNEL32.dll!WinExec 7C59752A 5 Bytes JMP 00D00087
.text C:\WINNT\system32\MSTask.exe[1100] ADVAPI32.dll!RegCreateKeyA 7C2E96C8 5 Bytes JMP 00CF0FBE
.text C:\WINNT\system32\MSTask.exe[1100] ADVAPI32.dll!RegCreateKeyW 7C2E9954 5 Bytes JMP 00CF003D
.text C:\WINNT\system32\MSTask.exe[1100] ADVAPI32.dll!RegCreateKeyExA 7C2ED804 5 Bytes JMP 00CF0FA3
.text C:\WINNT\system32\MSTask.exe[1100] ADVAPI32.dll!RegOpenKeyA 7C2EDC59 5 Bytes JMP 00CF0FE4
.text C:\WINNT\system32\MSTask.exe[1100] ADVAPI32.dll!RegOpenKeyExA 7C2EF4C0 5 Bytes JMP 00CF0011
.text C:\WINNT\system32\MSTask.exe[1100] ADVAPI32.dll!RegCreateKeyExW 7C2EF8EA 5 Bytes JMP 00CF0064
.text C:\WINNT\system32\MSTask.exe[1100] ADVAPI32.dll!RegOpenKeyExW 7C2F49B1 5 Bytes JMP 00CF002C
.text C:\WINNT\system32\MSTask.exe[1100] ADVAPI32.dll!RegOpenKeyW 7C2F4C09 5 Bytes JMP 00CF0000
.text C:\WINNT\system32\MSTask.exe[1100] WS2_32.DLL!socket 7503353D 5 Bytes JMP 00CD000A
.text C:\WINNT\system32\wuauclt.exe[1316] KERNEL32.dll!CreateFileA 7C58C243 5 Bytes JMP 00170000
.text C:\WINNT\system32\wuauclt.exe[1316] KERNEL32.dll!CreateFileW 7C58C275 5 Bytes JMP 00170FD9
.text C:\WINNT\system32\wuauclt.exe[1316] KERNEL32.dll!VirtualProtect 7C58E9EE 5 Bytes JMP 00170F64
.text C:\WINNT\system32\wuauclt.exe[1316] KERNEL32.dll!VirtualProtectEx 7C58EA08 5 Bytes JMP 00170F48
.text C:\WINNT\system32\wuauclt.exe[1316] KERNEL32.dll!LoadLibraryA 7C59026D 5 Bytes JMP 00170F9C
.text C:\WINNT\system32\wuauclt.exe[1316] KERNEL32.dll!LoadLibraryW 7C59031E 5 Bytes JMP 00170029
.text C:\WINNT\system32\wuauclt.exe[1316] KERNEL32.dll!LoadLibraryExA 7C59032E 5 Bytes JMP 00170F7F
.text C:\WINNT\system32\wuauclt.exe[1316] KERNEL32.dll!LoadLibraryExW 7C590595 5 Bytes JMP 00170048
.text C:\WINNT\system32\wuauclt.exe[1316] KERNEL32.dll!GetProcAddress 7C590CF7 5 Bytes JMP 00170091
.text C:\WINNT\system32\wuauclt.exe[1316] KERNEL32.dll!CreateNamedPipeA 7C591C5F 5 Bytes JMP 00170FBE
.text C:\WINNT\system32\wuauclt.exe[1316] KERNEL32.dll!CreateNamedPipeW 7C591CCF 5 Bytes JMP 00170FAD
.text C:\WINNT\system32\wuauclt.exe[1316] KERNEL32.dll!CreatePipe 7C5946A1 5 Bytes JMP 00170F1E
.text C:\WINNT\system32\wuauclt.exe[1316] KERNEL32.dll!CreateProcessA 7C595040 5 Bytes JMP 00170064
.text C:\WINNT\system32\wuauclt.exe[1316] KERNEL32.dll!CreateProcessW 7C596981 5 Bytes JMP 00170080
.text C:\WINNT\system32\wuauclt.exe[1316] KERNEL32.dll!GetStartupInfoW 7C596B15 5 Bytes JMP 00170EE4
.text C:\WINNT\system32\wuauclt.exe[1316] KERNEL32.dll!GetStartupInfoA 7C596BAA 5 Bytes JMP 00170F0D
.text C:\WINNT\system32\wuauclt.exe[1316] KERNEL32.dll!WinExec 7C59752A 5 Bytes JMP 00170ED3
.text C:\WINNT\system32\wuauclt.exe[1316] msvcrt.dll!_wsystem 78018E1D 5 Bytes JMP 00180043
.text C:\WINNT\system32\wuauclt.exe[1316] msvcrt.dll!system 78018EBF 5 Bytes JMP 00180FA8
.text C:\WINNT\system32\wuauclt.exe[1316] msvcrt.dll!_creat 7801A00D 5 Bytes JMP 00180FCA
.text C:\WINNT\system32\wuauclt.exe[1316] msvcrt.dll!_open 7801B65E 5 Bytes JMP 00180000
.text C:\WINNT\system32\wuauclt.exe[1316] msvcrt.dll!_wcreat 7801C0F3 5 Bytes JMP 00180FB9
.text C:\WINNT\system32\wuauclt.exe[1316] msvcrt.dll!_wopen 7801C1B1 5 Bytes JMP 00180FE5
.text C:\WINNT\system32\wuauclt.exe[1316] ADVAPI32.dll!RegCreateKeyA 7C2E96C8 5 Bytes JMP 00190FAA
.text C:\WINNT\system32\wuauclt.exe[1316] ADVAPI32.dll!RegCreateKeyW 7C2E9954 5 Bytes JMP 00190F99
.text C:\WINNT\system32\wuauclt.exe[1316] ADVAPI32.dll!RegCreateKeyExA 7C2ED804 5 Bytes JMP 00190033
.text C:\WINNT\system32\wuauclt.exe[1316] ADVAPI32.dll!RegOpenKeyA 7C2EDC59 5 Bytes JMP 00190FE4
.text C:\WINNT\system32\wuauclt.exe[1316] ADVAPI32.dll!RegOpenKeyExA 7C2EF4C0 5 Bytes JMP 00190011
.text C:\WINNT\system32\wuauclt.exe[1316] ADVAPI32.dll!RegCreateKeyExW 7C2EF8EA 5 Bytes JMP 00190F68
.text C:\WINNT\system32\wuauclt.exe[1316] ADVAPI32.dll!RegOpenKeyExW 7C2F49B1 5 Bytes JMP 00190022
.text C:\WINNT\system32\wuauclt.exe[1316] ADVAPI32.dll!RegOpenKeyW 7C2F4C09 5 Bytes JMP 00190000
.text C:\WINNT\system32\svchost.exe[1392] ADVAPI32.DLL!RegCreateKeyA 7C2E96C8 5 Bytes JMP 03580042
.text C:\WINNT\system32\svchost.exe[1392] ADVAPI32.DLL!RegCreateKeyW 7C2E9954 5 Bytes JMP 03580FB9
.text C:\WINNT\system32\svchost.exe[1392] ADVAPI32.DLL!RegCreateKeyExA 7C2ED804 5 Bytes JMP 0358005F
.text C:\WINNT\system32\svchost.exe[1392] ADVAPI32.DLL!RegOpenKeyA 7C2EDC59 5 Bytes JMP 03580FEF
.text C:\WINNT\system32\svchost.exe[1392] ADVAPI32.DLL!RegOpenKeyExA 7C2EF4C0 5 Bytes JMP 03580FDE
.text C:\WINNT\system32\svchost.exe[1392] ADVAPI32.DLL!RegCreateKeyExW 7C2EF8EA 5 Bytes JMP 03580070
.text C:\WINNT\system32\svchost.exe[1392] ADVAPI32.DLL!RegOpenKeyExW 7C2F49B1 5 Bytes JMP 03580027
.text C:\WINNT\system32\svchost.exe[1392] ADVAPI32.DLL!RegOpenKeyW 7C2F4C09 5 Bytes JMP 0358000B
.text C:\WINNT\system32\svchost.exe[1392] KERNEL32.dll!CreateFileA 7C58C243 5 Bytes JMP 0359000B
.text C:\WINNT\system32\svchost.exe[1392] KERNEL32.dll!CreateFileW 7C58C275 5 Bytes JMP 0359001C
.text C:\WINNT\system32\svchost.exe[1392] KERNEL32.dll!VirtualProtect 7C58E9EE 5 Bytes JMP 03590FAA
.text C:\WINNT\system32\svchost.exe[1392] KERNEL32.dll!VirtualProtectEx 7C58EA08 5 Bytes JMP 0359009F
.text C:\WINNT\system32\svchost.exe[1392] KERNEL32.dll!LoadLibraryA 7C59026D 5 Bytes JMP 03590049
.text C:\WINNT\system32\svchost.exe[1392] KERNEL32.dll!LoadLibraryW 7C59031E 3 Bytes JMP 03590FC9
.text C:\WINNT\system32\svchost.exe[1392] KERNEL32.dll!LoadLibraryW + 4 7C590322 1 Byte [87]
.text C:\WINNT\system32\svchost.exe[1392] KERNEL32.dll!LoadLibraryExA 7C59032E 5 Bytes JMP 03590073
.text C:\WINNT\system32\svchost.exe[1392] KERNEL32.dll!LoadLibraryExW 7C590595 5 Bytes JMP 0359008E
.text C:\WINNT\system32\svchost.exe[1392] KERNEL32.dll!GetProcAddress 7C590CF7 5 Bytes JMP 03590134
.text C:\WINNT\system32\svchost.exe[1392] KERNEL32.dll!CreateNamedPipeA 7C591C5F 5 Bytes JMP 03590FDA
.text C:\WINNT\system32\svchost.exe[1392] KERNEL32.dll!CreateNamedPipeW 7C591CCF 5 Bytes JMP 0359002D
.text C:\WINNT\system32\svchost.exe[1392] KERNEL32.dll!CreatePipe 7C5946A1 5 Bytes JMP 035900C9
.text C:\WINNT\system32\svchost.exe[1392] KERNEL32.dll!CreateProcessA 7C595040 3 Bytes JMP 03590F61
.text C:\WINNT\system32\svchost.exe[1392] KERNEL32.dll!CreateProcessA + 4 7C595044 1 Byte [86]
.text C:\WINNT\system32\svchost.exe[1392] KERNEL32.dll!CreateProcessW 7C596981 3 Bytes JMP 03590119
.text C:\WINNT\system32\svchost.exe[1392] KERNEL32.dll!CreateProcessW + 4 7C596985 1 Byte [86]
.text C:\WINNT\system32\svchost.exe[1392] KERNEL32.dll!GetStartupInfoW 7C596B15 5 Bytes JMP 03590F8E
.text C:\WINNT\system32\svchost.exe[1392] KERNEL32.dll!GetStartupInfoA 7C596BAA 5 Bytes JMP 035900DA
.text C:\WINNT\system32\svchost.exe[1392] KERNEL32.dll!WinExec 7C59752A 5 Bytes JMP 03590F72
.text C:\WINNT\system32\svchost.exe[1392] msvcrt.dll!_wsystem 78018E1D 5 Bytes JMP 03570FAB
.text C:\WINNT\system32\svchost.exe[1392] msvcrt.dll!system 78018EBF 5 Bytes JMP 0357003B
.text C:\WINNT\system32\svchost.exe[1392] msvcrt.dll!_creat 7801A00D 5 Bytes JMP 03570FCA
.text C:\WINNT\system32\svchost.exe[1392] msvcrt.dll!_open 7801B65E 5 Bytes JMP 03570000
.text C:\WINNT\system32\svchost.exe[1392] msvcrt.dll!_wcreat 7801C0F3 5 Bytes JMP 0357001F
.text C:\WINNT\system32\svchost.exe[1392] msvcrt.dll!_wopen 7801C1B1 5 Bytes JMP 03570FDB
.text C:\WINNT\system32\svchost.exe[1392] WS2_32.dll!socket 7503353D 5 Bytes JMP 0356000A
.text C:\WINNT\System32\svchost.exe[2128] ADVAPI32.DLL!RegCreateKeyA 7C2E96C8 5 Bytes JMP 00170F92
.text C:\WINNT\System32\svchost.exe[2128] ADVAPI32.DLL!RegCreateKeyW 7C2E9954 5 Bytes JMP 00170027
.text C:\WINNT\System32\svchost.exe[2128] ADVAPI32.DLL!RegCreateKeyExA 7C2ED804 5 Bytes JMP 00170F81
.text C:\WINNT\System32\svchost.exe[2128] ADVAPI32.DLL!RegOpenKeyA 7C2EDC59 5 Bytes JMP 00170FEF
.text C:\WINNT\System32\svchost.exe[2128] ADVAPI32.DLL!RegOpenKeyExA 7C2EF4C0 5 Bytes JMP 00170FC8
.text C:\WINNT\System32\svchost.exe[2128] ADVAPI32.DLL!RegCreateKeyExW 7C2EF8EA 5 Bytes JMP 00170F70
.text C:\WINNT\System32\svchost.exe[2128] ADVAPI32.DLL!RegOpenKeyExW 7C2F49B1 5 Bytes JMP 00170FB7
.text C:\WINNT\System32\svchost.exe[2128] ADVAPI32.DLL!RegOpenKeyW 7C2F4C09 5 Bytes JMP 00170000
.text C:\WINNT\System32\svchost.exe[2128] KERNEL32.dll!CreateFileA 7C58C243 5 Bytes JMP 00180FEF
.text C:\WINNT\System32\svchost.exe[2128] KERNEL32.dll!CreateFileW 7C58C275 5 Bytes JMP 00180FD3
.text C:\WINNT\System32\svchost.exe[2128] KERNEL32.dll!VirtualProtect 7C58E9EE 5 Bytes JMP 00180057
.text C:\WINNT\System32\svchost.exe[2128] KERNEL32.dll!VirtualProtectEx 7C58EA08 5 Bytes JMP 00180F57
.text C:\WINNT\System32\svchost.exe[2128] KERNEL32.dll!LoadLibraryA 7C59026D 5 Bytes JMP 0018000A
.text C:\WINNT\System32\svchost.exe[2128] KERNEL32.dll!LoadLibraryW 7C59031E 5 Bytes JMP 00180027
.text C:\WINNT\System32\svchost.exe[2128] KERNEL32.dll!LoadLibraryExA 7C59032E 5 Bytes JMP 00180038
.text C:\WINNT\System32\svchost.exe[2128] KERNEL32.dll!LoadLibraryExW 7C590595 5 Bytes JMP 00180F73
.text C:\WINNT\System32\svchost.exe[2128] KERNEL32.dll!GetProcAddress 7C590CF7 5 Bytes JMP 001800E2
.text C:\WINNT\System32\svchost.exe[2128] KERNEL32.dll!CreateNamedPipeA 7C591C5F 5 Bytes JMP 00180FB7
.text C:\WINNT\System32\svchost.exe[2128] KERNEL32.dll!CreateNamedPipeW 7C591CCF 5 Bytes JMP 00180FA6
.text C:\WINNT\System32\svchost.exe[2128] KERNEL32.dll!CreatePipe 7C5946A1 5 Bytes JMP 00180F46
.text C:\WINNT\System32\svchost.exe[2128] KERNEL32.dll!CreateProcessA 7C595040 5 Bytes JMP 00180F2B
.text C:\WINNT\System32\svchost.exe[2128] KERNEL32.dll!CreateProcessW 7C596981 5 Bytes JMP 00180F0F
.text C:\WINNT\System32\svchost.exe[2128] KERNEL32.dll!GetStartupInfoW 7C596B15 5 Bytes JMP 00180092
.text C:\WINNT\System32\svchost.exe[2128] KERNEL32.dll!GetStartupInfoA 7C596BAA 5 Bytes JMP 00180081
.text C:\WINNT\System32\svchost.exe[2128] KERNEL32.dll!WinExec 7C59752A 5 Bytes JMP 001800BC
.text C:\WINNT\System32\svchost.exe[2128] msvcrt.dll!_wsystem 78018E1D 5 Bytes JMP 0046004F
.text C:\WINNT\System32\svchost.exe[2128] msvcrt.dll!system 78018EBF 5 Bytes JMP 00460FBF
.text C:\WINNT\System32\svchost.exe[2128] msvcrt.dll!_creat 7801A00D 5 Bytes JMP 00460025
.text C:\WINNT\System32\svchost.exe[2128] msvcrt.dll!_open 7801B65E 5 Bytes JMP 0046000A
.text C:\WINNT\System32\svchost.exe[2128] msvcrt.dll!_wcreat 7801C0F3 5 Bytes JMP 00460FD0
.text C:\WINNT\System32\svchost.exe[2128] msvcrt.dll!_wopen 7801C1B1 5 Bytes JMP 00460FEF
.text C:\WINNT\System32\svchost.exe[2128] WS2_32.dll!socket 7503353D 5 Bytes JMP 0047000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!CreateProcessA] [23021346] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryExA] [732E78DE] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!CreateProcessA] [23021346] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [23021346] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\WININET.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [732E78DE] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\PSAPI.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\PSAPI.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\PSAPI.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1288] @ C:\WINNT\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- Services - GMER 1.0.15 ----

Service system32\drivers\gasfkydfnerndb.sys (*** hidden *** ) [DISABLED] gasfkyxeletlmv <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxeletlmv@start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxeletlmv@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxeletlmv@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxeletlmv@imagepath \systemroot\system32\drivers\gasfkydfnerndb.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxeletlmv\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxeletlmv\main@aid 20024
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxeletlmv\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxeletlmv\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxeletlmv\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxeletlmv\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxeletlmv\main\injector@* gasfkywsp8.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxeletlmv\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxeletlmv\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxeletlmv\modules@gasfkyrk.sys \systemroot\system32\drivers\gasfkydfnerndb.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxeletlmv\modules@gasfkycmd.dll \systemroot\system32\gasfkyimvsccrx.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxeletlmv\modules@gasfkylog.dat \systemroot\system32\gasfkysodqnjpi.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxeletlmv\modules@gasfkywsp.dll \systemroot\system32\gasfkykecpihvr.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxeletlmv\modules@gasfky.dat \systemroot\system32\gasfkyirpiraeh.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkyxeletlmv\modules@gasfkywsp8.dll \systemroot\system32\gasfkypbbhheko.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxeletlmv@start 4
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxeletlmv@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxeletlmv@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxeletlmv@imagepath \systemroot\system32\drivers\gasfkydfnerndb.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxeletlmv\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxeletlmv\main@aid 20024
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxeletlmv\main@sid 0
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxeletlmv\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxeletlmv\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxeletlmv\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxeletlmv\main\injector@* gasfkywsp8.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxeletlmv\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxeletlmv\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxeletlmv\modules@gasfkyrk.sys \systemroot\system32\drivers\gasfkydfnerndb.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxeletlmv\modules@gasfkycmd.dll \systemroot\system32\gasfkyimvsccrx.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxeletlmv\modules@gasfkylog.dat \systemroot\system32\gasfkysodqnjpi.dat
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxeletlmv\modules@gasfkywsp.dll \systemroot\system32\gasfkykecpihvr.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxeletlmv\modules@gasfky.dat \systemroot\system32\gasfkyirpiraeh.dat
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkyxeletlmv\modules@gasfkywsp8.dll \systemroot\system32\gasfkypbbhheko.dll

---- EOF - GMER 1.0.15 ----

#7 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:08:46 AM

Posted 19 October 2009 - 11:44 AM

Hello, lazyvista.
We need to download and run ComboFix (by sUBs)
  • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
    They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". For more details, please check this thread
  • Please download ComboFix from one of these locations:
    Link 1
    Link 2
    ** IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    The Recovery Console was successfully installed. Click 'Yes' to continue scanning for malware. Click 'No' to exit
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a new HijackThis log.
**A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
**This tool is not a toy and not for everyday use.
**ComboFix SHOULD NOT be used unless requested by a forum helper


In your next reply, please include the following:
  • ComboFix.txt
  • Fresh HijackThis Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#8 lazyvista

lazyvista
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 19 October 2009 - 06:36 PM

Here are the logs.

ComboFix 09-10-19.01 - Steve 10/19/2009 17:45.1.1 - NTFSx86
Running from: c:\documents and settings\Steve.DADS2800\Desktop\VirusScanStuff\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\winnt\system32\gasfkyirpiraeh.dat
c:\winnt\system32\gasfkykecpihvr.dll
c:\winnt\system32\gasfkysodqnjpi.dat
c:\winnt\Web\default.htt

c:\winnt\system32\comres.dll . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_gasfkyxeletlmv
-------\Service_gasfkyxeletlmv


((((((((((((((((((((((((( Files Created from 2009-09-19 to 2009-10-19 )))))))))))))))))))))))))))))))
.

2009-10-19 23:00 . 2009-10-19 23:00 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_500.dat
2009-10-19 22:58 . 2009-10-19 22:58 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_230.dat
2009-10-17 13:48 . 2009-10-17 14:01 -------- d-----w- c:\program files\trend micro
2009-10-17 13:48 . 2009-10-17 13:49 -------- d-----w- C:\rsit
2009-10-05 23:19 . 2009-10-05 23:19 -------- d-----w- c:\documents and settings\Steve.DADS2800\Application Data\Eltima Software
2009-10-05 23:18 . 2009-10-05 23:18 -------- d-----w- c:\program files\Eltima Software
2009-09-27 21:16 . 2009-09-27 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-27 21:16 . 2009-09-27 21:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-27 21:16 . 2009-09-27 21:16 -------- d-----w- c:\documents and settings\Steve.DADS2800\Application Data\SUPERAntiSpyware.com
2009-09-27 21:15 . 2009-09-27 21:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-27 20:57 . 2009-09-27 20:57 -------- d-----w- c:\documents and settings\Steve.DADS2800\Application Data\Malwarebytes
2009-09-27 20:57 . 2009-09-10 19:54 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-09-27 20:57 . 2009-09-27 20:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-27 20:57 . 2009-09-27 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-27 20:57 . 2009-09-10 19:53 18520 ----a-w- c:\winnt\system32\drivers\mbam.sys
2009-09-22 02:21 . 2002-12-11 22:34 208896 ----a-w- c:\winnt\system32\wmpns.dll
2009-09-22 00:56 . 2009-07-03 14:49 64160 ----a-w- c:\winnt\system32\drivers\Lbd.sys
2009-09-22 00:52 . 2009-09-22 00:52 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-09 03:22 . 2008-08-08 02:48 -------- d-----w- c:\program files\McAfee
2009-09-26 12:22 . 2008-07-01 13:48 -------- d-----w- c:\program files\Java
2009-09-22 02:41 . 2004-04-10 21:29 -------- d-----w- c:\program files\QUICKENW
2009-09-22 02:34 . 2004-04-10 02:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-22 02:34 . 2004-04-21 04:34 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-09-18 23:23 . 2008-07-01 13:51 37 ----a-w- c:\documents and settings\Steve.DADS2800\jagex_runescape_preferences.dat
2009-09-18 00:11 . 2009-09-02 20:44 45 ----a-w- c:\documents and settings\Steve.DADS2800\jagex_runescape_preferences2.dat
2009-08-07 00:24 . 2005-08-28 14:03 327896 ----a-w- c:\winnt\system32\wucltui.dll
2009-08-07 00:24 . 2005-08-28 14:03 209632 ----a-w- c:\winnt\system32\wuweb.dll
2009-08-07 00:24 . 2005-08-28 14:03 44768 ----a-w- c:\winnt\system32\wups2.dll
2009-08-07 00:24 . 2005-08-28 14:03 35552 ----a-w- c:\winnt\system32\wups.dll
2009-08-07 00:24 . 2004-04-10 03:16 53472 ----a-w- c:\winnt\system32\wuauclt.exe
2009-08-07 00:24 . 2004-04-10 03:10 96480 ----a-w- c:\winnt\system32\cdm.dll
2009-08-07 00:23 . 2005-08-28 14:03 575704 ----a-w- c:\winnt\system32\wuapi.dll
2009-08-07 00:23 . 2004-04-10 03:16 1929952 ----a-w- c:\winnt\system32\wuaueng.dll
2009-08-05 05:04 . 2009-08-05 05:04 90164 ----a-w- c:\winnt\system32\atl.dll
2009-07-27 11:27 . 2000-07-26 12:00 81168 ----a-w- c:\winnt\system32\fontsub.dll
2009-07-27 11:27 . 2000-07-26 12:00 165136 ----a-w- c:\winnt\system32\t2embed.dll
2009-07-25 10:23 . 2008-11-25 02:13 411368 ----a-w- c:\winnt\system32\deploytk.dll
2004-04-09 22:46 . 2004-04-09 22:46 21952 ---h--w- c:\program files\folder.htt
.

------- Sigcheck -------

[-] 2002-11-27 00:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [9.0.1.56] . . c:\winnt\system32\mspmsnsv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 90112]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"mswspl"="c:\program files\Windows Media Player\wmplayer.exe" [2002-12-11 73728]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-10-18 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-12 155648]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2007-06-29 8466432]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]
"SiteAdvisor"="c:\program files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 36640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvMediaCenter"="c:\winnt\system32\NvMcTray.dll" [2007-06-29 81920]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-02-19 591696]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Synchronization Manager"="mobsync.exe" - c:\winnt\system32\mobsync.exe [2003-06-19 111376]
"SoundMan"="SOUNDMAN.EXE" - c:\winnt\SOUNDMAN.EXE [2003-12-19 65024]
"AtiPTA"="atiptaxx.exe" - c:\winnt\system32\atiptaxx.exe [2001-09-27 245760]
"nwiz"="nwiz.exe" - c:\winnt\system32\nwiz.exe [2007-06-29 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-06-19 186640]

c:\documents and settings\Steve.DADS2800\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-2-9 368640]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R0 Lbd;Lbd;c:\winnt\system32\drivers\Lbd.sys [9/21/2009 7:56 PM 64160]
R0 viasraid;viasraid;c:\winnt\system32\drivers\viasraid.sys [4/9/2004 9:28 PM 78988]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1028432]
R3 PxHelper;PxHelper;c:\winnt\system32\drivers\PxHelper.sys [4/10/2004 12:59 PM 16512]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]
R3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [4/9/2004 10:18 PM 49776]
S2 878TVCard;Bt878 TV Card - Video Capture;c:\winnt\system32\drivers\Bt878.sys [10/14/2008 9:30 PM 214692]
S2 878TVTuner;Bt878 TV Card - TV Tuner;c:\winnt\system32\drivers\BtTuner.sys [10/14/2008 9:32 PM 11392]
S2 878Xbar;Bt878 TV Card - Crossbar;c:\winnt\system32\drivers\BtXbar.sys [10/14/2008 9:31 PM 8448]
S2 BT848;Conexant's BtPCI WDM Video Capture;c:\winnt\system32\drivers\BT848.sys [9/24/2007 4:38 PM 371349]
S3 viafilter;VIA USB Filter;c:\winnt\system32\drivers\viausb.sys [4/9/2004 9:25 PM 9038]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - IPNAT
*NewlyCreated* - RASAUTO
*NewlyCreated* - SHAREDACCESS
.
Contents of the 'Scheduled Tasks' folder

2009-10-13 c:\winnt\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 00:55]

2009-10-01 c:\winnt\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-01 02:26]

2009-10-16 c:\winnt\Tasks\{1BDEB539-DA2B-41A4-97BD-E3FF82BCD63A}_DADS2800_Steve.job
- c:\winnt\system32\mobsync.exe [2004-04-10 19:05]

2009-10-19 c:\winnt\Tasks\{D91E47F1-2F1C-4FD2-9A1B-E3E3C29BBD2B}_DADS2800_Steve.job
- c:\winnt\system32\mobsync.exe [2004-04-10 19:05]

2009-10-19 c:\winnt\Tasks\{EFD46C1F-5B6B-457F-BD7E-23E7F1E81B7A}_DADS2800_Steve.job
- c:\winnt\system32\mobsync.exe [2004-04-10 19:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ntserver/Index.asp
LSP: %SystemRoot%\system32\msafd.dll
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-ResChanger 2005 - c:\program files\ResChanger 2005\ResChanger2005.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-19 18:27
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(200)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL

- - - - - - - > 'explorer.exe'(1956)
c:\winnt\AppPatch\AcLayers.DLL
c:\program files\SiteAdvisor\6261\saHook.dll
c:\winnt\system32\SHDOCVW.DLL
.
Completion time: 2009-10-19 18:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-19 23:30

Pre-Run: 12,505,870,336 bytes free
Post-Run: 15,049,392,128 bytes free

- - End Of File - - C49051CA861EE2C0E807F34A3817D91A


Logfile of random's system information tool 1.06 (written by random/random)
Run by Steve at 2009-10-19 18:33:37
Microsoft Windows 2000 Professional Service Pack 4
System drive C: has 14 GB (19%) free of 76 GB
Total RAM: 511 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:33:55 PM, on 10/19/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINNT\System32\locator.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Steve.DADS2800\Desktop\VirusScanStuff\RSIT.exe
C:\Program Files\trend micro\Steve.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ntserver/Index.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [mswspl] C:\Program Files\Windows Media Player\wmplayer.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Buselpeq - Illusion & Hope. - (no file)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINNT\system32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

--
End of file - 8216 bytes

======Scheduled tasks folder======

C:\WINNT\tasks\Ad-Aware Update (Weekly).job
C:\WINNT\tasks\McQcTask.job
C:\WINNT\tasks\{1BDEB539-DA2B-41A4-97BD-E3FF82BCD63A}_DADS2800_Steve.job
C:\WINNT\tasks\{D91E47F1-2F1C-4FD2-9A1B-E3E3C29BBD2B}_DADS2800_Steve.job
C:\WINNT\tasks\{EFD46C1F-5B6B-457F-BD7E-23E7F1E81B7A}_DADS2800_Steve.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}]
C:\Program Files\SiteAdvisor\6261\SiteAdv.dll [2008-05-16 927008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-07-08 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - @msdxmLC.dll,-1@1033,&Radio - C:\WINNT\System32\msdxm.ocx [2005-03-31 844560]
{0BF43445-2F28-4351-9252-17FE6E806AA0} - McAfee SiteAdvisor - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll [2008-05-16 927008]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"=mobsync.exe /logon []
"SoundMan"=C:\WINNT\SOUNDMAN.EXE [2003-12-19 65024]
"CamMonitor"=C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe [2002-10-07 90112]
"Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-17 69632]
"mswspl"=C:\Program Files\Windows Media Player\wmplayer.exe [2002-12-11 73728]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2005-10-18 278528]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-12-11 155648]
"AtiPTA"=C:\WINNT\system32\atiptaxx.exe [2001-09-27 245760]
"NvCplDaemon"=C:\WINNT\system32\NvCpl.dll [2007-06-29 8466432]
"nwiz"=nwiz.exe /install []
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-07-10 645328]
"SiteAdvisor"=C:\Program Files\SiteAdvisor\6261\SiteAdv.exe [2007-08-24 36640]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"NvMediaCenter"=C:\WINNT\system32\NvMcTray.dll [2007-06-29 81920]
"EEventManager"=C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe [2008-02-19 591696]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-04-17 98616]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [2004-02-03 401491]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-09-15 1998576]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2008-09-26 2356088]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

C:\Documents and Settings\Steve.DADS2800\Start Menu\Programs\Startup
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-10-19 18:30:35 ----A---- C:\ComboFix.txt
2009-10-19 17:43:14 ----A---- C:\WINNT\NIRCMD.exe
2009-10-19 17:43:11 ----A---- C:\WINNT\zip.exe
2009-10-19 17:43:11 ----A---- C:\WINNT\SWXCACLS.exe
2009-10-19 17:43:11 ----A---- C:\WINNT\SWSC.exe
2009-10-19 17:43:11 ----A---- C:\WINNT\SWREG.exe
2009-10-19 17:43:11 ----A---- C:\WINNT\sed.exe
2009-10-19 17:43:11 ----A---- C:\WINNT\PEV.exe
2009-10-19 17:43:11 ----A---- C:\WINNT\grep.exe
2009-10-19 17:42:47 ----D---- C:\WINNT\ERDNT
2009-10-19 17:42:13 ----D---- C:\Qoobox
2009-10-17 08:48:35 ----D---- C:\Program Files\trend micro
2009-10-17 08:48:33 ----D---- C:\rsit
2009-10-05 18:19:25 ----D---- C:\Documents and Settings\Steve.DADS2800\Application Data\Eltima Software
2009-10-05 18:18:54 ----D---- C:\Program Files\Eltima Software
2009-09-27 16:16:07 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-27 16:16:00 ----D---- C:\Program Files\SUPERAntiSpyware
2009-09-27 16:16:00 ----D---- C:\Documents and Settings\Steve.DADS2800\Application Data\SUPERAntiSpyware.com
2009-09-27 16:15:36 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-09-27 15:57:21 ----D---- C:\Documents and Settings\Steve.DADS2800\Application Data\Malwarebytes
2009-09-27 15:57:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-27 15:57:16 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-26 07:23:10 ----A---- C:\WINNT\system32\javaws.exe
2009-09-26 07:23:10 ----A---- C:\WINNT\system32\javaw.exe
2009-09-26 07:23:10 ----A---- C:\WINNT\system32\java.exe
2009-09-21 21:24:11 ----HDC---- C:\WINNT\$NtUninstallKB961371-V2$
2009-09-21 21:24:06 ----HDC---- C:\WINNT\$NtUninstallKB956844$
2009-09-21 21:24:02 ----HDC---- C:\WINNT\$NtUninstallKB971961$
2009-09-21 21:23:57 ----HDC---- C:\WINNT\$NtUninstallKB968537$
2009-09-21 21:23:52 ----HDC---- C:\WINNT\$NtUninstallKB960859$
2009-09-21 21:23:26 ----A---- C:\WINNT\system32\MRT.INI
2009-09-21 21:21:45 ----A---- C:\WINNT\system32\wmpns.dll
2009-09-21 21:21:38 ----HDC---- C:\WINNT\$NtUninstallKB973540_WM9L$
2009-09-21 21:21:33 ----HDC---- C:\WINNT\$NtUninstallKB958470$
2009-09-21 21:21:27 ----HDC---- C:\WINNT\$NtUninstallKB971633_DX9$
2009-09-21 21:21:19 ----HDC---- C:\WINNT\$NtUninstallKB973354-OE6SP1-20090710.120000$
2009-09-21 21:21:13 ----HDC---- C:\WINNT\$NtUninstallKB973507$
2009-09-21 21:21:08 ----HDC---- C:\WINNT\$NtUninstallKB970238$
2009-09-21 21:21:02 ----HDC---- C:\WINNT\$NtUninstallKB973346$
2009-09-21 21:20:56 ----HDC---- C:\WINNT\$NtUninstallKB973869$
2009-09-21 21:20:46 ----HDC---- C:\WINNT\$NtUninstallKB972260-IE6SP1-20090722.120000$
2009-09-21 21:20:39 ----HDC---- C:\WINNT\$NtUninstallKB968816_WM9$
2009-09-21 21:20:34 ----HDC---- C:\WINNT\$NtUninstallKB961501$
2009-09-21 21:20:26 ----HDC---- C:\WINNT\$NtUninstallKB971557$
2009-09-21 19:52:52 ----HDC---- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}

======List of files/folders modified in the last 1 months======

2009-10-19 18:30:38 ----AD---- C:\WINNT\system32\drivers
2009-10-19 18:30:38 ----AD---- C:\WINNT\system32
2009-10-19 18:30:37 ----AD---- C:\WINNT\Temp
2009-10-19 18:27:57 ----AD---- C:\WINNT
2009-10-19 18:27:57 ----A---- C:\WINNT\system.ini
2009-10-19 17:59:21 ----D---- C:\WINNT\system32\NtmsData
2009-10-19 17:58:34 ----AD---- C:\WINNT\Debug
2009-10-19 17:51:14 ----SD---- C:\WINNT\Web
2009-10-19 17:49:25 ----AD---- C:\WINNT\AppPatch
2009-10-19 17:49:24 ----D---- C:\Program Files\Common Files
2009-10-19 17:43:55 ----A---- C:\WINNT\SchedLgU.Txt
2009-10-19 16:43:51 ----AD---- C:\WINNT\security
2009-10-18 07:50:54 ----A---- C:\WINNT\win.ini
2009-10-17 08:48:35 ----AD---- C:\Program Files
2009-10-13 17:01:37 ----HD---- C:\WINNT\inf
2009-10-08 22:22:58 ----SHD---- C:\WINNT\CSC
2009-10-08 22:22:42 ----D---- C:\Program Files\McAfee
2009-10-03 15:44:00 ----RASHDC---- C:\WINNT\system32\dllcache
2009-10-03 15:43:57 ----AD---- C:\WINNT\Help
2009-09-27 16:16:06 ----SHD---- C:\WINNT\Installer
2009-09-27 16:08:33 ----D---- C:\WINNT\ServicePackFiles
2009-09-26 07:22:38 ----D---- C:\Program Files\Java
2009-09-21 21:41:14 ----D---- C:\Program Files\QUICKENW
2009-09-21 21:34:33 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-21 21:34:19 ----D---- C:\Program Files\Microsoft ActiveSync
2009-09-21 21:34:12 ----D---- C:\Program Files\Microsoft Office
2009-09-21 21:24:10 ----A---- C:\WINNT\imsins.BAK
2009-09-21 21:21:23 ----D---- C:\Program Files\Outlook Express
2009-09-21 21:21:23 ----D---- C:\Program Files\Common Files\System
2009-09-21 20:11:36 ----SD---- C:\WINNT\Downloaded Program Files
2009-09-21 19:56:40 ----ASD---- C:\WINNT\Tasks
2009-09-21 19:51:53 ----D---- C:\WINNT\winsxs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINNT\system32\drivers\AFS2K.sys [2004-04-10 82380]
R1 Cdr4_2K;Cdr4_2K; C:\WINNT\system32\drivers\Cdr4_2K.sys [2006-08-28 2432]
R1 Cdralw2k;Cdralw2k; C:\WINNT\system32\drivers\Cdralw2k.sys [2006-08-28 2560]
R1 kbdhid;Keyboard HID Driver; C:\WINNT\System32\DRIVERS\kbdhid.sys [1999-10-04 13744]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINNT\system32\drivers\mfehidk.sys [2009-07-08 214024]
R1 MPFP;MPFP; C:\WINNT\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 HidUsb;Microsoft HID Class Driver; C:\WINNT\System32\DRIVERS\hidusb.sys [1999-10-04 13904]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINNT\system32\drivers\ALCXSENS.SYS [2003-12-11 391424]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINNT\system32\drivers\ALCXWDM.SYS [2003-12-19 541548]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINNT\system32\DRIVERS\fetnd5bv.sys [2006-06-13 43008]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINNT\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINNT\system32\drivers\mfeavfk.sys [2009-07-08 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINNT\system32\drivers\mfebopk.sys [2009-07-08 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINNT\system32\drivers\mfesmfk.sys [2009-07-08 40552]
R3 mouhid;Mouse HID Driver; C:\WINNT\System32\DRIVERS\mouhid.sys [2003-06-19 11632]
R3 nv;nv; C:\WINNT\system32\DRIVERS\nv4_mini.sys [2007-06-29 6807328]
R3 PxHelper;PxHelper; \??\C:\WINNT\system32\drivers\PxHelper.sys []
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 uhcd;Microsoft USB Universal Host Controller Driver; C:\WINNT\System32\DRIVERS\uhcd.sys [2003-06-19 32848]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbehci.sys [2003-06-19 19728]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINNT\System32\DRIVERS\usbhub.sys [2003-06-19 40176]
R3 usbhub20;USB 2.0 Root Hub Support; C:\WINNT\System32\DRIVERS\usbhub20.sys [2003-06-19 49776]
S2 878TVCard;Bt878 TV Card - Video Capture; C:\WINNT\system32\drivers\Bt878.sys [2005-09-04 214692]
S2 878TVTuner;Bt878 TV Card - TV Tuner; C:\WINNT\system32\drivers\BtTuner.sys [2005-09-04 11392]
S2 878Xbar;Bt878 TV Card - Crossbar; C:\WINNT\system32\drivers\BtXbar.sys [2005-09-04 8448]
S2 BT848;Conexant's BtPCI WDM Video Capture; C:\WINNT\system32\DRIVERS\BT848.sys [2007-09-24 371349]
S2 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINNT\system32\DRIVERS\atinmdxx.sys [2001-09-26 11280]
S3 ati2mtaa;ati2mtaa; C:\WINNT\system32\DRIVERS\ati2mtaa.sys [2001-09-27 291121]
S3 atinrvxx;ATI WDM Rage Theater Video; C:\WINNT\system32\DRIVERS\atinrvxx.sys [2001-09-26 65104]
S3 CCDECODE;Closed Caption Decoder; C:\WINNT\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINNT\System32\DRIVERS\fetnd5b.sys [2004-02-20 42496]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 mferkdk;McAfee Inc. mferkdk; C:\WINNT\system32\drivers\mferkdk.sys [2009-07-08 34248]
S3 MPE;BDA MPE Filter; C:\WINNT\system32\DRIVERS\MPE.sys [2004-07-09 15104]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINNT\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 SLIP;BDA Slip De-Framer; C:\WINNT\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINNT\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\System32\DRIVERS\usbprint.sys [2003-06-19 21872]
S3 usbscan;USB Scanner Driver; C:\WINNT\System32\DRIVERS\usbscan.sys [2003-06-19 12592]
S3 USBSTOR;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2003-06-19 21552]
S3 viafilter;VIA USB Filter; C:\WINNT\System32\Drivers\viausb.sys [2003-06-18 9038]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINNT\system32\DRIVERS\wceusbsh.sys [2003-12-22 104064]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S4 IntelIde;IntelIde; C:\WINNT\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINNT\System32\drivers\ws2ifsl.sys [2000-07-26 12016]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-04-17 102712]
R2 HidServ;HID Input Service; C:\WINNT\system32\hidserv.exe [2003-06-19 19728]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-21 1028432]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-10 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-07-08 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-07-10 894136]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINNT\system32\nvsvc32.exe [2007-06-29 155716]
R2 SiteAdvisor Service;SiteAdvisor Service; C:\Program Files\SiteAdvisor\6261\SAService.exe [2008-08-08 345376]
R2 StiSvc;Still Image Service; C:\WINNT\system32\stisvc.exe [2003-06-19 61712]
R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-10-18 323584]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-07-08 606736]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINNT\system32\Ati2evxx.exe [2000-11-30 57344]
S2 EPSON_PM_RPCV2_01;EPSON V3 Service2(03); C:\WINNT\system32\E_S00RP1.EXE [2002-07-01 62464]
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-07-08 365072]
S3 WmdmPmSN;Portable Media Serial Number Service; C:\WINNT\System32\svchost.exe [2000-07-26 7952]

-----------------EOF-----------------

#9 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:08:46 AM

Posted 20 October 2009 - 11:45 AM

Hello, lazyvista.
I noticed that you did not have the Recovery Console (RC) installed. Due to the nature of Combofix, it is very important to have the RC installed, should anything go wrong.

Instructions on how to install the RC can be found here:
http://support.microsoft.com/?kbid=216417

Note that you will need the Windows 2000 installation disk at hand.

NEXT:

We need to run a Combofix script
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the codebox below into it. Do not copy the word "code".
    MIA::
    c:\winnt\system32\comres.dll
  • Save this as CFScript.txt, in the same location as ComboFix.exe
  • Now, drag and drop CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
In your next reply, please include the following:
  • ComboFix.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#10 lazyvista

lazyvista
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 20 October 2009 - 09:57 PM

Here is the log. How do I go about getting the comres.dll back on the system?


ComboFix 09-10-19.01 - Steve 10/20/2009 21:42.2.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.511.267 [GMT -5:00]
Running from: c:\documents and settings\Steve.DADS2800\Desktop\VirusScanStuff\ComboFix.exe
Command switches used :: c:\documents and settings\Steve.DADS2800\Desktop\VirusScanStuff\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\winnt\system32\comres.dll . . . is infected!!

c:\winnt\system32\comres.dll . . . is missing!!

.
((((((((((((((((((((((((( Files Created from 2009-09-21 to 2009-10-21 )))))))))))))))))))))))))))))))
.

2009-10-21 02:29 . 2009-10-21 02:29 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_504.dat
2009-10-19 23:00 . 2009-10-19 23:00 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_500.dat
2009-10-19 22:58 . 2009-10-19 22:58 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_230.dat
2009-10-17 13:48 . 2009-10-19 23:33 -------- d-----w- c:\program files\trend micro
2009-10-17 13:48 . 2009-10-17 13:49 -------- d-----w- C:\rsit
2009-10-05 23:19 . 2009-10-05 23:19 -------- d-----w- c:\documents and settings\Steve.DADS2800\Application Data\Eltima Software
2009-10-05 23:18 . 2009-10-05 23:18 -------- d-----w- c:\program files\Eltima Software
2009-09-27 21:16 . 2009-09-27 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-27 21:16 . 2009-10-21 02:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-27 21:16 . 2009-09-27 21:16 -------- d-----w- c:\documents and settings\Steve.DADS2800\Application Data\SUPERAntiSpyware.com
2009-09-27 21:15 . 2009-09-27 21:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-27 20:57 . 2009-09-27 20:57 -------- d-----w- c:\documents and settings\Steve.DADS2800\Application Data\Malwarebytes
2009-09-27 20:57 . 2009-09-10 19:54 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-09-27 20:57 . 2009-09-27 20:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-27 20:57 . 2009-09-27 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-27 20:57 . 2009-09-10 19:53 18520 ----a-w- c:\winnt\system32\drivers\mbam.sys
2009-09-22 02:21 . 2002-12-11 22:34 208896 ----a-w- c:\winnt\system32\wmpns.dll
2009-09-22 00:56 . 2009-07-03 14:49 64160 ----a-w- c:\winnt\system32\drivers\Lbd.sys
2009-09-22 00:52 . 2009-09-22 00:52 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-09 03:22 . 2008-08-08 02:48 -------- d-----w- c:\program files\McAfee
2009-09-26 12:22 . 2008-07-01 13:48 -------- d-----w- c:\program files\Java
2009-09-22 02:41 . 2004-04-10 21:29 -------- d-----w- c:\program files\QUICKENW
2009-09-22 02:34 . 2004-04-10 02:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-22 02:34 . 2004-04-21 04:34 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-09-18 23:23 . 2008-07-01 13:51 37 ----a-w- c:\documents and settings\Steve.DADS2800\jagex_runescape_preferences.dat
2009-09-18 00:11 . 2009-09-02 20:44 45 ----a-w- c:\documents and settings\Steve.DADS2800\jagex_runescape_preferences2.dat
2009-08-07 00:24 . 2005-08-28 14:03 327896 ----a-w- c:\winnt\system32\wucltui.dll
2009-08-07 00:24 . 2005-08-28 14:03 209632 ----a-w- c:\winnt\system32\wuweb.dll
2009-08-07 00:24 . 2005-08-28 14:03 44768 ----a-w- c:\winnt\system32\wups2.dll
2009-08-07 00:24 . 2005-08-28 14:03 35552 ----a-w- c:\winnt\system32\wups.dll
2009-08-07 00:24 . 2004-04-10 03:16 53472 ------w- c:\winnt\system32\wuauclt.exe
2009-08-07 00:24 . 2004-04-10 03:10 96480 ----a-w- c:\winnt\system32\cdm.dll
2009-08-07 00:23 . 2005-08-28 14:03 575704 ----a-w- c:\winnt\system32\wuapi.dll
2009-08-07 00:23 . 2004-04-10 03:16 1929952 ----a-w- c:\winnt\system32\wuaueng.dll
2009-08-05 05:04 . 2009-08-05 05:04 90164 ----a-w- c:\winnt\system32\atl.dll
2009-07-27 11:27 . 2000-07-26 12:00 81168 ----a-w- c:\winnt\system32\fontsub.dll
2009-07-27 11:27 . 2000-07-26 12:00 165136 ----a-w- c:\winnt\system32\t2embed.dll
2009-07-25 10:23 . 2008-11-25 02:13 411368 ----a-w- c:\winnt\system32\deploytk.dll
2004-04-09 22:46 . 2004-04-09 22:46 21952 ---h--w- c:\program files\folder.htt
.

------- Sigcheck -------

[-] 2002-11-27 00:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [9.0.1.56] . . c:\winnt\system32\mspmsnsv.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-10-19_23.27.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-13 13:08 . 2009-10-21 02:32 295606 c:\winnt\Installer\{AC76BA86-7AD7-1033-7B44-A81300000003}\SC_Reader.exe
- 2008-11-13 13:08 . 2009-08-03 19:32 295606 c:\winnt\Installer\{AC76BA86-7AD7-1033-7B44-A81300000003}\SC_Reader.exe
+ 2007-01-23 17:39 . 2007-01-23 17:39 443904 c:\winnt\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A3100000030\8.1.3\JP2KLib.dll
+ 2009-08-12 21:55 . 2009-08-12 21:55 9680384 c:\winnt\Installer\35aff.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 90112]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"mswspl"="c:\program files\Windows Media Player\wmplayer.exe" [2002-12-11 73728]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-10-18 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-12 155648]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2007-06-29 8466432]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]
"SiteAdvisor"="c:\program files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 36640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvMediaCenter"="c:\winnt\system32\NvMcTray.dll" [2007-06-29 81920]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-02-19 591696]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Synchronization Manager"="mobsync.exe" - c:\winnt\system32\mobsync.exe [2003-06-19 111376]
"SoundMan"="SOUNDMAN.EXE" - c:\winnt\SOUNDMAN.EXE [2003-12-19 65024]
"AtiPTA"="atiptaxx.exe" - c:\winnt\system32\atiptaxx.exe [2001-09-27 245760]
"nwiz"="nwiz.exe" - c:\winnt\system32\nwiz.exe [2007-06-29 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-06-19 186640]

c:\documents and settings\Steve.DADS2800\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-2-9 368640]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R0 Lbd;Lbd;c:\winnt\system32\drivers\Lbd.sys [9/21/2009 7:56 PM 64160]
R0 viasraid;viasraid;c:\winnt\system32\drivers\viasraid.sys [4/9/2004 9:28 PM 78988]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1028432]
R3 PxHelper;PxHelper;c:\winnt\system32\drivers\PxHelper.sys [4/10/2004 12:59 PM 16512]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]
R3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [4/9/2004 10:18 PM 49776]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
S2 878TVCard;Bt878 TV Card - Video Capture;c:\winnt\system32\drivers\Bt878.sys [10/14/2008 9:30 PM 214692]
S2 878TVTuner;Bt878 TV Card - TV Tuner;c:\winnt\system32\drivers\BtTuner.sys [10/14/2008 9:32 PM 11392]
S2 878Xbar;Bt878 TV Card - Crossbar;c:\winnt\system32\drivers\BtXbar.sys [10/14/2008 9:31 PM 8448]
S2 BT848;Conexant's BtPCI WDM Video Capture;c:\winnt\system32\drivers\BT848.sys [9/24/2007 4:38 PM 371349]
S3 viafilter;VIA USB Filter;c:\winnt\system32\drivers\viausb.sys [4/9/2004 9:25 PM 9038]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints\D]
\Shell\AutoRun\command - D:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-10-20 c:\winnt\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 00:55]

2009-10-01 c:\winnt\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-01 02:26]

2009-10-16 c:\winnt\Tasks\{1BDEB539-DA2B-41A4-97BD-E3FF82BCD63A}_DADS2800_Steve.job
- c:\winnt\system32\mobsync.exe [2004-04-10 19:05]

2009-10-19 c:\winnt\Tasks\{D91E47F1-2F1C-4FD2-9A1B-E3E3C29BBD2B}_DADS2800_Steve.job
- c:\winnt\system32\mobsync.exe [2004-04-10 19:05]

2009-10-20 c:\winnt\Tasks\{EFD46C1F-5B6B-457F-BD7E-23E7F1E81B7A}_DADS2800_Steve.job
- c:\winnt\system32\mobsync.exe [2004-04-10 19:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ntserver/Index.asp
LSP: %SystemRoot%\system32\msafd.dll
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-20 21:50
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(196)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL

- - - - - - - > 'explorer.exe'(1696)
c:\winnt\AppPatch\AcLayers.DLL
c:\program files\SiteAdvisor\6261\saHook.dll
c:\winnt\system32\SHDOCVW.DLL
.
Completion time: 2009-10-21 21:52
ComboFix-quarantined-files.txt 2009-10-21 02:52
ComboFix2.txt 2009-10-19 23:30

Pre-Run: 15,032,696,832 bytes free
Post-Run: 15,024,001,024 bytes free

- - End Of File - - F5DF8353DEAE42DD73EE33287AFF6EEB

#11 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:08:46 AM

Posted 21 October 2009 - 04:59 PM

Hello, lazyvista.
We need to check the integrity of system files
  • Click Start > Run
  • Type: sfc /scannow
  • Press Enter
  • You will see a progress bar but you get no confirmation messages and it just ends. Insert your Windows installation CD when/if requested.

NEXT:

We need to run a Combofix script
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the codebox below into it. Do not copy the word "code".
    FileLook::
    c:\winnt\system32\comres.dll
    c:\winnt\system32\mspmsnsv.dll
  • Save this as CFScript.txt, in the same location as ComboFix.exe
  • Now, drag and drop CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
In your next reply, please include the following:
  • ComboFix.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#12 lazyvista

lazyvista
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 21 October 2009 - 09:05 PM

Looks like comres.dll is still infected.

The SFC did asked for my install disk and it looked like it was accessed several times.

Here is the combofix log.

ComboFix 09-10-19.01 - Steve 10/21/2009 20:51.3.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.511.281 [GMT -5:00]
Running from: c:\documents and settings\Steve.DADS2800\Desktop\VirusScanStuff\ComboFix.exe
Command switches used :: c:\documents and settings\Steve.DADS2800\Desktop\VirusScanStuff\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\winnt\system32\comres.dll . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2009-09-22 to 2009-10-22 )))))))))))))))))))))))))))))))
.

2009-10-22 01:48 . 1999-12-01 04:40 107792 -c--a-w- c:\winnt\system32\dllcache\xlog.exe
2009-10-22 01:48 . 1999-09-25 00:16 17168 -c--a-w- c:\winnt\system32\dllcache\xem336n5.sys
2009-10-22 01:48 . 1999-09-25 00:17 24848 -c--a-w- c:\winnt\system32\dllcache\wvlan48.sys
2009-10-22 01:48 . 1999-09-25 15:35 8016 -c--a-w- c:\winnt\system32\dllcache\wmiacpi.sys
2009-10-22 01:46 . 1999-11-08 21:38 63024 -c--a-w- c:\winnt\system32\dllcache\solo.sys
2009-10-22 01:45 . 2003-06-19 19:05 9808 -c--a-w- c:\winnt\system32\dllcache\pnrmc.sys
2009-10-22 01:44 . 1999-12-01 04:39 11024 -c--a-w- c:\winnt\system32\dllcache\msmusd.dll
2009-10-22 01:44 . 1999-09-25 15:35 2832 -c--a-w- c:\winnt\system32\dllcache\msmpu401.sys
2009-10-22 01:44 . 1999-10-26 20:30 35440 -c--a-w- c:\winnt\system32\dllcache\msgame.sys
2009-10-22 01:44 . 1999-11-06 02:23 9488 -c--a-w- c:\winnt\system32\dllcache\mraid35x.sys
2009-10-22 01:44 . 1999-10-21 16:34 6608 -c--a-w- c:\winnt\system32\dllcache\miniqic.sys
2009-10-22 01:42 . 1999-11-30 06:33 7440 -c--a-w- c:\winnt\system32\dllcache\kbd106.dll
2009-10-22 01:41 . 1999-09-25 00:17 387248 -c--a-w- c:\winnt\system32\dllcache\fpnpbase.sys
2009-10-22 01:40 . 1999-11-08 21:48 612976 -c--a-w- c:\winnt\system32\dllcache\diwan.sys
2009-10-22 01:39 . 2003-06-19 19:05 7184 -c--a-w- c:\winnt\system32\dllcache\battc.sys
2009-10-22 01:38 . 1999-12-01 04:39 25872 -c--a-w- c:\winnt\system32\dllcache\sm8c32.dll
2009-10-22 01:37 . 1999-11-05 20:55 156496 -c--a-w- c:\winnt\system32\dllcache\essm2e.sys
2009-10-22 01:34 . 2009-10-22 01:34 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_510.dat
2009-10-19 23:00 . 2009-10-19 23:00 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_500.dat
2009-10-19 22:58 . 2009-10-19 22:58 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_230.dat
2009-10-17 13:48 . 2009-10-19 23:33 -------- d-----w- c:\program files\trend micro
2009-10-17 13:48 . 2009-10-17 13:49 -------- d-----w- C:\rsit
2009-10-05 23:19 . 2009-10-05 23:19 -------- d-----w- c:\documents and settings\Steve.DADS2800\Application Data\Eltima Software
2009-10-05 23:18 . 2009-10-05 23:18 -------- d-----w- c:\program files\Eltima Software
2009-09-27 21:16 . 2009-09-27 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-27 21:16 . 2009-10-21 11:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-27 21:16 . 2009-09-27 21:16 -------- d-----w- c:\documents and settings\Steve.DADS2800\Application Data\SUPERAntiSpyware.com
2009-09-27 21:15 . 2009-09-27 21:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-27 20:57 . 2009-09-27 20:57 -------- d-----w- c:\documents and settings\Steve.DADS2800\Application Data\Malwarebytes
2009-09-27 20:57 . 2009-09-10 19:54 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-09-27 20:57 . 2009-09-27 20:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-27 20:57 . 2009-09-27 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-27 20:57 . 2009-09-10 19:53 18520 ----a-w- c:\winnt\system32\drivers\mbam.sys
2009-09-22 02:21 . 2002-12-11 22:34 208896 ----a-w- c:\winnt\system32\wmpns.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-22 01:31 . 2008-08-08 02:48 -------- d-----w- c:\program files\McAfee
2009-09-26 12:22 . 2008-07-01 13:48 -------- d-----w- c:\program files\Java
2009-09-22 02:41 . 2004-04-10 21:29 -------- d-----w- c:\program files\QUICKENW
2009-09-22 02:34 . 2004-04-10 02:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-22 02:34 . 2004-04-21 04:34 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-09-22 00:52 . 2009-09-22 00:52 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-18 23:23 . 2008-07-01 13:51 37 ----a-w- c:\documents and settings\Steve.DADS2800\jagex_runescape_preferences.dat
2009-09-18 00:11 . 2009-09-02 20:44 45 ----a-w- c:\documents and settings\Steve.DADS2800\jagex_runescape_preferences2.dat
2009-09-16 15:22 . 2008-08-08 02:48 79816 ----a-w- c:\winnt\system32\drivers\mfeavfk.sys
2009-09-16 15:22 . 2008-08-08 02:48 40552 ----a-w- c:\winnt\system32\drivers\mfesmfk.sys
2009-09-16 15:22 . 2008-08-08 02:48 35272 ----a-w- c:\winnt\system32\drivers\mfebopk.sys
2009-09-16 15:22 . 2008-08-08 02:48 214664 ----a-w- c:\winnt\system32\drivers\mfehidk.sys
2009-09-16 15:22 . 2008-08-08 02:48 34248 ----a-w- c:\winnt\system32\drivers\mferkdk.sys
2009-08-07 00:24 . 2005-08-28 14:03 327896 ----a-w- c:\winnt\system32\wucltui.dll
2009-08-07 00:24 . 2005-08-28 14:03 209632 ----a-w- c:\winnt\system32\wuweb.dll
2009-08-07 00:24 . 2005-08-28 14:03 44768 ----a-w- c:\winnt\system32\wups2.dll
2009-08-07 00:24 . 2005-08-28 14:03 35552 ----a-w- c:\winnt\system32\wups.dll
2009-08-07 00:24 . 2004-04-10 03:16 53472 ----a-w- c:\winnt\system32\wuauclt.exe
2009-08-07 00:24 . 2004-04-10 03:10 96480 ----a-w- c:\winnt\system32\cdm.dll
2009-08-07 00:23 . 2005-08-28 14:03 575704 ----a-w- c:\winnt\system32\wuapi.dll
2009-08-07 00:23 . 2004-04-10 03:16 1929952 ----a-w- c:\winnt\system32\wuaueng.dll
2009-08-05 05:04 . 2009-08-05 05:04 90164 ----a-w- c:\winnt\system32\atl.dll
2009-07-27 11:27 . 2000-07-26 12:00 81168 ----a-w- c:\winnt\system32\fontsub.dll
2009-07-27 11:27 . 2000-07-26 12:00 165136 ----a-w- c:\winnt\system32\t2embed.dll
2009-07-25 10:23 . 2008-11-25 02:13 411368 ----a-w- c:\winnt\system32\deploytk.dll
2004-04-09 22:46 . 2004-04-09 22:46 21952 ---h--w- c:\program files\folder.htt
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\winnt\system32\mspmsnsv.dll ---
Company: Microsoft Corporation
File Description: Microsoft Media Device Service Provider
File Version: 9.0.1.56
Product Name: Windows Media Device Manager
Copyright: Copyright © Microsoft Corp.
Original Filename: MsPMSNSv.dll
File size: 52224
Created time: 2004-04-10 04:42
Modified time: 2002-11-27 00:03
MD5: 36678803A8030EE9A771935CFC1848BD
SHA1: D9F1D8A2B797F6FE9A4B89FD68ECC4599554904A


------- Sigcheck -------

[-] 2002-11-27 00:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [9.0.1.56] . . c:\winnt\system32\mspmsnsv.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-10-19_23.27.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-04-10 03:19 . 2003-06-19 19:05 92432 c:\winnt\system32\dllcache\xactsrv.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 34576 c:\winnt\system32\dllcache\wzcsetup.exe
+ 2004-04-10 03:16 . 2003-06-19 19:05 29968 c:\winnt\system32\dllcache\wzcsapi.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 52496 c:\winnt\system32\dllcache\wzcdlg.dll
+ 2004-04-10 03:19 . 2003-06-19 19:05 28400 c:\winnt\system32\dllcache\wupdinfo.dll
+ 2004-04-10 03:19 . 2003-06-19 19:05 21776 c:\winnt\system32\dllcache\wsock32.dll
+ 2004-04-10 03:19 . 2003-06-19 19:05 39696 c:\winnt\system32\dllcache\wsnmp32.dll
+ 2004-04-10 03:19 . 2003-06-19 19:05 17680 c:\winnt\system32\dllcache\wshtcpip.dll
+ 2004-04-10 03:19 . 2003-06-19 19:05 10000 c:\winnt\system32\dllcache\wshatm.dll
+ 2004-04-10 03:19 . 2003-06-19 19:05 69904 c:\winnt\system32\dllcache\ws2_32.dll
+ 2004-04-10 03:19 . 2003-06-19 19:05 29968 c:\winnt\system32\dllcache\wpnpinst.exe
+ 1999-12-02 15:30 . 2000-07-26 12:00 14608 c:\winnt\system32\dllcache\wowfaxui.dll
+ 2004-04-10 03:19 . 2003-06-19 19:05 74512 c:\winnt\system32\dllcache\wmicore.dll
+ 2009-10-22 01:47 . 1999-09-25 00:17 35088 c:\winnt\system32\dllcache\wlandrv2.sys
- 2004-04-10 03:40 . 2006-08-17 13:14 98064 c:\winnt\system32\dllcache\wkssvc.dll
+ 2000-07-26 12:00 . 2006-08-17 13:14 98064 c:\winnt\system32\dllcache\wkssvc.dll
+ 2004-04-10 03:19 . 2003-06-19 19:05 39184 c:\winnt\system32\dllcache\winsta.dll
+ 2004-04-10 03:19 . 2003-06-19 19:05 79120 c:\winnt\system32\dllcache\winscard.dll
+ 2004-04-10 03:19 . 2003-06-19 19:05 59152 c:\winnt\system32\dllcache\winfax.dll
+ 2000-07-26 12:00 . 2009-04-24 09:54 95504 c:\winnt\system32\dllcache\win32spl.dll
- 2005-07-13 07:22 . 2009-04-24 09:54 95504 c:\winnt\system32\dllcache\win32spl.dll
+ 2009-10-22 01:47 . 1999-09-25 15:37 30960 c:\winnt\system32\dllcache\weitekp9.sys
+ 2009-10-22 01:47 . 1999-12-07 21:43 41552 c:\winnt\system32\dllcache\weitekp9.dll
+ 2004-04-10 03:19 . 2003-06-19 19:05 42768 c:\winnt\system32\dllcache\webhits.dll
+ 2009-10-22 01:47 . 1999-09-25 15:37 27024 c:\winnt\system32\dllcache\wdvga.sys
+ 2004-04-10 02:28 . 2003-06-19 19:05 73872 c:\winnt\system32\dllcache\wdmaud.sys
+ 2009-10-22 01:47 . 1999-12-01 04:40 88576 c:\winnt\system32\dllcache\wcom32.exe
+ 1999-09-24 19:18 . 2000-07-26 12:00 32528 c:\winnt\system32\dllcache\wbfirdma.sys
+ 2004-04-10 03:18 . 2003-06-19 19:05 41036 c:\winnt\system32\dllcache\wbemsvc.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 41061 c:\winnt\system32\dllcache\wbemprox.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 38672 c:\winnt\system32\dllcache\wbemperf.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 32272 c:\winnt\system32\dllcache\wanarp.sys
+ 2004-04-10 03:18 . 2003-06-19 19:05 46864 c:\winnt\system32\dllcache\wamreg.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 72464 c:\winnt\system32\dllcache\wam.dll
+ 2009-10-22 01:47 . 1999-10-04 19:01 18704 c:\winnt\system32\dllcache\w940nd.sys
+ 2009-10-22 01:47 . 1999-09-25 00:17 17264 c:\winnt\system32\dllcache\w926nd.sys
+ 2009-10-22 01:39 . 1999-10-20 18:51 19728 c:\winnt\system32\dllcache\w840nd.sys
+ 2004-04-10 03:18 . 2003-06-19 19:05 33552 c:\winnt\system32\dllcache\w3ext.dll
- 2004-04-30 03:23 . 2004-04-05 03:16 57104 c:\winnt\system32\dllcache\w32tm.exe
+ 2004-04-05 03:16 . 2004-04-05 03:16 57104 c:\winnt\system32\dllcache\w32tm.exe
+ 2005-04-08 11:54 . 2005-04-08 11:54 48400 c:\winnt\system32\dllcache\w32time.dll
- 2004-04-30 03:23 . 2005-04-08 11:54 48400 c:\winnt\system32\dllcache\w32time.dll
+ 2009-10-22 01:47 . 1999-12-07 21:43 48304 c:\winnt\system32\dllcache\w32.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 20240 c:\winnt\system32\dllcache\vwipxspx.dll
+ 2009-10-22 01:47 . 1999-09-25 00:17 80304 c:\winnt\system32\dllcache\vslinka.sys
+ 2009-10-22 01:47 . 1999-10-29 20:00 53008 c:\winnt\system32\dllcache\voodoo3.sys
+ 2000-07-26 12:00 . 2003-06-19 19:05 50640 c:\winnt\system32\dllcache\videoprt.sys
+ 2009-10-22 01:47 . 2003-06-19 19:05 22416 c:\winnt\system32\dllcache\viaagp.sys
+ 2004-04-10 03:18 . 2003-06-19 19:05 83888 c:\winnt\system32\dllcache\vga.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 16144 c:\winnt\system32\dllcache\version.dll
+ 1999-09-25 10:35 . 2000-07-26 12:00 59280 c:\winnt\system32\dllcache\vdmindvd.sys
- 2005-02-06 23:06 . 2005-02-08 05:21 29456 c:\winnt\system32\dllcache\VDMDBG.DLL
+ 2005-02-08 05:21 . 2005-02-08 05:21 29456 c:\winnt\system32\dllcache\vdmdbg.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 22800 c:\winnt\system32\dllcache\utilman.exe
+ 2004-04-10 03:18 . 2003-06-19 19:05 26384 c:\winnt\system32\dllcache\utildll.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 17680 c:\winnt\system32\dllcache\userinit.exe
+ 2004-04-09 17:41 . 1999-11-30 23:39 59664 c:\winnt\system32\dllcache\usbui.dll
+ 2009-10-22 01:47 . 2003-06-19 19:05 22768 c:\winnt\system32\dllcache\usbser.sys
+ 2004-04-10 03:18 . 2003-06-19 19:05 11536 c:\winnt\system32\dllcache\usbmon.dll
+ 1999-09-25 10:36 . 2000-07-26 12:00 15120 c:\winnt\system32\dllcache\usbintel.sys
+ 2000-07-26 12:00 . 2003-06-19 19:05 40176 c:\winnt\system32\dllcache\usbhub.sys
+ 2000-07-26 12:00 . 2003-06-19 19:05 20688 c:\winnt\system32\dllcache\usbd.sys
+ 1999-09-27 19:09 . 2000-07-26 12:00 23888 c:\winnt\system32\dllcache\usbcamd.sys
+ 2009-10-22 01:39 . 1999-10-12 20:57 68912 c:\winnt\system32\dllcache\usbaudio.sys
+ 2004-04-10 03:18 . 2003-06-19 19:05 32837 c:\winnt\system32\dllcache\unsecapp.exe
+ 2004-04-10 03:18 . 2003-06-19 19:05 14608 c:\winnt\system32\dllcache\uniplat.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 68368 c:\winnt\system32\dllcache\unimdmat.dll
+ 2004-04-10 03:12 . 2003-06-19 19:05 74000 c:\winnt\system32\dllcache\uniime.dll
+ 2009-10-22 01:47 . 1999-09-25 15:51 23472 c:\winnt\system32\dllcache\umaxpcls.sys
+ 2009-10-22 01:47 . 1999-09-25 16:11 33296 c:\winnt\system32\dllcache\ultra66.sys
+ 2000-07-26 12:00 . 2003-06-19 19:05 32848 c:\winnt\system32\dllcache\uhcd.sys
+ 2000-07-26 12:00 . 2003-06-19 19:05 83216 c:\winnt\system32\dllcache\ufat.dll
- 2004-12-02 13:07 . 2004-12-02 13:07 63280 c:\winnt\system32\dllcache\udfs.sys
+ 2000-07-26 12:00 . 2004-12-02 13:07 63280 c:\winnt\system32\dllcache\udfs.sys
+ 2009-10-22 01:47 . 1999-12-01 04:39 61200 c:\winnt\system32\dllcache\u1220_32.dll
+ 1999-09-25 10:36 . 2000-07-26 12:00 22000 c:\winnt\system32\dllcache\tsbvcap.sys
+ 2009-10-22 01:39 . 1999-09-25 00:17 17712 c:\winnt\system32\dllcache\tsbmce.sys
+ 2004-04-10 03:18 . 2003-06-19 19:05 90384 c:\winnt\system32\dllcache\trkwks.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 31504 c:\winnt\system32\dllcache\traffic.dll
+ 2009-10-22 01:47 . 1999-10-21 15:49 34576 c:\winnt\system32\dllcache\tpro4.sys
+ 2009-10-22 01:47 . 1999-11-30 06:34 28672 c:\winnt\system32\dllcache\tp4res.dll
+ 2009-10-22 01:47 . 1999-12-01 04:40 86288 c:\winnt\system32\dllcache\tp4mon.exe
+ 2009-10-22 01:47 . 1999-12-01 04:39 35088 c:\winnt\system32\dllcache\tp4.dll
+ 1999-09-25 10:35 . 2000-07-26 12:00 52048 c:\winnt\system32\dllcache\tosdvd.sys
+ 2009-10-22 01:47 . 1999-09-25 00:18 33552 c:\winnt\system32\dllcache\tos4mu.sys
+ 2009-10-22 01:39 . 1999-10-20 19:49 28432 c:\winnt\system32\dllcache\tos4mo.sys
+ 2004-04-10 03:18 . 2003-06-19 19:05 55056 c:\winnt\system32\dllcache\tlntsess.exe
+ 2009-10-22 01:47 . 1999-12-07 21:43 79024 c:\winnt\system32\dllcache\tgiul50.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 17680 c:\winnt\system32\dllcache\tftp.exe
+ 2009-10-22 01:47 . 1999-09-28 00:56 72784 c:\winnt\system32\dllcache\tffsport.sys
+ 2004-04-10 03:18 . 2009-01-08 16:20 80656 c:\winnt\system32\dllcache\telnet.exe
- 2009-01-08 16:20 . 2009-01-08 16:20 80656 c:\winnt\system32\dllcache\telnet.exe
+ 2000-07-26 12:00 . 2003-06-19 19:05 16240 c:\winnt\system32\dllcache\tdi.sys
+ 2000-07-26 12:00 . 2003-06-19 19:05 66832 c:\winnt\system32\dllcache\tcpmonui.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 41744 c:\winnt\system32\dllcache\tcpmon.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 13072 c:\winnt\system32\dllcache\tcpmib.dll
+ 2009-10-22 01:47 . 1999-10-09 17:37 29872 c:\winnt\system32\dllcache\tbatm155.sys
+ 2004-04-10 03:18 . 2003-06-19 19:05 87312 c:\winnt\system32\dllcache\taskmgr.exe
+ 2000-07-26 12:00 . 2003-06-19 19:05 10928 c:\winnt\system32\dllcache\tape.sys
+ 2009-10-22 01:47 . 1999-10-14 22:04 37104 c:\winnt\system32\dllcache\t2r4mini.sys
+ 2004-04-10 02:28 . 2003-06-19 19:05 47568 c:\winnt\system32\dllcache\sysaudio.sys
+ 2009-10-22 01:47 . 2003-06-19 19:05 27120 c:\winnt\system32\dllcache\symc8xx.sys
+ 2009-10-22 01:47 . 1999-09-25 16:11 16624 c:\winnt\system32\dllcache\symc810.sys
+ 2009-10-22 01:47 . 1999-09-25 16:11 21136 c:\winnt\system32\dllcache\sym_hi.sys
+ 2009-10-22 01:47 . 1999-10-01 02:29 97936 c:\winnt\system32\dllcache\sx.sys
+ 2004-04-10 02:28 . 2003-06-19 19:05 53552 c:\winnt\system32\dllcache\swmidi.sys
+ 2009-10-22 01:47 . 1999-12-01 04:39 60176 c:\winnt\system32\dllcache\sw_wheel.dll
+ 2009-10-22 01:47 . 1999-12-01 04:39 45328 c:\winnt\system32\dllcache\sw_effct.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 40720 c:\winnt\system32\dllcache\svcext.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 10000 c:\winnt\system32\dllcache\subst.exe
+ 2004-04-10 03:18 . 2003-06-19 19:05 35600 c:\winnt\system32\dllcache\storprop.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 81168 c:\winnt\system32\dllcache\stobject.dll
+ 2009-10-22 01:39 . 2003-06-19 19:05 10288 c:\winnt\system32\dllcache\stkmc.sys
+ 2004-04-10 03:18 . 2003-06-19 19:05 61712 c:\winnt\system32\dllcache\stisvc.exe
+ 2004-04-10 03:18 . 2003-06-19 19:05 21264 c:\winnt\system32\dllcache\stimon.exe
+ 2004-04-10 03:18 . 2003-06-19 19:05 41744 c:\winnt\system32\dllcache\sti.dll
+ 2009-10-22 01:47 . 1999-10-13 20:21 16400 c:\winnt\system32\dllcache\stcusb.sys
+ 2004-04-10 03:18 . 2003-06-19 19:05 43792 c:\winnt\system32\dllcache\sspifilt.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 41232 c:\winnt\system32\dllcache\ssinc.dll
- 2005-08-31 21:59 . 2005-04-08 11:54 86288 c:\winnt\system32\dllcache\srvsvc.dll
+ 2000-07-26 12:00 . 2005-04-08 11:54 86288 c:\winnt\system32\dllcache\srvsvc.dll
+ 2009-10-22 01:47 . 1999-12-01 04:39 25872 c:\winnt\system32\dllcache\srusd.dll
+ 2004-04-09 17:40 . 2005-07-12 04:59 47376 c:\winnt\system32\dllcache\spoolsv.exe
- 2005-07-12 04:59 . 2005-07-12 04:59 47376 c:\winnt\system32\dllcache\spoolsv.exe
+ 2004-04-09 17:40 . 2005-07-13 07:22 81168 c:\winnt\system32\dllcache\spoolss.dll
- 2005-07-13 07:22 . 2005-07-13 07:22 81168 c:\winnt\system32\dllcache\spoolss.dll
+ 2009-10-22 01:47 . 2003-06-19 19:05 10160 c:\winnt\system32\dllcache\spctramc.sys
+ 2009-10-22 01:47 . 1999-09-28 20:14 19376 c:\winnt\system32\dllcache\sparrow.sys
+ 2009-10-22 01:47 . 2003-06-19 19:05 12432 c:\winnt\system32\dllcache\sonymc.sys
+ 1999-09-25 10:36 . 2003-06-19 19:05 22064 c:\winnt\system32\dllcache\sonydcam.sys
+ 2004-04-10 03:18 . 2003-06-19 19:05 17680 c:\winnt\system32\dllcache\snmpapi.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 30480 c:\winnt\system32\dllcache\snmp.exe
+ 2009-10-22 01:46 . 2003-06-20 02:45 13584 c:\winnt\system32\dllcache\smtp_smtpctrs.dll
+ 2009-10-22 01:46 . 2003-06-20 02:45 11024 c:\winnt\system32\dllcache\smtp_smtpapi.dll
- 2004-04-09 22:48 . 2000-07-07 01:04 26896 c:\winnt\system32\dllcache\smtp_seos.dll
+ 2004-04-09 22:48 . 2003-06-20 02:45 26896 c:\winnt\system32\dllcache\smtp_seos.dll
+ 2009-10-22 01:46 . 2003-06-20 02:45 77584 c:\winnt\system32\dllcache\smtp_scripto.dll
+ 2009-10-22 01:46 . 2003-06-20 02:45 11024 c:\winnt\system32\dllcache\smtp_rwnh.dll
+ 2004-04-09 22:48 . 2003-06-20 02:45 24336 c:\winnt\system32\dllcache\smtp_regtrace.exe
- 2004-04-09 22:48 . 2000-06-22 02:00 24336 c:\winnt\system32\dllcache\smtp_regtrace.exe
+ 2009-10-22 01:45 . 2003-06-20 02:45 38672 c:\winnt\system32\dllcache\smtp_ntfsdrv.dll
+ 2009-10-22 01:43 . 2003-06-20 02:45 67344 c:\winnt\system32\dllcache\smtp_mailmsg.dll
+ 2009-10-22 01:41 . 2003-06-20 02:45 44816 c:\winnt\system32\dllcache\smtp_fcachdll.dll
+ 2009-10-22 01:41 . 2003-06-20 02:44 15632 c:\winnt\system32\dllcache\smtp_dt_ctrl.dll
+ 2009-10-22 01:39 . 2003-06-20 02:44 45328 c:\winnt\system32\dllcache\smtp_aqadmin.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 45840 c:\winnt\system32\dllcache\smss.exe
+ 2004-04-10 03:18 . 2003-06-19 19:05 85776 c:\winnt\system32\dllcache\smlogsvc.exe
+ 2009-10-22 01:46 . 1999-09-25 00:17 21008 c:\winnt\system32\dllcache\smcpwr2n.sys
+ 2009-10-22 01:46 . 1999-09-25 00:18 36112 c:\winnt\system32\dllcache\smcirda.sys
+ 2009-10-22 01:46 . 1999-09-25 00:17 23824 c:\winnt\system32\dllcache\smc8000n.sys
+ 2009-10-22 01:46 . 2003-06-19 19:05 27376 c:\winnt\system32\dllcache\smbbatt.sys
+ 2009-10-22 01:39 . 1999-12-01 04:39 28432 c:\winnt\system32\dllcache\sma032.dll
+ 2009-10-22 01:39 . 1999-12-01 04:39 25872 c:\winnt\system32\dllcache\sm9132.dll
+ 2009-10-22 01:39 . 1999-12-01 04:39 23824 c:\winnt\system32\dllcache\sm9032.dll
+ 2009-10-22 01:38 . 1999-12-01 04:39 23824 c:\winnt\system32\dllcache\sm8d32.dll
+ 2009-10-22 01:38 . 1999-12-01 04:39 23824 c:\winnt\system32\dllcache\sm8a32.dll
+ 2009-10-22 01:38 . 1999-12-01 04:39 23824 c:\winnt\system32\dllcache\sm8932.dll
+ 2009-10-22 01:38 . 1999-12-01 04:39 32016 c:\winnt\system32\dllcache\sm8732.dll
+ 2009-10-22 01:38 . 1999-12-01 04:39 32528 c:\winnt\system32\dllcache\sm8132.dll
+ 2009-10-22 01:38 . 1999-12-01 04:39 24848 c:\winnt\system32\dllcache\sm5932.dll
+ 2009-10-22 01:46 . 1999-12-01 04:39 19728 c:\winnt\system32\dllcache\slpp.dll
+ 2009-10-22 01:46 . 1999-08-10 20:59 52736 c:\winnt\system32\dllcache\slant.sys
+ 2004-04-10 03:18 . 2003-06-19 19:05 45840 c:\winnt\system32\dllcache\skeys.exe
+ 2009-10-22 01:46 . 1999-11-07 20:40 91920 c:\winnt\system32\dllcache\sk98win.sys
+ 2009-10-22 01:39 . 1999-09-28 01:02 49904 c:\winnt\system32\dllcache\sisv.sys
+ 2004-04-10 03:18 . 2003-06-19 19:05 15120 c:\winnt\system32\dllcache\sisbkup.dll
+ 2009-10-22 01:39 . 1999-09-28 01:02 71280 c:\winnt\system32\dllcache\sis6306p.sys
+ 2009-10-22 01:46 . 1999-10-29 20:28 52272 c:\winnt\system32\dllcache\sis300p.sys
+ 2004-04-10 03:18 . 2003-06-19 19:05 33552 c:\winnt\system32\dllcache\shmgrate.exe
+ 2004-04-10 03:18 . 2003-06-19 19:05 69392 c:\winnt\system32\dllcache\shim.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 11536 c:\winnt\system32\dllcache\shcmn.dll
+ 2009-10-22 01:46 . 1999-10-29 20:25 97808 c:\winnt\system32\dllcache\sgiulnt5.sys
+ 2000-07-26 12:00 . 2003-06-19 19:05 10384 c:\winnt\system32\dllcache\sfloppy.sys
+ 2004-04-10 03:18 . 2003-06-19 19:05 95024 c:\winnt\system32\dllcache\sfc.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 99600 c:\winnt\system32\dllcache\setupqry.dll
+ 2000-07-26 12:00 . 2005-04-08 11:51 92944 c:\winnt\system32\dllcache\services.exe
- 2005-04-08 11:51 . 2005-04-08 11:51 92944 c:\winnt\system32\dllcache\services.exe
+ 2004-04-10 03:18 . 2003-06-19 19:05 65601 c:\winnt\system32\dllcache\servdeps.dll
+ 2009-10-22 01:46 . 1999-09-25 15:34 17136 c:\winnt\system32\dllcache\sermouse.sys
+ 2000-07-26 12:00 . 2003-06-19 19:05 62736 c:\winnt\system32\dllcache\serial.sys
+ 2000-07-26 12:00 . 2003-06-19 19:05 14160 c:\winnt\system32\dllcache\serenum.sys
+ 2004-04-10 03:17 . 2003-06-19 19:05 38160 c:\winnt\system32\dllcache\sens.dll
- 2004-04-30 03:23 . 2005-04-08 11:54 17680 c:\winnt\system32\dllcache\seclogon.dll
+ 2005-04-08 11:54 . 2005-04-08 11:54 17680 c:\winnt\system32\dllcache\seclogon.dll
+ 2004-04-10 03:17 . 2003-06-19 19:05 17168 c:\winnt\system32\dllcache\secedit.exe
+ 2009-10-22 01:46 . 1999-09-25 15:36 10576 c:\winnt\system32\dllcache\scsiscan.sys
+ 2009-10-22 01:46 . 2003-06-19 19:05 11632 c:\winnt\system32\dllcache\scsiprnt.sys
+ 2000-07-26 12:00 . 2005-07-14 12:24 74384 c:\winnt\system32\dllcache\scsiport.sys
- 2005-07-14 12:24 . 2005-07-14 12:24 74384 c:\winnt\system32\dllcache\scsiport.sys
+ 2004-04-10 03:17 . 2003-06-19 19:05 77584 c:\winnt\system32\dllcache\scripto.dll
+ 2009-10-22 01:46 . 1999-09-25 15:36 16976 c:\winnt\system32\dllcache\scmstcs.sys
+ 2004-04-10 03:17 . 2003-06-19 19:05 20752 c:\winnt\system32\dllcache\sclgntfy.dll
+ 2009-10-22 01:46 . 2003-06-19 19:05 35760 c:\winnt\system32\dllcache\sbp2port.sys
+ 2000-07-26 12:00 . 2003-06-19 19:05 67856 c:\winnt\system32\dllcache\savedump.exe
- 2004-04-30 03:23 . 2005-04-08 11:54 51984 c:\winnt\system32\dllcache\samlib.dll
+ 2000-07-26 12:00 . 2005-04-08 11:54 51984 c:\winnt\system32\dllcache\samlib.dll
+ 2009-10-22 01:46 . 1999-09-25 00:17 16048 c:\winnt\system32\dllcache\s53c885.sys
+ 2009-10-22 01:46 . 1999-10-25 20:35 65072 c:\winnt\system32\dllcache\s3sav4m.sys
+ 2009-10-22 01:46 . 1999-09-30 22:13 62960 c:\winnt\system32\dllcache\s3sav3dm.sys
+ 2009-10-22 01:46 . 1999-12-07 21:43 61968 c:\winnt\system32\dllcache\s3mtrio.dll
+ 2009-10-22 01:46 . 1999-10-29 18:11 41008 c:\winnt\system32\dllcache\s3mt3d.sys
+ 2009-10-22 01:46 . 1999-09-25 15:37 65456 c:\winnt\system32\dllcache\s3legacy.sys
+ 2009-10-22 01:46 . 1999-12-07 21:43 64624 c:\winnt\system32\dllcache\s3legacy.dll
+ 2004-04-10 03:17 . 2003-06-19 19:05 10000 c:\winnt\system32\dllcache\runas.exe
+ 2004-04-10 03:17 . 2003-06-19 19:05 97040 c:\winnt\system32\dllcache\rtm.dll
+ 2009-10-22 01:38 . 1999-09-25 00:17 18704 c:\winnt\system32\dllcache\rtl8139.sys
+ 2009-10-22 01:38 . 1999-09-25 00:17 18704 c:\winnt\system32\dllcache\rtl8029.sys
+ 2004-04-10 03:17 . 2003-06-19 19:05 77072 c:\winnt\system32\dllcache\rsvpsp.dll
+ 2004-04-10 03:17 . 2003-06-19 19:05 44816 c:\winnt\system32\dllcache\rsm.exe
+ 2000-07-26 12:00 . 2003-06-19 19:05 35088 c:\winnt\system32\dllcache\rshx32.dll
+ 2004-04-10 03:17 . 2003-06-19 19:05 14096 c:\winnt\system32\dllcache\rsh.exe
+ 2004-04-10 03:17 . 2003-06-19 19:05 25360 c:\winnt\system32\dllcache\rsfsaps.dll
- 2004-03-11 18:29 . 2004-03-11 18:29 16656 c:\winnt\system32\dllcache\rpcproxy.dll
+ 2004-03-11 18:29 . 2003-06-19 19:05 16656 c:\winnt\system32\dllcache\rpcproxy.dll
+ 2004-04-10 03:17 . 2003-06-19 19:05 24336 c:\winnt\system32\dllcache\rpcns4.dll
+ 2004-04-10 03:17 . 2003-06-19 19:05 22800 c:\winnt\system32\dllcache\routeext.dll
+ 2009-10-22 01:46 . 1999-09-25 00:17 71216 c:\winnt\system32\dllcache\rocket.sys
+ 2009-10-22 01:46 . 1997-07-11 06:39 36480 c:\winnt\system32\dllcache\rnsfnet.sys
+ 2004-04-10 03:17 . 2003-06-19 19:05 36624 c:\winnt\system32\dllcache\rnr20.dll
+ 2009-10-22 01:38 . 1999-09-25 15:36 13680 c:\winnt\system32\dllcache\rnbo3531.sys
+ 2009-10-22 01:46 . 1999-09-25 00:17 37808 c:\winnt\system32\dllcache\rlnet5.sys
+ 2004-04-10 03:17 . 2003-06-19 19:05 40720 c:\winnt\system32\dllcache\resutils.dll
+ 2004-04-10 03:17 . 2003-06-19 19:05 11024 c:\winnt\system32\dllcache\regsvr32.exe
+ 2004-04-10 03:17 . 2003-06-19 19:05 68368 c:\winnt\system32\dllcache\regsvc.exe
+ 2004-04-10 03:17 . 2003-06-19 19:05 73488 c:\winnt\system32\dllcache\regedit.exe
+ 2004-04-10 03:17 . 2003-06-19 19:05 36112 c:\winnt\system32\dllcache\regapi.dll
+ 2009-10-22 01:46 . 1999-12-01 04:39 12560 c:\winnt\system32\dllcache\reg32.dll
+ 2004-04-09 17:41 . 2003-06-19 19:05 35344 c:\winnt\system32\dllcache\redbook.sys
+ 1999-10-26 15:18 . 2000-07-26 12:00 21712 c:\winnt\system32\dllcache\rca.sys
+ 2000-07-26 12:00 . 2003-05-01 22:39 54032 c:\winnt\system32\dllcache\rastapi.dll
- 2003-05-01 22:39 . 2003-05-01 22:39 54032 c:\winnt\system32\dllcache\rastapi.dll
+ 2004-04-10 03:17 . 2005-01-12 19:39 63248 c:\winnt\system32\dllcache\rasscrpt.dll
- 2005-01-12 19:39 . 2005-01-12 19:39 63248 c:\winnt\system32\dllcache\rasscrpt.dll
+ 2004-04-10 03:17 . 2003-06-19 19:05 14608 c:\winnt\system32\dllcache\rassapi.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 48464 c:\winnt\system32\dllcache\raspptp.sys
- 2003-05-01 22:39 . 2005-04-08 11:54 58128 c:\winnt\system32\dllcache\rasman.dll
+ 2000-07-26 12:00 . 2005-04-08 11:54 58128 c:\winnt\system32\dllcache\rasman.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 52112 c:\winnt\system32\dllcache\rasl2tp.sys
+ 2000-07-26 12:00 . 2003-06-19 19:05 19920 c:\winnt\system32\dllcache\rasirda.sys
+ 2004-04-10 03:17 . 2003-06-19 19:05 60688 c:\winnt\system32\dllcache\raschap.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 77584 c:\winnt\system32\dllcache\rasauto.dll
+ 2004-04-10 03:17 . 2003-06-19 19:05 25360 c:\winnt\system32\dllcache\rapilib.dll
+ 2009-10-22 01:46 . 1999-12-01 04:39 20240 c:\winnt\system32\dllcache\qvusd.dll
+ 2009-10-22 01:46 . 1999-09-25 15:36 28592 c:\winnt\system32\dllcache\qv.sys
+ 2009-10-22 01:46 . 1999-12-07 21:43 41776 c:\winnt\system32\dllcache\qv.dll
+ 2009-10-22 01:46 . 2003-06-19 19:05 10768 c:\winnt\system32\dllcache\qlstrmc.sys
+ 2009-10-22 01:46 . 1999-09-25 16:11 64400 c:\winnt\system32\dllcache\ql2100.sys
+ 2009-10-22 01:46 . 1999-09-25 16:11 40592 c:\winnt\system32\dllcache\ql1240.sys
+ 2009-10-22 01:46 . 1999-09-25 16:11 33488 c:\winnt\system32\dllcache\ql10wnt.sys
+ 2009-10-22 01:46 . 1999-09-25 16:11 40464 c:\winnt\system32\dllcache\ql1080.sys
+ 2004-04-10 03:17 . 2003-06-19 19:05 32016 c:\winnt\system32\dllcache\pwstray.exe
+ 2000-07-26 12:00 . 2003-06-19 19:05 17680 c:\winnt\system32\dllcache\ptilink.sys
+ 2009-10-22 01:46 . 1999-09-25 15:36 16240 c:\winnt\system32\dllcache\pscr.sys
+ 2000-07-26 12:00 . 2003-06-19 19:05 60496 c:\winnt\system32\dllcache\psched.sys
+ 2009-10-22 01:46 . 2003-06-19 19:05 16048 c:\winnt\system32\dllcache\ppa3.sys
+ 2009-10-22 01:46 . 2003-06-19 19:05 17520 c:\winnt\system32\dllcache\ppa.sys
+ 2004-04-10 03:17 . 2003-06-19 19:05 13584 c:\winnt\system32\dllcache\powrprof.dll
+ 2009-02-19 23:33 . 2009-06-26 17:51 34816 c:\winnt\system32\dllcache\pngfilt.dll
- 2002-08-29 12:14 . 2009-06-26 17:51 34816 c:\winnt\system32\dllcache\PNGFILT.DLL
+ 2009-10-22 01:45 . 2003-06-19 19:05 11120 c:\winnt\system32\dllcache\plasmc.sys
+ 2004-04-11 01:52 . 1999-12-01 04:39 13072 c:\winnt\system32\dllcache\pjlmon.dll
+ 2009-10-22 01:45 . 1999-11-03 22:22 77072 c:\winnt\system32\dllcache\philcam1.sys
+ 2009-10-22 01:45 . 1999-12-01 04:39 40720 c:\winnt\system32\dllcache\philcam1.dll
+ 2009-10-22 01:45 . 1999-10-29 17:23 26576 c:\winnt\system32\dllcache\perm2.sys
+ 2004-04-10 03:17 . 2003-06-19 19:05 29456 c:\winnt\system32\dllcache\perfproc.dll
+ 2004-04-10 03:17 . 2003-06-19 19:05 24848 c:\winnt\system32\dllcache\perfdisk.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 42256 c:\winnt\system32\dllcache\perfctrs.dll
+ 2009-10-22 01:45 . 1999-10-04 18:53 35088 c:\winnt\system32\dllcache\pcx500.sys
+ 2009-10-22 01:45 . 1999-11-03 22:29 29968 c:\winnt\system32\dllcache\pcntn5m.sys
+ 2009-10-22 01:45 . 1999-09-25 00:16 28944 c:\winnt\system32\dllcache\pcntn5hl.sys
+ 2009-10-22 01:45 . 1999-09-25 00:17 54224 c:\winnt\system32\dllcache\pcimac.sys
+ 2000-07-26 12:00 . 2003-06-19 19:05 22064 c:\winnt\system32\dllcache\pciidex.sys
+ 2000-07-26 12:00 . 2003-06-19 19:05 59312 c:\winnt\system32\dllcache\pci.sys
+ 2009-10-22 01:38 . 1999-09-25 00:17 30064 c:\winnt\system32\dllcache\pca200e.sys
+ 2009-10-22 01:45 . 1999-09-25 00:17 24016 c:\winnt\system32\dllcache\pc100nds.sys
+ 2000-07-26 12:00 . 2003-06-19 19:05 11792 c:\winnt\system32\dllcache\partmgr.sys
+ 2000-07-21 12:05 . 2003-06-19 19:05 25104 c:\winnt\system32\dllcache\parport.sys
+ 2000-07-21 12:05 . 2003-06-19 19:05 60208 c:\winnt\system32\dllcache\parallel.sys
+ 2004-04-10 03:17 . 2003-06-19 19:05 35088 c:\winnt\system32\dllcache\pagecnt.dll
+ 2004-04-10 03:17 . 2003-06-19 19:05 53008 c:\winnt\system32\dllcache\packager.exe
+ 2009-10-22 01:45 . 1999-12-01 04:39 56592 c:\winnt\system32\dllcache\p6xx_32.dll
+ 2009-10-22 01:38 . 1999-09-25 00:17 43792 c:\winnt\system32\dllcache\otceth5.sys
+ 2009-10-22 01:45 . 1999-11-02 22:27 54960 c:\winnt\system32\dllcache\opl3sax.sys
+ 2009-10-22 01:45 . 2003-06-19 19:05 24784 c:\winnt\system32\dllcache\openhci.sys
+ 2004-04-10 03:17 . 2003-06-19 19:05 70928 c:\winnt\system32\dllcache\olethk32.dll
+ 2004-04-10 03:17 . 2003-06-19 19:05 24848 c:\winnt\system32\dllcache\oledb32x.dll
- 2005-01-13 23:27 . 2005-09-05 08:18 36624 c:\winnt\system32\dllcache\olecnv32.dll
+ 2000-07-26 12:00 . 2005-09-05 08:18 36624 c:\winnt\system32\dllcache\olecnv32.dll
+ 2005-09-05 08:18 . 2005-09-05 08:18 69392 c:\winnt\system32\dllcache\olecli32.dll
- 2005-01-13 23:27 . 2005-09-05 08:18 69392 c:\winnt\system32\dllcache\olecli32.dll
+ 2009-10-22 01:45 . 2003-06-19 19:05 37680 c:\winnt\system32\dllcache\ohci1394.sys
+ 2004-04-10 03:17 . 2003-06-19 19:05 20752 c:\winnt\system32\dllcache\odtext32.dll
+ 2004-04-10 03:17 . 2003-06-19 19:05 20752 c:\winnt\system32\dllcache\odpdx32.dll
+ 2004-04-10 03:17 . 2003-06-19 19:05 20752 c:\winnt\system32\dllcache\odfox32.dll
+ 2004-04-10 03:17 . 2003-06-19 19:05 20752 c:\winnt\system32\dllcache\odexl32.dll
+ 2004-04-10 03:17 . 2003-06-19 19:05 20752 c:\winnt\system32\dllcache\oddbse32.dll
+ 2004-04-10 03:17 . 2003-06-19 19:05 53520 c:\winnt\system32\dllcache\odbcji32.dll
+ 2009-10-22 01:45 . 1999-09-25 00:17 65808 c:\winnt\system32\dllcache\oct4pnd5.sys
+ 2004-04-10 03:17 . 2003-06-19 19:05 57104 c:\winnt\system32\dllcache\ocmanage.dll
+ 2009-10-22 01:45 . 1999-10-17 17:12 57936 c:\winnt\system32\dllcache\oce5xnd5.sys
+ 2009-10-22 01:45 . 1999-09-30 20:02 31984 c:\winnt\system32\dllcache\oce4xnd5.sys
+ 2009-10-22 01:45 . 1999-09-25 00:17 23824 c:\winnt\system32\dllcache\oce3xnd5.sys
+ 2009-10-22 01:45 . 1999-09-25 00:17 35600 c:\winnt\system32\dllcache\oce2xnd5.sys
+ 2009-10-22 01:45 . 1999-10-27 20:18 41648 c:\winnt\system32\dllcache\oca2pnd5.sys
+ 2009-10-22 01:45 . 1999-10-27 20:17 38960 c:\winnt\system32\dllcache\oca1pnd5.sys
+ 2000-07-26 12:00 . 2005-08-22 09:20 61200 c:\winnt\system32\dllcache\nwwks.dll
- 2005-08-22 09:20 . 2005-08-22 09:20 61200 c:\winnt\system32\dllcache\nwwks.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 65520 c:\winnt\system32\dllcache\nwlnknb.sys
+ 2000-07-26 12:00 . 2003-06-19 19:05 91408 c:\winnt\system32\dllcache\nwlnkipx.sys
+ 2009-10-22 01:45 . 1999-10-01 02:28 26480 c:\winnt\system32\dllcache\ntxem.sys
+ 2009-10-22 01:45 . 1999-10-01 02:28 28240 c:\winnt\system32\dllcache\ntxall.sys
+ 2004-04-10 03:16 . 2003-06-19 19:05 85776 c:\winnt\system32\dllcache\ntsdexts.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 66320 c:\winnt\system32\dllcache\ntprint.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 46352 c:\winnt\system32\dllcache\ntoc.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 53520 c:\winnt\system32\dllcache\ntmsapi.dll
+ 2000-07-26 12:00 . 2005-04-08 11:54 37648 c:\winnt\system32\dllcache\ntlanman.dll
- 2005-02-06 23:06 . 2005-04-08 11:54 37648 c:\winnt\system32\dllcache\ntlanman.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 34544 c:\winnt\system32\dllcache\ntio804.sys
- 2005-02-06 23:06 . 2003-06-19 20:05 34544 c:\winnt\system32\dllcache\ntio804.sys
- 2005-02-06 23:06 . 2003-06-19 20:05 35408 c:\winnt\system32\dllcache\ntio412.sys
+ 2004-04-10 03:16 . 2003-06-19 19:05 35408 c:\winnt\system32\dllcache\ntio412.sys
+ 2004-04-10 03:16 . 2003-06-19 19:05 35648 c:\winnt\system32\dllcache\ntio411.sys
- 2005-02-06 23:06 . 2003-06-19 20:05 35648 c:\winnt\system32\dllcache\ntio411.sys
+ 2004-04-10 03:16 . 2003-06-19 19:05 34544 c:\winnt\system32\dllcache\ntio404.sys
- 2005-02-06 23:06 . 2003-06-19 20:05 34544 c:\winnt\system32\dllcache\ntio404.sys
- 2005-02-06 23:06 . 2003-06-19 20:05 33824 c:\winnt\system32\dllcache\NTIO.SYS
+ 2004-04-10 03:16 . 2003-06-19 19:05 33824 c:\winnt\system32\dllcache\ntio.sys
+ 2009-10-22 01:45 . 1999-10-01 02:28 28816 c:\winnt\system32\dllcache\ntepc.sys
+ 2004-04-10 03:16 . 2003-06-19 19:05 79632 c:\winnt\system32\dllcache\ntdskcc.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 67344 c:\winnt\system32\dllcache\ntdsetup.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 29968 c:\winnt\system32\dllcache\ntdsbsrv.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 28432 c:\winnt\system32\dllcache\ntdsbcli.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 32016 c:\winnt\system32\dllcache\ntdsatq.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 57616 c:\winnt\system32\dllcache\ntdsapi.dll
+ 2009-10-22 01:45 . 1999-11-05 18:40 28272 c:\winnt\system32\dllcache\ntcx.sys
+ 2009-10-22 01:45 . 2003-06-19 19:05 10256 c:\winnt\system32\dllcache\nsmmc.sys
+ 2000-07-26 12:00 . 2003-06-19 19:05 88336 c:\winnt\system32\dllcache\nslookup.exe
+ 2004-04-10 03:16 . 2003-06-19 19:05 44304 c:\winnt\system32\dllcache\nsepm.dll
+ 2009-10-22 01:45 . 1999-09-30 20:26 35600 c:\winnt\system32\dllcache\nscirda.sys
+ 2000-07-26 12:00 . 2003-06-19 19:05 37552 c:\winnt\system32\dllcache\nmnt.sys
+ 2009-10-22 01:45 . 1999-09-25 15:35 84784 c:\winnt\system32\dllcache\nm6wdm.sys
+ 2004-04-10 03:16 . 2003-06-19 19:05 89600 c:\winnt\system32\dllcache\nlhtml.dll
+ 2009-10-22 01:38 . 1999-09-25 00:17 30992 c:\winnt\system32\dllcache\ngrpci.sys
+ 2004-04-10 03:16 . 2003-06-19 19:05 55056 c:\winnt\system32\dllcache\nextlink.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 71952 c:\winnt\system32\dllcache\netui0.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 26896 c:\winnt\system32\dllcache\netstat.exe
+ 2004-04-10 03:16 . 2003-06-19 19:05 78096 c:\winnt\system32\dllcache\netoc.dll
+ 2009-10-22 01:38 . 1999-10-18 19:37 91216 c:\winnt\system32\dllcache\netflx3.sys
+ 2009-10-22 01:45 . 1999-09-30 20:25 26832 c:\winnt\system32\dllcache\netflx.sys
+ 2009-10-22 01:45 . 1999-10-18 19:39 39888 c:\winnt\system32\dllcache\neo20xx.sys
+ 2009-10-22 01:45 . 1999-12-07 21:43 60944 c:\winnt\system32\dllcache\neo20xx.dll
+ 2009-10-22 01:45 . 1999-09-30 20:25 16016 c:\winnt\system32\dllcache\ne2000.sys
+ 2000-07-26 12:00 . 2003-06-19 19:05 93360 c:\winnt\system32\dllcache\ndiswan.sys
+ 2004-04-10 03:16 . 2003-06-19 19:05 11984 c:\winnt\system32\dllcache\ndisuio.sys
+ 2000-07-26 12:00 . 2005-01-12 19:39 17168 c:\winnt\system32\dllcache\nddenb32.dll
- 2005-02-06 23:07 . 2005-01-12 19:39 17168 c:\winnt\system32\dllcache\nddenb32.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 16144 c:\winnt\system32\dllcache\nddeapi.dll
+ 2009-10-22 01:45 . 1999-09-25 16:11 11344 c:\winnt\system32\dllcache\ncrc710.sys
+ 2000-07-26 12:00 . 2003-06-19 19:05 20752 c:\winnt\system32\dllcache\nbtstat.exe
+ 2004-04-10 03:16 . 2003-06-19 19:05 24848 c:\winnt\system32\dllcache\narrator.exe
+ 2009-10-22 01:45 . 1999-09-25 15:37 28240 c:\winnt\system32\dllcache\n9i3d.sys
+ 2009-10-22 01:45 . 1999-09-25 15:37 33392 c:\winnt\system32\dllcache\n9i128v2.sys
+ 2009-10-22 01:45 . 1999-09-25 15:37 13936 c:\winnt\system32\dllcache\n9i128.sys
+ 2009-10-22 01:45 . 1999-12-07 21:43 35760 c:\winnt\system32\dllcache\n9i128.dll
+ 2009-10-22 01:45 . 1999-10-27 19:48 87824 c:\winnt\system32\dllcache\n100nt5.sys
+ 2009-10-22 01:45 . 1999-10-12 20:35 34576 c:\winnt\system32\dllcache\n1000nt5.sys
+ 2004-04-10 03:16 . 2003-06-19 19:05 26384 c:\winnt\system32\dllcache\myinfo.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 57104 c:\winnt\system32\dllcache\mydocs.dll
+ 2009-10-22 01:45 . 1999-11-01 21:49 20112 c:\winnt\system32\dllcache\mxnic.sys
+ 2000-07-26 12:00 . 2004-12-02 13:07 89328 c:\winnt\system32\dllcache\mup.sys
- 2004-12-02 13:07 . 2004-12-02 13:07 89328 c:\winnt\system32\dllcache\mup.sys
+ 2006-04-23 08:01 . 2008-06-25 12:33 52496 c:\winnt\system32\dllcache\mtxclu.dll
- 2004-04-30 03:23 . 2008-06-25 12:33 52496 c:\winnt\system32\dllcache\mtxclu.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 26624 c:\winnt\system32\dllcache\msxmlr.dll
+ 2004-09-20 01:25 . 2002-08-11 18:27 44032 c:\winnt\system32\dllcache\msxml3r.dll
- 2005-10-06 18:18 . 2002-08-11 18:27 44032 c:\winnt\system32\dllcache\msxml3r.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 76560 c:\winnt\system32\dllcache\msw3prt.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 39696 c:\winnt\system32\dllcache\mst123.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 14608 c:\winnt\system32\dllcache\msswch.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 35088 c:\winnt\system32\dllcache\mssign32.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 11024 c:\winnt\system32\dllcache\msrle32.dll
+ 2009-10-22 01:38 . 1999-09-25 15:36 12208 c:\winnt\system32\dllcache\msriffwv.sys
+ 2004-04-10 03:16 . 2003-06-19 19:05 47104 c:\winnt\system32\dllcache\msprivs.dll
+ 2004-04-10 03:15 . 2003-06-19 19:05 27136 c:\winnt\system32\dllcache\mspatcha.dll
+ 2009-10-22 01:38 . 1999-12-01 04:39 24848 c:\winnt\system32\dllcache\msmgr32.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 20208 c:\winnt\system32\dllcache\msircomm.sys
+ 2004-04-10 03:15 . 2003-06-19 19:05 16144 c:\winnt\system32\dllcache\msinfo32.exe
+ 2004-04-10 03:15 . 2005-05-04 19:45 78848 c:\winnt\system32\dllcache\msiexec.exe
- 2003-10-02 19:17 . 2005-04-08 11:54 35600 c:\winnt\system32\dllcache\msgsvc.dll
+ 2000-07-26 12:00 . 2005-04-08 11:54 35600 c:\winnt\system32\dllcache\msgsvc.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 34704 c:\winnt\system32\dllcache\msgpc.sys
+ 2004-04-10 03:15 . 2003-06-19 19:05 78096 c:\winnt\system32\dllcache\msdatl2.dll
+ 2004-04-10 03:15 . 2003-06-19 19:05 24848 c:\winnt\system32\dllcache\msdart32.dll
- 2003-09-19 17:05 . 2005-04-08 11:54 56592 c:\winnt\system32\dllcache\msasn1.dll
+ 2000-07-26 12:00 . 2005-04-08 11:54 56592 c:\winnt\system32\dllcache\msasn1.dll
- 2007-10-17 07:22 . 2007-10-17 07:22 23824 c:\winnt\system32\dllcache\mqupgrd.dll
+ 2007-10-17 07:22 . 2003-06-19 19:05 23824 c:\winnt\system32\dllcache\mqupgrd.dll
+ 2007-10-16 13:51 . 2003-06-19 19:05 14096 c:\winnt\system32\dllcache\mqsvc.exe
- 2007-10-16 13:51 . 2007-10-16 13:51 14096 c:\winnt\system32\dllcache\mqsvc.exe
+ 2007-10-17 07:22 . 2003-06-19 19:05 70928 c:\winnt\system32\dllcache\mqsec.dll
- 2007-10-17 07:22 . 2007-10-17 07:22 70928 c:\winnt\system32\dllcache\mqsec.dll
+ 2007-10-16 13:51 . 2003-06-19 19:05 98064 c:\winnt\system32\dllcache\mqmig.exe
- 2007-10-16 13:51 . 2007-10-16 13:51 98064 c:\winnt\system32\dllcache\mqmig.exe
+ 2007-10-17 07:22 . 2000-07-26 12:00 87312 c:\winnt\system32\dllcache\mqlogmgr.dll
- 2007-10-17 07:22 . 2007-10-17 07:22 42256 c:\winnt\system32\dllcache\mqdssrv.dll
+ 2007-10-17 07:22 . 2003-06-19 19:05 42256 c:\winnt\system32\dllcache\mqdssrv.dll
+ 2007-10-17 07:22 . 2003-06-19 19:05 76560 c:\winnt\system32\dllcache\mqdscli.dll
+ 2007-10-17 07:22 . 2003-06-19 19:05 29968 c:\winnt\system32\dllcache\mqdbodbc.dll
- 2007-10-17 07:22 . 2007-10-17 07:22 29968 c:\winnt\system32\dllcache\mqdbodbc.dll
+ 2007-10-17 07:22 . 2003-06-19 19:05 29456 c:\winnt\system32\dllcache\mqcertui.dll
- 2007-10-17 07:22 . 2007-10-17 07:22 29456 c:\winnt\system32\dllcache\mqcertui.dll
+ 2007-10-16 13:51 . 2003-06-19 19:05 25360 c:\winnt\system32\dllcache\mqbkup.exe
- 2007-10-16 13:51 . 2007-10-16 13:51 25360 c:\winnt\system32\dllcache\mqbkup.exe
+ 2004-10-24 13:10 . 2003-06-19 19:05 75536 c:\winnt\system32\dllcache\mqac.sys
- 2007-10-16 13:51 . 2007-10-16 13:51 14096 c:\winnt\system32\dllcache\mq1sync.exe
+ 2007-10-16 13:51 . 2003-06-19 19:05 14096 c:\winnt\system32\dllcache\mq1sync.exe
+ 2004-04-10 03:14 . 2003-06-19 19:05 56080 c:\winnt\system32\dllcache\mprui.dll
+ 2004-04-10 03:14 . 2003-06-19 19:05 47376 c:\winnt\system32\dllcache\mprdim.dll
+ 2004-04-10 03:14 . 2003-06-19 19:05 69904 c:\winnt\system32\dllcache\mprddm.dll
- 2004-04-30 03:23 . 2005-08-16 08:40 30160 c:\winnt\system32\dllcache\mountmgr.sys
+ 2000-07-26 12:00 . 2005-08-16 08:40 30160 c:\winnt\system32\dllcache\mountmgr.sys
+ 1999-10-01 15:33 . 2003-06-19 19:05 21776 c:\winnt\system32\dllcache\mouclass.sys
+ 2004-04-10 03:13 . 2003-06-19 19:05 28743 c:\winnt\system32\dllcache\mofcomp.exe
+ 2004-04-10 03:13 . 2003-06-19 19:05 99088 c:\winnt\system32\dllcache\modemui.dll
+ 2009-10-22 01:38 . 1999-09-25 15:34 16144 c:\winnt\system32\dllcache\modemcsa.sys
+ 2000-07-26 12:00 . 2003-06-19 19:05 29168 c:\winnt\system32\dllcache\modem.sys
+ 2009-10-22 01:38 . 1999-12-01 04:39 23824 c:\winnt\system32\dllcache\miscan32.dll
+ 2004-04-10 03:13 . 2003-06-19 19:05 19728 c:\winnt\system32\dllcache\mimefilt.dll
+ 2009-10-22 01:43 . 1999-12-01 04:39 41984 c:\winnt\system32\dllcache\mgwanpp.dll
+ 2009-10-22 01:43 . 1999-09-25 00:17 67504 c:\winnt\system32\dllcache\mgwan5.sys
+ 2009-10-22 01:43 . 1999-12-01 04:40 91408 c:\winnt\system32\dllcache\mgwan.exe
+ 2009-10-22 01:43 . 1999-09-25 00:18 33840 c:\winnt\system32\dllcache\mgsync5.sys
+ 2009-10-22 01:43 . 1999-12-01 04:39 21264 c:\winnt\system32\dllcache\mgslpp.dll
+ 2009-10-22 01:43 . 1999-09-25 00:17 40944 c:\winnt\system32\dllcache\mgsl5.sys
+ 2000-07-26 12:00 . 2003-06-19 19:05 14096 c:\winnt\system32\dllcache\mgmtapi.dll
+ 2009-10-22 01:43 . 1999-09-25 00:17 10000 c:\winnt\system32\dllcache\mgfrtrc5.sys
+ 2009-10-22 01:43 . 1999-12-01 04:39 63760 c:\winnt\system32\dllcache\mgfrpp.dll
+ 2009-10-22 01:43 . 1999-12-01 04:40 97040 c:\winnt\system32\dllcache\mgfrmon.exe
+ 2009-10-22 01:43 . 1999-10-01 02:29 53232 c:\winnt\system32\dllcache\mgfr5.sys
+ 2009-10-22 01:43 . 1999-09-25 15:37 92496 c:\winnt\system32\dllcache\mga.sys
+ 2009-10-22 01:43 . 1999-12-07 21:43 91824 c:\winnt\system32\dllcache\mga.dll
+ 2000-07-21 12:05 . 2003-06-19 19:05 57264 c:\winnt\system32\dllcache\mf.sys
+ 2004-04-10 03:13 . 2003-06-19 19:05 70416 c:\winnt\system32\dllcache\metadata.dll
+ 2004-04-10 03:13 . 2003-06-19 19:05 26896 c:\winnt\system32\dllcache\mdsync.dll
+ 2004-04-10 03:13 . 2003-06-19 19:05 76048 c:\winnt\system32\dllcache\mdhcp.dll
+ 2004-04-10 03:13 . 2003-06-19 19:05 33552 c:\winnt\system32\dllcache\md5filt.dll
+ 2004-04-10 03:13 . 2003-06-19 19:05 43792 c:\winnt\system32\dllcache\magnify.exe
+ 2009-10-22 01:43 . 1999-11-22 21:01 48368 c:\winnt\system32\dllcache\maestro.sys
+ 2009-10-22 01:43 . 1999-09-25 00:17 40720 c:\winnt\system32\dllcache\m32a5.sys
+ 2009-10-22 01:43 . 1999-09-25 00:17 25360 c:\winnt\system32\dllcache\m16b5.sys
+ 2009-10-22 01:43 . 1999-09-25 00:17 27408 c:\winnt\system32\dllcache\m16a5.sys
+ 2004-04-10 03:13 . 2003-06-19 19:05 10000 c:\winnt\system32\dllcache\lz32.dll
+ 2009-10-22 01:38 . 1999-10-22 19:51 19408 c:\winnt\system32\dllcache\lwusbhid.sys
+ 2009-10-22 01:38 . 1999-10-21 19:51 18576 c:\winnt\system32\dllcache\lwadihid.sys
+ 2009-10-22 01:38 . 1999-12-01 04:39 24848 c:\winnt\system32\dllcache\lvui32rc.dll
+ 2009-10-22 01:38 . 1999-12-01 04:39 15120 c:\winnt\system32\dllcache\lvui32.dll
+ 1999-09-25 10:36 . 2000-07-26 12:00 17424 c:\winnt\system32\dllcache\lvsound.sys
+ 1999-09-25 10:36 . 2000-07-26 12:00 79120 c:\winnt\system32\dllcache\lvcodek.sys
+ 2009-10-22 01:43 . 1999-12-01 04:39 99600 c:\winnt\system32\dllcache\lvcod32.dll
+ 1999-09-25 10:36 . 2000-07-26 12:00 88816 c:\winnt\system32\dllcache\lvcam.sys
+ 2009-10-22 01:43 . 1999-09-30 20:25 14992 c:\winnt\system32\dllcache\lt200.sys
+ 2009-10-22 01:43 . 1999-09-28 00:26 55120 c:\winnt\system32\dllcache\lsermous.sys
+ 2000-07-26 12:00 . 2004-12-19 22:30 33552 c:\winnt\system32\dllcache\lsass.exe
- 2004-04-30 03:23 . 2004-12-19 22:30 33552 c:\winnt\system32\dllcache\lsass.exe
+ 2004-04-10 03:13 . 2003-06-19 19:05 18192 c:\winnt\system32\dllcache\lprmon.dll
+ 2004-04-10 03:13 . 2003-06-19 19:05 20240 c:\winnt\system32\dllcache\lpk.dll
+ 2004-04-10 03:13 . 2003-06-19 19:05 21776 c:\winnt\system32\dllcache\lpdsvc.dll
+ 2009-10-22 01:43 . 2003-06-19 19:05 33328 c:\winnt\system32\dllcache\lp6nds35.sys
+ 2004-04-10 03:13 . 2003-06-19 19:05 12048 c:\winnt\system32\dllcache\lonsint.dll
+ 2004-04-10 03:13 . 2003-06-19 19:05 25360 c:\winnt\system32\dllcache\logscrpt.dll
+ 2004-04-10 03:13 . 2003-06-19 19:05 48400 c:\winnt\system32\dllcache\loghours.dll
+ 2004-04-10 03:13 . 2008-06-19 13:39 65055 c:\winnt\system32\dllcache\logagent.exe
+ 2004-04-10 03:13 . 2003-06-19 19:05 25872 c:\winnt\system32\dllcache\lodctr.exe
+ 2000-07-26 12:00 . 2003-06-19 19:05 72464 c:\winnt\system32\dllcache\locator.exe
+ 2004-04-10 03:13 . 2003-06-19 19:05 66320 c:\winnt\system32\dllcache\loadperf.dll
+ 2009-10-22 01:43 . 1999-09-25 00:17 30992 c:\winnt\system32\dllcache\lne100tx.sys
+ 2004-04-10 03:13 . 2003-06-19 19:05 29968 c:\winnt\system32\dllcache\lmmib2.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 10000 c:\winnt\system32\dllcache\lmhsvc.dll
+ 2009-10-22 01:38 . 1999-09-25 15:36 15952 c:\winnt\system32\dllcache\lit220p.sys
+ 2005-09-23 11:03 . 2005-09-23 11:03 17680 c:\winnt\system32\dllcache\linkinfo.dll
- 2004-09-02 19:03 . 2005-09-23 11:03 17680 c:\winnt\system32\dllcache\linkinfo.dll
+ 2009-10-22 01:43 . 1999-12-01 04:39 28944 c:\winnt\system32\dllcache\lgusbcmd.dll
+ 2009-10-22 01:43 . 1999-12-01 04:39 80144 c:\winnt\system32\dllcache\lgtw.dll
+ 2009-10-22 01:43 . 1999-12-01 04:39 53520 c:\winnt\system32\dllcache\lgpusbui.dll
+ 2009-10-22 01:38 . 1999-12-01 04:39 91408 c:\winnt\system32\dllcache\lgpusb.dll
+ 2009-10-22 01:43 . 1999-12-01 04:39 18192 c:\winnt\system32\dllcache\lgprgres.dll
+ 2009-10-22 01:38 . 1999-12-01 04:39 36624 c:\winnt\system32\dllcache\lgmntr.dll
+ 2009-10-22 01:38 . 1999-12-01 04:39 32528 c:\winnt\system32\dllcache\lginstsc.dll
+ 2009-10-22 01:43 . 1999-12-01 04:39 23824 c:\winnt\system32\dllcache\lgdpinnc.dll
+ 2009-10-22 01:38 . 1999-12-01 04:39 10000 c:\winnt\system32\dllcache\lgdeskew.dll
+ 2009-10-22 01:43 . 1999-12-01 04:39 30992 c:\winnt\system32\dllcache\lgdecomp.dll
+ 2009-10-22 01:43 . 1999-12-01 04:39 29968 c:\winnt\system32\dllcache\lgdclb.dll
+ 2009-10-22 01:43 . 1999-12-01 04:39 42256 c:\winnt\system32\dllcache\lgbclb.dll
+ 2009-10-22 01:43 . 1999-12-01 04:39 24848 c:\winnt\system32\dllcache\lgacrop.dll
+ 2009-10-22 01:43 . 1999-09-25 00:17 25360 c:\winnt\system32\dllcache\le56n5.sys
+ 2009-10-22 01:43 . 1999-09-29 23:25 33808 c:\winnt\system32\dllcache\lbrtfdc.sys
+ 2004-04-10 03:13 . 2003-06-19 19:05 26896 c:\winnt\system32\dllcache\laprxy.dll
+ 2009-10-22 01:43 . 1999-09-25 00:17 26640 c:\winnt\system32\dllcache\lanepic5.sys
+ 2000-07-26 12:00 . 2003-06-19 19:05 11024 c:\winnt\system32\dllcache\label.exe
- 2004-04-30 03:23 . 2003-09-21 00:32 71888 c:\winnt\system32\dllcache\ksecdd.sys
+ 2000-07-26 12:00 . 2003-09-21 00:32 71888 c:\winnt\system32\dllcache\ksecdd.sys
+ 2004-04-10 03:11 . 2003-06-19 19:05 92032 c:\winnt\system32\dllcache\krnl386.exe
- 2005-02-06 23:06 . 2003-06-19 20:05 92032 c:\winnt\system32\dllcache\KRNL386.EXE
+ 2009-10-22 01:43 . 1999-12-01 04:39 18192 c:\winnt\system32\dllcache\kousd.dll
+ 2004-04-10 03:13 . 2003-06-19 19:05 74512 c:\winnt\system32\dllcache\korwbrkr.dll
+ 2009-10-22 01:43 . 1999-12-01 04:39 20240 c:\winnt\system32\dllcache\kod2x0.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 42537 c:\winnt\system32\dllcache\keyboard.sys
+ 2004-04-10 03:11 . 2003-06-19 19:05 42809 c:\winnt\system32\dllcache\key01.sys
+ 2009-10-22 01:43 . 1999-12-01 04:39 17680 c:\winnt\system32\dllcache\kdusd.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 24528 c:\winnt\system32\dllcache\kbdclass.sys
+ 2009-10-22 01:38 . 1999-12-01 04:39 17168 c:\winnt\system32\dllcache\jupi32.dll
+ 2009-10-22 01:38 . 1999-09-25 00:17 35856 c:\winnt\system32\dllcache\jt1nd5.sys
+ 2004-04-10 03:11 . 2003-06-19 19:05 49936 c:\winnt\system32\dllcache\ixsso.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 46352 c:\winnt\system32\dllcache\ism.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 72464 c:\winnt\system32\dllcache\isign32.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 24848 c:\winnt\system32\dllcache\iscomlog.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 62736 c:\winnt\system32\dllcache\isatq.dll
+ 2009-10-22 01:42 . 1999-12-01 04:39 17168 c:\winnt\system32\dllcache\isaprop.dll
+ 2004-04-10 02:25 . 2003-06-19 19:05 46992 c:\winnt\system32\dllcache\isapnp.sys
+ 2000-07-26 12:00 . 2003-06-19 19:05 19952 c:\winnt\system32\dllcache\irsir.sys
+ 2004-04-10 03:11 . 2003-06-19 19:05 73488 c:\winnt\system32\dllcache\irmon.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 10288 c:\winnt\system32\dllcache\irenum.sys
+ 2004-04-10 03:11 . 2003-06-19 19:05 57296 c:\winnt\system32\dllcache\irda.sys
+ 2009-10-22 01:42 . 1999-09-25 16:11 14736 c:\winnt\system32\dllcache\ipsraidn.sys
+ 2003-04-21 16:19 . 2003-04-21 16:19 80848 c:\winnt\system32\dllcache\ipsec.sys
- 2004-08-11 22:42 . 2004-08-11 22:42 67344 c:\winnt\system32\dllcache\ipnat.sys
+ 2000-07-26 12:00 . 2004-08-11 22:42 67344 c:\winnt\system32\dllcache\ipnat.sys
+ 2009-10-22 01:42 . 1999-09-25 00:17 27408 c:\winnt\system32\dllcache\ipc08a5.sys
+ 2009-10-22 01:42 . 1999-10-19 19:28 46160 c:\winnt\system32\dllcache\ip5515.sys
+ 2009-10-22 01:42 . 1999-10-01 02:29 36592 c:\winnt\system32\dllcache\io8.sys
+ 2004-04-10 03:11 . 2003-06-19 19:05 82192 c:\winnt\system32\dllcache\instips5.dll
+ 2009-10-22 01:42 . 1999-09-25 15:34 12816 c:\winnt\system32\dllcache\inport.sys
+ 2009-10-22 01:42 . 1999-09-25 16:11 16208 c:\winnt\system32\dllcache\ini910u.sys
+ 2004-04-10 03:11 . 2003-06-19 19:05 13584 c:\winnt\system32\dllcache\infoadmn.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 20752 c:\winnt\system32\dllcache\inetsloc.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 66832 c:\winnt\system32\dllcache\inetpp.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 29456 c:\winnt\system32\dllcache\inetmib1.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 14608 c:\winnt\system32\dllcache\inetinfo.exe
+ 2004-04-10 03:11 . 2003-06-19 19:05 96528 c:\winnt\system32\dllcache\imm32.dll
+ 2004-04-10 03:12 . 2003-06-19 19:05 87344 c:\winnt\system32\dllcache\imeskdic.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 28432 c:\winnt\system32\dllcache\iisrstas.exe
+ 2004-04-10 03:11 . 2003-06-19 19:05 14608 c:\winnt\system32\dllcache\iisreset.exe
+ 2004-04-10 03:11 . 2003-06-19 19:05 57616 c:\winnt\system32\dllcache\iismap.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 77072 c:\winnt\system32\dllcache\iislog.dll
+ 2005-02-22 08:42 . 2003-06-19 19:05 56592 c:\winnt\system32\dllcache\iisext.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 20240 c:\winnt\system32\dllcache\iiscrmap.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 16144 c:\winnt\system32\dllcache\iisadmin.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 67344 c:\winnt\system32\dllcache\ifsutil.dll
+ 2002-08-29 12:14 . 2002-08-29 12:14 91136 c:\winnt\system32\dllcache\iexplore.exe
+ 2009-10-22 01:42 . 1999-10-22 19:54 32592 c:\winnt\system32\dllcache\ichaud.sys
+ 2009-10-22 01:38 . 1999-12-01 04:39 27408 c:\winnt\system32\dllcache\icam3ext.dll
+ 2009-10-22 01:42 . 1999-10-26 18:12 39184 c:\winnt\system32\dllcache\ibmvcap.sys
+ 2009-10-22 01:42 . 1999-09-25 00:18 23984 c:\winnt\system32\dllcache\ibmsync.sys
+ 2009-10-22 01:42 . 1999-10-06 20:52 35600 c:\winnt\system32\dllcache\ibmgent5.sys
+ 2009-10-22 01:42 . 2003-06-19 19:05 85776 c:\winnt\system32\dllcache\ibmfent5.sys
+ 2009-10-22 01:38 . 1999-10-04 18:56 28944 c:\winnt\system32\dllcache\ibmexmp.sys
+ 2009-10-22 01:42 . 1999-09-25 00:17 19216 c:\winnt\system32\dllcache\ibmeimp.sys
+ 2009-10-22 01:42 . 1999-09-25 00:17 40208 c:\winnt\system32\dllcache\ibmcn5.sys
+ 2000-07-26 12:00 . 2003-06-19 19:05 20240 c:\winnt\system32\dllcache\iasuserr.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 60176 c:\winnt\system32\dllcache\iassvcs.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 97040 c:\winnt\system32\dllcache\iasrad.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 20752 c:\winnt\system32\dllcache\iasperf.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 60176 c:\winnt\system32\dllcache\iasnap.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 75536 c:\winnt\system32\dllcache\iasads.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 28944 c:\winnt\system32\dllcache\iasacct.dll
+ 2009-10-22 01:42 . 2003-06-19 19:05 68336 c:\winnt\system32\dllcache\i81xnt5.sys
+ 2000-07-26 12:00 . 2003-06-19 19:05 46992 c:\winnt\system32\dllcache\i8042prt.sys
+ 2009-10-22 01:42 . 1999-10-05 20:09 58800 c:\winnt\system32\dllcache\i740nt5.sys
+ 2004-04-10 03:11 . 2003-06-19 19:05 57104 c:\winnt\system32\dllcache\httpodbc.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 11536 c:\winnt\system32\dllcache\htrn_jis.dll
+ 2009-10-22 01:38 . 1999-12-01 04:39 17680 c:\winnt\system32\dllcache\hr132.dll
+ 2009-10-22 01:42 . 2003-06-19 19:05 85776 c:\winnt\system32\dllcache\hptxnt5.sys
+ 2009-10-22 01:42 . 1999-12-01 04:40 16144 c:\winnt\system32\dllcache\hpsjrreg.exe
+ 2009-10-22 01:42 . 1999-12-01 04:39 13584 c:\winnt\system32\dllcache\hpsjinst.dll
+ 2009-10-22 01:42 . 1999-12-01 04:39 28432 c:\winnt\system32\dllcache\hpsj32.dll
+ 2009-10-22 01:42 . 1999-12-01 04:39 91408 c:\winnt\system32\dllcache\hpscnmgr.dll
+ 2009-10-22 01:42 . 1999-12-01 04:39 10000 c:\winnt\system32\dllcache\hpousd10.dll
+ 2009-10-22 01:42 . 2003-06-19 19:05 12912 c:\winnt\system32\dllcache\hpmc.sys
+ 2009-10-22 01:42 . 1999-11-05 18:37 35088 c:\winnt\system32\dllcache\hpddnd4.sys
+ 2004-04-10 03:11 . 2003-06-19 19:05 76560 c:\winnt\system32\dllcache\hotplug.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 37648 c:\winnt\system32\dllcache\hostmib.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 23056 c:\winnt\system32\dllcache\hidparse.sys
+ 2000-07-26 12:00 . 2003-06-19 19:05 24752 c:\winnt\system32\dllcache\hidclass.sys
+ 2009-10-22 01:42 . 2003-06-19 19:05 18928 c:\winnt\system32\dllcache\hidbatt.sys
+ 2004-04-10 03:11 . 2003-06-19 19:05 18192 c:\winnt\system32\dllcache\hid.dll
- 2005-04-21 14:16 . 2005-04-21 14:16 38912 c:\winnt\system32\dllcache\hhsetup.dll
+ 2004-04-10 03:11 . 2005-04-21 14:16 38912 c:\winnt\system32\dllcache\hhsetup.dll
- 2005-04-15 01:08 . 2005-04-15 01:08 10752 c:\winnt\system32\dllcache\hh.exe
+ 2004-04-10 03:11 . 2005-04-15 01:08 10752 c:\winnt\system32\dllcache\hh.exe
+ 2004-04-10 03:11 . 2003-06-19 19:05 30992 c:\winnt\system32\dllcache\gzip.dll
- 2005-02-06 23:06 . 2004-12-09 18:10 41744 c:\winnt\system32\dllcache\grpconv.exe
+ 2000-07-26 12:00 . 2004-12-09 18:10 41744 c:\winnt\system32\dllcache\grpconv.exe
+ 2009-10-22 01:42 . 1999-09-25 15:36 16016 c:\winnt\system32\dllcache\gpr400.sys
+ 2009-10-22 01:42 . 1999-09-25 00:17 25360 c:\winnt\system32\dllcache\genbn5.sys
+ 2009-10-22 01:42 . 1999-09-25 00:17 27408 c:\winnt\system32\dllcache\genan5.sys
+ 2009-10-22 01:42 . 1999-09-25 15:36 23376 c:\winnt\system32\dllcache\gcr410p.sys
+ 2009-10-22 01:42 . 1999-12-01 04:39 19728 c:\winnt\system32\dllcache\fuusd.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 39696 c:\winnt\system32\dllcache\ftp.exe
+ 1999-09-25 10:36 . 2000-07-26 12:00 12368 c:\winnt\system32\dllcache\fsvga.sys
+ 2009-10-22 01:41 . 2003-06-19 19:05 20541 c:\winnt\system32\dllcache\fpadmdll.dll
+ 2009-10-22 01:41 . 2003-06-19 19:05 24632 c:\winnt\system32\dllcache\fpadmcgi.exe
+ 2004-04-10 03:11 . 2003-06-19 19:05 15120 c:\winnt\system32\dllcache\fortutil.exe
+ 2009-10-22 01:38 . 1999-11-05 20:19 32528 c:\winnt\system32\dllcache\forehe.sys
+ 2009-10-22 01:41 . 1999-10-06 21:17 21008 c:\winnt\system32\dllcache\foghorn.sys
+ 2009-10-22 01:41 . 1999-12-01 04:39 74000 c:\winnt\system32\dllcache\fnfilter.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 17680 c:\winnt\system32\dllcache\fmifs.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 19312 c:\winnt\system32\dllcache\flpydisk.sys
+ 2009-10-22 01:41 . 1999-09-25 16:11 76912 c:\winnt\system32\dllcache\flashpnt.sys
+ 2009-10-22 01:41 . 1999-12-01 04:39 10000 c:\winnt\system32\dllcache\fjtwusd.dll
+ 2009-10-22 01:41 . 1999-10-27 19:58 22416 c:\winnt\system32\dllcache\fireport.sys
- 2000-09-18 20:01 . 2000-09-18 20:01 33616 c:\winnt\system32\dllcache\fips.sys
+ 2004-04-10 03:16 . 2003-06-19 19:05 33616 c:\winnt\system32\dllcache\fips.sys
+ 2004-04-10 03:11 . 2003-06-19 19:05 25872 c:\winnt\system32\dllcache\findstr.exe
+ 2000-07-26 12:00 . 2003-06-19 19:05 10000 c:\winnt\system32\dllcache\find.exe
+ 2009-10-22 01:41 . 1999-09-25 00:17 21264 c:\winnt\system32\dllcache\fetnd5.sys
+ 2009-10-22 01:41 . 1999-09-25 00:16 21776 c:\winnt\system32\dllcache\fem556n5.sys
+ 2004-04-10 03:11 . 2003-06-19 19:05 50448 c:\winnt\system32\dllcache\fdeploy.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 26256 c:\winnt\system32\dllcache\fdc.sys
+ 2009-10-22 01:41 . 1999-09-25 16:11 11280 c:\winnt\system32\dllcache\fd16_700.sys
+ 2004-04-10 03:11 . 2003-06-19 19:05 94992 c:\winnt\system32\dllcache\faxsvc.exe
+ 2004-04-10 03:11 . 2003-06-19 19:05 15120 c:\winnt\system32\dllcache\faxdrv.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 80144 c:\winnt\system32\dllcache\faxcom.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 92944 c:\winnt\system32\dllcache\faxadmin.dll
+ 2009-10-22 01:41 . 1999-09-25 00:17 11536 c:\winnt\system32\dllcache\f3ab18xj.sys
+ 2009-10-22 01:41 . 1999-09-25 00:17 12048 c:\winnt\system32\dllcache\f3ab18xi.sys
+ 2009-10-22 01:41 . 2003-06-19 19:05 11856 c:\winnt\system32\dllcache\examc.sys
+ 2009-10-22 01:41 . 1999-09-25 00:17 17200 c:\winnt\system32\dllcache\ex10.sys
+ 2004-04-10 03:11 . 2003-06-19 19:05 90384 c:\winnt\system32\dllcache\evntwin.exe
+ 2004-04-10 03:11 . 2003-06-19 19:05 98576 c:\winnt\system32\dllcache\evntagnt.dll
+ 2005-04-08 11:54 . 2005-04-08 11:54 49424 c:\winnt\system32\dllcache\eventlog.dll
- 2004-04-30 03:23 . 2005-04-08 11:54 49424 c:\winnt\system32\dllcache\EVENTLOG.DLL
+ 2009-10-22 01:41 . 1999-09-25 15:36 25840 c:\winnt\system32\dllcache\et4000.sys
+ 2009-10-22 01:41 . 1999-09-25 00:17 13584 c:\winnt\system32\dllcache\et32nt.sys
+ 2009-10-22 01:41 . 1999-09-30 22:26 64144 c:\winnt\system32\dllcache\ess.sys
+ 2004-04-10 03:11 . 2003-06-19 19:05 55568 c:\winnt\system32\dllcache\esentutl.exe
+ 2009-10-22 01:41 . 1999-11-06 15:11 44528 c:\winnt\system32\dllcache\es1371mp.sys
+ 2009-10-22 01:41 . 1999-11-12 21:12 41328 c:\winnt\system32\dllcache\es1370mp.sys
+ 2009-10-22 01:41 . 1999-12-01 04:40 54032 c:\winnt\system32\dllcache\eqnloop.exe
+ 2009-10-22 01:41 . 1999-12-01 04:40 42256 c:\winnt\system32\dllcache\eqnlogr.exe
+ 2009-10-22 01:41 . 1999-12-01 04:40 44816 c:\winnt\system32\dllcache\eqndiag.exe
+ 2009-10-22 01:41 . 1999-09-25 00:17 18704 c:\winnt\system32\dllcache\epro4.sys
+ 2009-10-22 01:41 . 1999-09-25 00:17 51152 c:\winnt\system32\dllcache\eni25p.sys
+ 2009-10-22 01:41 . 1999-09-25 00:17 27408 c:\winnt\system32\dllcache\enet5.sys
+ 2004-04-10 03:11 . 2003-06-19 19:05 24336 c:\winnt\system32\dllcache\encinst.exe
+ 2009-10-22 01:41 . 1999-09-25 00:17 27408 c:\winnt\system32\dllcache\en22265.sys
+ 2009-10-22 01:41 . 1999-09-25 00:16 20240 c:\winnt\system32\dllcache\em556n4.sys
+ 2009-10-22 01:41 . 1999-09-25 00:16 37136 c:\winnt\system32\dllcache\elnk3.sys
+ 2009-10-22 01:41 . 1999-11-01 21:48 61712 c:\winnt\system32\dllcache\el980n5.sys
+ 2009-10-22 01:41 . 1999-11-01 21:43 78096 c:\winnt\system32\dllcache\el90xnd5.sys
+ 2009-10-22 01:41 . 1999-10-23 17:22 61712 c:\winnt\system32\dllcache\el90xbc5.sys
+ 2009-10-22 01:41 . 1999-09-25 04:55 72304 c:\winnt\system32\dllcache\el656se5.sys
+ 2009-10-22 01:41 . 1999-09-25 00:16 75536 c:\winnt\system32\dllcache\el656nd5.sys
+ 2009-10-22 01:41 . 1999-09-25 00:16 39184 c:\winnt\system32\dllcache\el59x.sys
+ 2009-10-22 01:41 . 1999-09-25 00:16 26384 c:\winnt\system32\dllcache\el589nd5.sys
+ 2009-10-22 01:41 . 1999-10-19 19:50 77072 c:\winnt\system32\dllcache\el575nd5.sys
+ 2009-10-22 01:41 . 1999-09-25 00:16 24848 c:\winnt\system32\dllcache\el574nd4.sys
+ 2009-10-22 01:41 . 1999-09-25 00:16 21264 c:\winnt\system32\dllcache\el562nd4.sys
+ 2009-10-22 01:37 . 1999-09-25 00:16 45840 c:\winnt\system32\dllcache\el515.sys
+ 2000-07-26 12:00 . 2003-06-19 19:05 27440 c:\winnt\system32\dllcache\efs.sys
+ 2009-10-22 01:41 . 1999-10-01 02:28 70784 c:\winnt\system32\dllcache\ecwani.sys
+ 2009-10-22 01:38 . 1999-10-01 02:28 17856 c:\winnt\system32\dllcache\ecwandd.sys
+ 2009-10-22 01:41 . 1999-10-01 02:28 70784 c:\winnt\system32\dllcache\ecwan.sys
+ 2009-10-22 01:37 . 1999-12-01 04:38 21680 c:\winnt\system32\dllcache\ecpinst.dll
+ 2009-10-22 01:38 . 1999-12-01 04:38 33792 c:\winnt\system32\dllcache\ecpagex.dll
+ 2009-10-22 01:38 . 1999-10-01 02:28 38464 c:\winnt\system32\dllcache\ecnb.sys
+ 2009-10-22 01:37 . 1999-10-01 02:28 23664 c:\winnt\system32\dllcache\eclandd.sys
+ 2009-10-22 01:37 . 1999-09-30 20:03 51472 c:\winnt\system32\dllcache\e100snt5.sys
+ 2009-10-22 01:37 . 1999-10-14 21:57 19824 c:\winnt\system32\dllcache\e100isa4.sys
+ 2009-10-22 01:41 . 2003-06-19 19:05 85776 c:\winnt\system32\dllcache\e100bnt5.sys
+ 2009-10-22 01:41 . 1999-10-06 20:52 35600 c:\winnt\system32\dllcache\e1000nt5.sys
+ 2009-10-22 01:41 . 1999-09-25 00:17 21264 c:\winnt\system32\dllcache\e100.sys
+ 2009-10-22 01:41 . 1999-12-01 04:38 16656 c:\winnt\system32\dllcache\dvusd.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 28944 c:\winnt\system32\dllcache\dssec.dll
+ 2009-10-22 01:37 . 1999-12-01 04:38 13072 c:\winnt\system32\dllcache\dspimg32.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 92944 c:\winnt\system32\dllcache\dskquota.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 41744 c:\winnt\system32\dllcache\dsfolder.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 74512 c:\winnt\system32\dllcache\dsauth.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 72464 c:\winnt\system32\dllcache\drwtsn32.exe
+ 2009-10-22 01:37 . 2003-06-19 19:05 12688 c:\winnt\system32\dllcache\dot4prt.sys
+ 2009-10-22 01:37 . 2003-06-19 19:05 44208 c:\winnt\system32\dllcache\dot4.sys
+ 2008-02-15 13:24 . 2008-02-15 13:24 96528 c:\winnt\system32\dllcache\dnsrslvr.dll
- 2004-04-30 03:23 . 2008-02-15 13:24 96528 c:\winnt\system32\dllcache\dnsrslvr.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 43280 c:\winnt\system32\dllcache\dmutil.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 12048 c:\winnt\system32\dllcache\dmserver.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 10512 c:\winnt\system32\dllcache\dmremote.exe
+ 2004-04-10 03:10 . 2003-06-19 19:05 13072 c:\winnt\system32\dllcache\dmintf.dll
+ 2009-10-22 01:37 . 1999-09-25 00:17 23216 c:\winnt\system32\dllcache\dlh5xnd5.sys
+ 2000-07-26 12:00 . 2003-06-19 19:05 56112 c:\winnt\system32\dllcache\dlc.sys
+ 2004-04-10 03:10 . 2003-06-19 19:05 14096 c:\winnt\system32\dllcache\diskperf.exe
+ 2000-07-26 12:00 . 2003-06-19 19:05 14288 c:\winnt\system32\dllcache\diskdump.sys
+ 2004-04-10 03:10 . 2003-06-19 19:05 16144 c:\winnt\system32\dllcache\diskcopy.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 30768 c:\winnt\system32\dllcache\disk.sys
+ 2009-10-22 01:40 . 2003-06-19 19:05 10448 c:\winnt\system32\dllcache\discmc.sys
+ 2009-10-22 01:40 . 1999-10-12 19:34 68400 c:\winnt\system32\dllcache\dimaint.sys
+ 2009-10-22 01:40 . 1999-09-25 00:17 34096 c:\winnt\system32\dllcache\digiwanx.sys
+ 2009-10-22 01:40 . 1999-09-25 00:17 48368 c:\winnt\system32\dllcache\digisxb.sys
+ 2009-10-22 01:40 . 1999-09-25 00:17 69392 c:\winnt\system32\dllcache\digirlpt.sys
+ 2009-10-22 01:40 . 1999-09-25 00:17 20784 c:\winnt\system32\dllcache\digilan.sys
+ 2009-10-22 01:40 . 1999-11-18 18:49 21296 c:\winnt\system32\dllcache\digiisdn.sys
+ 2009-10-22 01:37 . 1999-12-01 04:38 27408 c:\winnt\system32\dllcache\digiisdn.dll
+ 2009-10-22 01:37 . 1999-12-01 04:38 52496 c:\winnt\system32\dllcache\digiinf.dll
+ 2009-10-22 01:37 . 1999-12-01 04:38 61712 c:\winnt\system32\dllcache\digihlc.dll
+ 2009-10-22 01:40 . 1999-10-01 02:28 90384 c:\winnt\system32\dllcache\digifep5.sys
+ 2009-10-22 01:40 . 1999-11-18 18:49 92784 c:\winnt\system32\dllcache\digidxb.sys
+ 2000-07-26 12:00 . 2003-06-19 19:05 75536 c:\winnt\system32\dllcache\dhcpsapi.dll
+ 2000-07-26 12:00 . 2006-05-19 09:18 89872 c:\winnt\system32\dllcache\dhcpcsvc.dll
- 2006-05-19 09:18 . 2006-05-19 09:18 89872 c:\winnt\system32\dllcache\dhcpcsvc.dll
+ 2009-10-22 01:40 . 1999-10-01 02:28 25840 c:\winnt\system32\dllcache\dgavnstr.sys
+ 2009-10-22 01:40 . 1999-11-05 18:40 29552 c:\winnt\system32\dllcache\dgapci.sys
+ 2004-04-10 03:10 . 2003-06-19 19:05 22800 c:\winnt\system32\dllcache\dfsshlex.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 42768 c:\winnt\system32\dllcache\dfrgsnap.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 76048 c:\winnt\system32\dllcache\dfrgntfs.exe
+ 2004-04-10 03:10 . 2003-06-19 19:05 62224 c:\winnt\system32\dllcache\dfrgfat.exe
+ 2009-10-22 01:40 . 1999-10-04 19:06 21360 c:\winnt\system32\dllcache\defpa.sys
+ 2009-10-22 01:40 . 1999-09-30 20:25 29232 c:\winnt\system32\dllcache\defea.sys
+ 2009-10-22 01:40 . 1999-10-17 17:18 64880 c:\winnt\system32\dllcache\dc21x4.sys
+ 2009-10-22 01:40 . 1999-12-01 04:38 64784 c:\winnt\system32\dllcache\dc210_32.dll
+ 2009-10-22 01:40 . 1999-12-01 04:38 22288 c:\winnt\system32\dllcache\dc200usd.dll
+ 2009-10-22 01:40 . 1999-12-01 04:38 21776 c:\winnt\system32\dllcache\dc120usd.dll
+ 2009-10-22 01:40 . 1999-11-30 16:19 14672 c:\winnt\system32\dllcache\dac960nt.sys
+ 2009-10-22 01:40 . 1999-11-11 20:13 67440 c:\winnt\system32\dllcache\cwcwdm.sys
+ 2009-10-22 01:40 . 1999-11-11 20:13 19056 c:\winnt\system32\dllcache\cwcspud3.sys
+ 2009-10-22 01:40 . 1999-11-02 03:10 79264 c:\winnt\system32\dllcache\cwbwdm.sys
+ 2009-10-22 01:40 . 1999-12-01 04:38 12560 c:\winnt\system32\dllcache\ctmvclas.dll
+ 2009-10-22 01:40 . 1999-12-01 04:38 12560 c:\winnt\system32\dllcache\ctmrclas.dll
+ 2009-10-22 01:40 . 1999-09-24 23:53 28848 c:\winnt\system32\dllcache\ctlegacy.sys
+ 2009-10-22 01:40 . 1999-12-07 21:43 93456 c:\winnt\system32\dllcache\ctlegacy.dll
- 2005-01-13 09:09 . 2005-01-13 09:09 35088 c:\winnt\system32\dllcache\csrsrv.dll
+ 2000-07-26 12:00 . 2005-01-13 09:09 35088 c:\winnt\system32\dllcache\csrsrv.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 65593 c:\winnt\system32\dllcache\csapi3t1.dll
- 2004-04-30 03:23 . 2005-04-21 08:08 78096 c:\winnt\system32\dllcache\cryptsvc.dll
+ 2005-04-21 08:08 . 2005-04-21 08:08 78096 c:\winnt\system32\dllcache\cryptsvc.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 44304 c:\winnt\system32\dllcache\cryptdll.dll
+ 2009-10-22 01:40 . 1999-09-25 00:16 61072 c:\winnt\system32\dllcache\cpqtrnd5.sys
+ 2009-10-22 01:40 . 1999-09-25 00:17 21776 c:\winnt\system32\dllcache\cpqndis5.sys
+ 2009-10-22 01:40 . 1999-09-25 16:11 43184 c:\winnt\system32\dllcache\cpqfws2e.sys
+ 2009-10-22 01:40 . 1999-09-25 16:11 58352 c:\winnt\system32\dllcache\cpqfcalm.sys
+ 2009-10-22 01:40 . 1999-09-25 00:17 27408 c:\winnt\system32\dllcache\cpqepc.sys
+ 2009-10-22 01:40 . 1999-10-01 20:47 13424 c:\winnt\system32\dllcache\cpqarry2.sys
+ 2009-10-22 01:40 . 2003-06-19 19:05 10992 c:\winnt\system32\dllcache\cpqarray.sys
+ 2009-10-22 01:40 . 1999-09-25 00:17 25360 c:\winnt\system32\dllcache\cpq550n5.sys
+ 2004-04-10 03:10 . 2003-06-19 19:05 27097 c:\winnt\system32\dllcache\country.sys
+ 2004-04-10 03:10 . 2003-06-19 19:05 21264 c:\winnt\system32\dllcache\counters.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 67856 c:\winnt\system32\dllcache\convlog.exe
+ 2000-07-26 12:00 . 2003-06-19 19:05 14096 c:\winnt\system32\dllcache\convert.exe
+ 2004-04-10 03:10 . 2003-06-19 19:05 36112 c:\winnt\system32\dllcache\controt.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 25872 c:\winnt\system32\dllcache\conime.exe
+ 2004-04-10 03:10 . 2003-06-19 19:05 23312 c:\winnt\system32\dllcache\compfilt.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 40720 c:\winnt\system32\dllcache\coadmin.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 26384 c:\winnt\system32\dllcache\cnvfat.dll
+ 2009-10-22 01:40 . 1999-12-01 04:38 24848 c:\winnt\system32\dllcache\cnusd.dll
+ 1999-11-30 23:38 . 2000-07-26 12:00 44816 c:\winnt\system32\dllcache\cnbjmon.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 22288 c:\winnt\system32\dllcache\cmutil.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 45328 c:\winnt\system32\dllcache\cmstp.exe
+ 2004-04-10 03:10 . 2003-06-19 19:05 82704 c:\winnt\system32\dllcache\cmnquery.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 55568 c:\winnt\system32\dllcache\clusapi.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 34832 c:\winnt\system32\dllcache\classpnp.sys
+ 2009-10-22 01:40 . 1999-10-08 20:31 45744 c:\winnt\system32\dllcache\cirrus.sys
+ 2009-10-22 01:40 . 1999-12-07 21:43 89840 c:\winnt\system32\dllcache\cirrus.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 36112 c:\winnt\system32\dllcache\cipher.exe
+ 2004-04-10 03:10 . 2003-06-19 19:05 13072 c:\winnt\system32\dllcache\chkntfs.exe
+ 2000-07-26 12:00 . 2003-12-10 02:47 13584 c:\winnt\system32\dllcache\chkdsk.exe
- 2003-12-10 02:47 . 2003-12-10 02:47 13584 c:\winnt\system32\dllcache\chkdsk.exe
+ 2009-10-22 01:40 . 1999-09-25 15:36 34032 c:\winnt\system32\dllcache\chipsm5.sys
+ 2009-10-22 01:40 . 1999-12-07 21:43 84688 c:\winnt\system32\dllcache\chipsd5.dll
+ 2009-10-22 01:40 . 1999-09-25 00:17 25360 c:\winnt\system32\dllcache\cem56n5.sys
+ 2009-10-22 01:40 . 1999-09-25 00:17 22288 c:\winnt\system32\dllcache\cem33n5.sys
+ 2009-10-22 01:40 . 1999-09-25 00:17 22288 c:\winnt\system32\dllcache\cem28n5.sys
+ 2009-10-22 01:40 . 1999-09-25 00:17 27408 c:\winnt\system32\dllcache\ce3n5.sys
+ 2009-10-22 01:40 . 1999-09-25 00:17 21776 c:\winnt\system32\dllcache\ce2n5.sys
+ 2000-07-26 12:00 . 2003-06-19 19:05 27984 c:\winnt\system32\dllcache\cdrom.sys
+ 2000-07-26 12:00 . 2005-04-08 11:51 63248 c:\winnt\system32\dllcache\cdfs.sys
- 2005-04-08 11:51 . 2005-04-08 11:51 63248 c:\winnt\system32\dllcache\cdfs.sys
+ 1999-09-27 19:29 . 2000-07-26 12:00 19088 c:\winnt\system32\dllcache\cdaudio.sys
+ 2009-10-22 01:40 . 1999-09-25 00:17 40208 c:\winnt\system32\dllcache\cben5.sys
+ 2009-10-22 01:37 . 1999-09-30 20:03 39680 c:\winnt\system32\dllcache\cb325.sys
+ 2000-07-26 12:00 . 2003-06-19 19:05 17680 c:\winnt\system32\dllcache\cacls.exe
+ 2005-01-12 19:39 . 2005-01-12 19:39 56080 c:\winnt\system32\dllcache\cabinet.dll
- 2000-07-26 12:00 . 2005-01-12 19:39 56080 c:\winnt\system32\dllcache\cabinet.dll
+ 2009-10-22 01:40 . 1999-09-25 00:17 25360 c:\winnt\system32\dllcache\c21n5.sys
+ 2009-10-22 01:40 . 1999-09-25 00:17 40208 c:\winnt\system32\dllcache\c20n5.sys
+ 2009-10-22 01:40 . 1999-09-25 16:11 38992 c:\winnt\system32\dllcache\buslogic.sys
+ 2009-10-22 01:40 . 1999-09-25 15:36 14096 c:\winnt\system32\dllcache\bulltlp3.sys
+ 2009-10-22 01:37 . 1999-10-12 20:35 31888 c:\winnt\system32\dllcache\brzwlan.sys
+ 2005-04-08 11:54 . 2005-04-08 11:54 71440 c:\winnt\system32\dllcache\browser.dll
- 2004-04-30 03:23 . 2005-04-08 11:54 71440 c:\winnt\system32\dllcache\browser.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 47376 c:\winnt\system32\dllcache\browscap.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 20752 c:\winnt\system32\dllcache\batmeter.dll
+ 2005-01-12 19:39 . 2005-01-12 19:39 46352 c:\winnt\system32\dllcache\basesrv.dll
- 2005-02-06 23:07 . 2005-01-12 19:39 46352 c:\winnt\system32\dllcache\BASESRV.DLL
+ 2009-10-22 01:39 . 1999-10-29 20:00 38928 c:\winnt\system32\dllcache\banshee.sys
+ 2009-10-22 01:39 . 1999-09-25 00:17 63088 c:\winnt\system32\dllcache\b1cbase.sys
+ 2009-10-22 01:39 . 1999-10-07 20:35 43472 c:\winnt\system32\dllcache\aztw3328.sys
+ 2009-10-22 01:39 . 1999-10-07 20:35 36368 c:\winnt\system32\dllcache\aztw2320.sys
+ 2009-10-22 01:39 . 1999-10-07 20:35 33168 c:\winnt\system32\dllcache\aztw2316.sys
+ 2009-10-22 01:39 . 1999-10-19 19:27 29968 c:\winnt\system32\dllcache\avmwan.sys
+ 2009-10-22 01:39 . 1999-12-01 04:38 62224 c:\winnt\system32\dllcache\avmcoins.dll
- 2009-07-13 13:13 . 2009-07-13 13:13 78608 c:\winnt\system32\dllcache\avifil32.dll
+ 2004-04-10 03:10 . 2009-07-13 13:13 78608 c:\winnt\system32\dllcache\avifil32.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 11024 c:\winnt\system32\dllcache\authfilt.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 31504 c:\winnt\system32\dllcache\atmlib.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 48496 c:\winnt\system32\dllcache\atmlane.sys
+ 2004-04-10 03:10 . 2003-06-19 19:05 14096 c:\winnt\system32\dllcache\atkctrs.dll
+ 2009-10-22 01:39 . 1999-10-21 20:09 19792 c:\winnt\system32\dllcache\atixbar.sys
+ 2009-10-22 01:37 . 1999-10-21 20:09 16976 c:\winnt\system32\dllcache\atitvsnd.sys
+ 2009-10-22 01:39 . 1999-10-21 20:09 17968 c:\winnt\system32\dllcache\atitunep.sys
+ 2009-10-22 01:39 . 1999-11-05 20:43 70352 c:\winnt\system32\dllcache\atiragem.sys
+ 2009-10-22 01:39 . 1999-11-10 20:34 71632 c:\winnt\system32\dllcache\atimpab.sys
+ 2009-10-22 01:37 . 1999-10-21 20:09 42192 c:\winnt\system32\dllcache\atibt829.sys
+ 2009-10-22 01:39 . 1999-09-25 15:36 77648 c:\winnt\system32\dllcache\ati.sys
+ 2009-10-22 01:39 . 1999-12-07 21:43 96112 c:\winnt\system32\dllcache\ati.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 86672 c:\winnt\system32\dllcache\atapi.sys
+ 2004-04-10 03:10 . 2003-06-19 19:05 23824 c:\winnt\system32\dllcache\at.exe
+ 2000-07-26 12:00 . 2003-06-19 19:05 17840 c:\winnt\system32\dllcache\asyncmac.sys
+ 2004-04-10 03:10 . 2003-06-19 19:05 30480 c:\winnt\system32\dllcache\asptxn.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 10000 c:\winnt\system32\dllcache\aspperf.dll
+ 2009-10-22 01:39 . 1999-09-25 00:17 97552 c:\winnt\system32\dllcache\aspndis3.sys
+ 2009-10-22 01:39 . 1999-09-25 16:11 14576 c:\winnt\system32\dllcache\asc3550.sys
+ 2009-10-22 01:39 . 1999-09-25 16:11 22256 c:\winnt\system32\dllcache\asc3350p.sys
+ 2009-10-22 01:39 . 1999-09-25 16:11 26384 c:\winnt\system32\dllcache\asc.sys
+ 2009-10-22 01:39 . 1999-09-25 16:11 11824 c:\winnt\system32\dllcache\amsint.sys
+ 2009-10-22 01:39 . 1999-09-28 20:37 22064 c:\winnt\system32\dllcache\amd751.sys
+ 2009-10-22 01:39 . 1999-09-25 00:16 55056 c:\winnt\system32\dllcache\ambcbl.sys
+ 2009-10-22 01:37 . 1999-09-25 00:16 17168 c:\winnt\system32\dllcache\amb8002.sys
+ 2009-10-22 01:39 . 1999-10-07 20:32 16240 c:\winnt\system32\dllcache\alswdm.sys
+ 2009-10-22 01:39 . 1999-10-08 19:58 21168 c:\winnt\system32\dllcache\alim1541.sys
+ 2009-10-22 01:39 . 1999-09-25 00:18 41744 c:\winnt\system32\dllcache\alifir.sys
+ 2009-10-22 01:39 . 1999-10-06 21:06 56848 c:\winnt\system32\dllcache\aic78xx.sys
+ 2009-10-22 01:39 . 1999-10-18 19:35 65168 c:\winnt\system32\dllcache\aic78u2.sys
+ 2009-10-22 01:39 . 1999-09-25 16:11 95536 c:\winnt\system32\dllcache\aic116x.sys
+ 2009-10-22 01:39 . 1999-09-25 16:11 12336 c:\winnt\system32\dllcache\aha154x.sys
+ 2009-10-22 01:39 . 2003-06-19 19:05 24176 c:\winnt\system32\dllcache\agpcpq.sys
+ 2009-10-22 01:39 . 2003-06-19 19:05 21008 c:\winnt\system32\dllcache\agp440.sys
+ 2004-04-10 03:10 . 2003-06-19 19:05 52496 c:\winnt\system32\dllcache\adrot.dll
+ 2009-10-22 01:39 . 2003-06-19 19:05 64432 c:\winnt\system32\dllcache\adpu160m.sys
+ 2009-10-22 01:39 . 1999-09-25 00:16 36368 c:\winnt\system32\dllcache\adptsf50.sys
+ 2009-10-22 01:39 . 1999-10-18 20:03 10560 c:\winnt\system32\dllcache\admjoy.sys
+ 2004-04-10 03:10 . 2003-06-19 19:05 28432 c:\winnt\system32\dllcache\admexs.dll
+ 2009-10-22 01:37 . 1999-12-01 04:38 91920 c:\winnt\system32\dllcache\acq32.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 11536 c:\winnt\system32\dllcache\acpiec.sys
+ 2004-04-10 03:10 . 2003-06-19 19:05 78096 c:\winnt\system32\dllcache\aclui.dll
+ 2009-10-22 01:39 . 1999-09-25 16:11 23312 c:\winnt\system32\dllcache\abp480n5.sys
+ 2009-10-22 01:37 . 1999-12-07 21:43 38320 c:\winnt\system32\dllcache\8514a.dll
+ 2009-10-22 01:37 . 2003-06-19 19:05 10928 c:\winnt\system32\dllcache\4mmdat.sys
+ 2009-10-22 01:37 . 1999-10-07 20:29 22992 c:\winnt\system32\dllcache\15_16wdm.sys
+ 2009-10-22 01:37 . 2003-06-19 19:05 40752 c:\winnt\system32\dllcache\1394bus.sys
+ 2004-04-10 03:16 . 2003-06-19 19:05 9216 c:\winnt\system32\dllcache\wuauserv.dll
+ 2004-04-10 03:19 . 2003-06-19 19:05 8464 c:\winnt\system32\dllcache\wshirda.dll
+ 1999-12-07 16:43 . 2000-07-26 12:00 3312 c:\winnt\system32\dllcache\wowfax.dll
+ 2004-04-10 03:19 . 2003-06-19 19:05 4368 c:\winnt\system32\dllcache\winver.exe
+ 2000-07-26 12:00 . 2000-07-26 12:00 8976 c:\winnt\system32\dllcache\winhstb.exe
+ 2009-10-22 01:47 . 1999-10-21 16:34 8976 c:\winnt\system32\dllcache\wangqic.sys
+ 2004-04-10 03:18 . 2003-06-19 19:05 6928 c:\winnt\system32\dllcache\w3svapi.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 7440 c:\winnt\system32\dllcache\w3ctrs.dll
+ 2009-10-22 01:47 . 1999-12-01 04:39 8976 c:\winnt\system32\dllcache\umaxusd.dll
+ 2009-10-22 01:47 . 1999-12-01 04:39 9488 c:\winnt\system32\dllcache\u1220usd.dll
+ 2009-10-22 01:39 . 1999-09-25 15:34 7568 c:\winnt\system32\dllcache\twotrack.sys
+ 2009-10-22 01:47 . 1999-10-21 16:34 7344 c:\winnt\system32\dllcache\tandqic.sys
+ 2004-04-10 03:18 . 2003-06-19 19:05 7440 c:\winnt\system32\dllcache\svcpack.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 8464 c:\winnt\system32\dllcache\staxmem.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 5632 c:\winnt\system32\dllcache\sp2res.dll
+ 2009-10-22 01:46 . 1999-10-21 16:34 6256 c:\winnt\system32\dllcache\sonyait.sys
+ 2009-10-22 01:46 . 2003-06-19 19:05 9776 c:\winnt\system32\dllcache\snyaitmc.sys
+ 2004-04-10 03:18 . 2003-06-19 19:05 7952 c:\winnt\system32\dllcache\snmptrap.exe
- 2004-04-09 22:48 . 2000-06-22 02:00 7952 c:\winnt\system32\dllcache\smtp_snprfdll.dll
+ 2004-04-09 22:48 . 2003-06-20 02:45 7952 c:\winnt\system32\dllcache\smtp_snprfdll.dll
+ 2004-04-09 22:48 . 2003-06-20 02:45 7952 c:\winnt\system32\dllcache\smtp_smtpmib.dll
- 2004-04-09 22:48 . 2000-06-14 18:33 7952 c:\winnt\system32\dllcache\smtp_smtpmib.dll
- 2004-04-09 22:47 . 2000-07-07 01:03 6416 c:\winnt\system32\dllcache\smtp_adsiisex.dll
+ 2004-04-09 22:47 . 2003-06-20 02:44 6416 c:\winnt\system32\dllcache\smtp_adsiisex.dll
+ 2009-10-22 01:46 . 1999-09-25 15:35 6576 c:\winnt\system32\dllcache\smbhc.sys
+ 2009-10-22 01:46 . 1999-09-25 15:35 6096 c:\winnt\system32\dllcache\smbclass.sys
+ 2004-04-10 03:18 . 2003-06-19 19:05 6928 c:\winnt\system32\dllcache\skdll.dll
+ 2009-10-22 01:46 . 1999-10-11 20:36 6992 c:\winnt\system32\dllcache\sglfb.sys
+ 2009-10-22 01:46 . 1999-12-07 21:43 9136 c:\winnt\system32\dllcache\sglfb.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 6928 c:\winnt\system32\dllcache\sfmpsprt.dll
+ 2009-10-22 01:46 . 1999-09-25 15:36 6736 c:\winnt\system32\dllcache\serscan.sys
+ 2004-04-10 03:18 . 2003-06-19 19:05 7440 c:\winnt\system32\dllcache\sensapi.dll
+ 2009-10-22 01:46 . 2003-06-19 19:05 9392 c:\winnt\system32\dllcache\seaddsmc.sys
+ 2004-04-10 03:17 . 2003-06-19 19:05 4368 c:\winnt\system32\dllcache\rpcref.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 8464 c:\winnt\system32\dllcache\recover.exe
+ 2006-07-06 11:45 . 2006-07-06 11:45 7440 c:\winnt\system32\dllcache\rasadhlp.dll
- 2000-07-26 12:00 . 2006-07-06 11:45 7440 c:\winnt\system32\dllcache\rasadhlp.dll
+ 2009-10-22 01:46 . 2003-06-19 19:05 8848 c:\winnt\system32\dllcache\qntmmc.sys
+ 2009-10-22 01:46 . 1999-10-21 16:34 5008 c:\winnt\system32\dllcache\qic157.sys
+ 2004-04-10 03:17 . 2003-06-19 19:05 7952 c:\winnt\system32\dllcache\pwsdata.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 3088 c:\winnt\system32\dllcache\pciide.sys
+ 2009-10-22 01:45 . 1999-12-01 04:39 9488 c:\winnt\system32\dllcache\p6xxusd.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 6928 c:\winnt\system32\dllcache\ntlsapi.dll
+ 2009-10-22 01:45 . 1999-09-25 15:36 9104 c:\winnt\system32\dllcache\ntapm.sys
+ 2000-07-26 12:00 . 2003-06-19 19:05 9200 c:\winnt\system32\dllcache\ndistapi.sys
+ 2004-04-10 03:16 . 2003-06-19 19:05 4880 c:\winnt\system32\dllcache\nddeapir.exe
+ 2004-04-10 03:16 . 2003-06-19 19:05 7440 c:\winnt\system32\dllcache\msswchx.exe
+ 2009-10-22 01:38 . 1999-12-01 04:39 8464 c:\winnt\system32\dllcache\mssti.dll
+ 2004-04-09 22:46 . 1999-09-25 15:36 4816 c:\winnt\system32\dllcache\mspqm.sys
+ 2009-10-22 01:38 . 1999-09-25 15:36 5776 c:\winnt\system32\dllcache\msfsio.sys
+ 2009-10-22 01:38 . 1999-12-01 04:39 7440 c:\winnt\system32\dllcache\msf12sp.dll
+ 2009-10-22 01:38 . 1999-12-01 04:39 7440 c:\winnt\system32\dllcache\msf12cx.dll
+ 2009-10-22 01:38 . 1999-12-01 04:39 7440 c:\winnt\system32\dllcache\msf08sp.dll
+ 2009-10-22 01:38 . 1999-12-01 04:39 7440 c:\winnt\system32\dllcache\msf06sp.dll
+ 2009-10-22 01:38 . 1999-12-01 04:39 7440 c:\winnt\system32\dllcache\msf06cz.dll
+ 2009-10-22 01:38 . 1999-12-01 04:39 7440 c:\winnt\system32\dllcache\msf06cx.dll
+ 2004-04-10 03:15 . 2003-06-19 19:05 4126 c:\winnt\system32\dllcache\msdxmlc.dll
+ 2007-10-17 07:22 . 2003-06-19 19:05 8464 c:\winnt\system32\dllcache\mqperf.dll
+ 2004-04-10 03:14 . 2003-06-19 19:05 4639 c:\winnt\system32\dllcache\mplayer2.exe
+ 2009-10-22 01:38 . 1999-12-01 04:39 6928 c:\winnt\system32\dllcache\mphase32.dll
+ 2009-10-22 01:43 . 1999-10-01 02:29 8976 c:\winnt\system32\dllcache\mgwantr5.sys
+ 2009-10-22 01:38 . 1999-12-01 04:39 7440 c:\winnt\system32\dllcache\mfs12sp.dll
+ 2009-10-22 01:38 . 1999-12-01 04:39 7440 c:\winnt\system32\dllcache\mfs12cx.dll
+ 2009-10-22 01:38 . 1999-12-01 04:39 7440 c:\winnt\system32\dllcache\mfs08sp.dll
+ 2009-10-22 01:38 . 1999-12-01 04:39 7440 c:\winnt\system32\dllcache\mfs06sp.dll
+ 2009-10-22 01:38 . 1999-12-01 04:39 7440 c:\winnt\system32\dllcache\mfs06cz.dll
+ 2009-10-22 01:38 . 1999-12-01 04:39 7440 c:\winnt\system32\dllcache\mfs06cx.dll
+ 2009-10-22 01:38 . 1999-12-01 04:39 7440 c:\winnt\system32\dllcache\mf3.dll
+ 2009-10-22 01:43 . 1999-10-08 18:00 8176 c:\winnt\system32\dllcache\memcard.sys
+ 2009-10-22 01:43 . 1999-10-21 16:34 6128 c:\winnt\system32\dllcache\mammoth.sys
+ 2009-10-22 01:43 . 1999-09-30 20:25 5008 c:\winnt\system32\dllcache\loop.sys
+ 2009-10-22 01:43 . 1999-11-30 06:33 8976 c:\winnt\system32\dllcache\lgdvrc.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 6416 c:\winnt\system32\dllcache\kbdro.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 6416 c:\winnt\system32\dllcache\kbdlt1.dll
+ 2009-10-22 01:43 . 1999-11-30 06:33 8464 c:\winnt\system32\dllcache\kbdkor.dll
+ 2009-10-22 01:43 . 1999-11-30 06:33 8976 c:\winnt\system32\dllcache\kbdjpn.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 6928 c:\winnt\system32\dllcache\kbdca.dll
+ 2009-10-22 01:42 . 1999-11-30 06:33 6416 c:\winnt\system32\dllcache\kbd103.dll
+ 2009-10-22 01:42 . 1999-11-30 06:33 6928 c:\winnt\system32\dllcache\kbd101c.dll
+ 2009-10-22 01:42 . 1999-11-30 06:33 6416 c:\winnt\system32\dllcache\kbd101b.dll
+ 2009-10-22 01:42 . 2003-06-19 19:05 9968 c:\winnt\system32\dllcache\jvcmc.sys
+ 2009-10-22 01:38 . 1999-12-01 04:39 7440 c:\winnt\system32\dllcache\is4x.dll
+ 2009-10-22 01:38 . 1999-12-01 04:39 7440 c:\winnt\system32\dllcache\is450.dll
+ 2009-10-22 01:38 . 1999-12-01 04:39 7440 c:\winnt\system32\dllcache\is410.dll
+ 2009-10-22 01:38 . 1999-12-01 04:39 7440 c:\winnt\system32\dllcache\is01.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 4368 c:\winnt\system32\dllcache\iprop.dll
+ 2009-10-22 01:42 . 2003-06-19 19:05 4624 c:\winnt\system32\dllcache\intelide.sys
+ 2004-04-10 03:11 . 2003-06-19 19:05 9488 c:\winnt\system32\dllcache\infoctrs.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 8464 c:\winnt\system32\dllcache\inetmgr.exe
+ 2009-10-22 01:38 . 1999-11-30 06:32 7680 c:\winnt\system32\dllcache\ibmsgnet.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 9488 c:\winnt\system32\dllcache\httpmib.dll
+ 2009-10-22 01:42 . 1999-10-21 16:34 5744 c:\winnt\system32\dllcache\hpt4qic.sys
+ 2009-10-22 01:42 . 1999-12-01 04:39 8464 c:\winnt\system32\dllcache\hpsjusd.dll
+ 2009-10-22 01:42 . 1999-10-21 19:52 8720 c:\winnt\system32\dllcache\hidgame.sys
+ 2009-10-22 01:42 . 2003-06-19 19:05 9808 c:\winnt\system32\dllcache\gameenum.sys
+ 2004-04-10 03:11 . 2003-06-19 19:05 6928 c:\winnt\system32\dllcache\ftpsapi2.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 6416 c:\winnt\system32\dllcache\ftpmib.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 8464 c:\winnt\system32\dllcache\ftpctrs2.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 7600 c:\winnt\system32\dllcache\fs_rec.sys
+ 2009-10-22 01:41 . 1999-10-21 16:34 6320 c:\winnt\system32\dllcache\exabyte2.sys
+ 2009-10-22 01:41 . 1999-10-21 16:34 4880 c:\winnt\system32\dllcache\exabyte1.sys
+ 2009-10-22 01:41 . 2003-06-19 19:05 9776 c:\winnt\system32\dllcache\elmsmc.sys
+ 2009-10-22 01:37 . 1999-10-01 02:28 7648 c:\winnt\system32\dllcache\ecvbus.sys
+ 2009-10-22 01:37 . 1999-10-01 02:28 8960 c:\winnt\system32\dllcache\ecsnadd.sys
+ 2009-10-22 01:37 . 1999-10-01 02:28 7648 c:\winnt\system32\dllcache\ecdtrace.sys
+ 2009-10-22 01:37 . 1999-12-01 04:38 7440 c:\winnt\system32\dllcache\dr3020.dll
+ 2009-10-22 01:37 . 1999-09-25 15:34 8752 c:\winnt\system32\dllcache\dot4scan.sys
+ 2000-07-26 12:00 . 2003-06-19 19:05 7312 c:\winnt\system32\dllcache\dmload.sys
+ 2009-10-22 01:41 . 2003-06-19 19:05 6608 c:\winnt\system32\dllcache\dlttape.sys
+ 2004-04-10 03:10 . 2003-06-19 19:05 5904 c:\winnt\system32\dllcache\dllhst3g.exe
+ 2004-04-10 03:10 . 2003-06-19 19:05 5904 c:\winnt\system32\dllcache\dllhost.exe
+ 2000-07-26 12:00 . 2003-06-19 19:05 7728 c:\winnt\system32\dllcache\diskperf.sys
+ 2009-10-22 01:40 . 1999-10-01 02:29 6928 c:\winnt\system32\dllcache\disdnci.dll
+ 2009-10-22 01:40 . 2003-06-19 19:05 9680 c:\winnt\system32\dllcache\ddsmc.sys
+ 2009-10-22 01:40 . 1999-11-11 20:13 3344 c:\winnt\system32\dllcache\cwcosnt5.sys
+ 2009-10-22 01:40 . 1999-10-08 18:32 3136 c:\winnt\system32\dllcache\cwbmidi.sys
+ 2009-10-22 01:40 . 1999-10-08 18:31 3104 c:\winnt\system32\dllcache\cwbase.sys
+ 2009-10-22 01:40 . 1999-10-07 20:38 4128 c:\winnt\system32\dllcache\ctljystk.sys
+ 2004-04-10 03:10 . 2003-06-19 19:05 5392 c:\winnt\system32\dllcache\csrss.exe
+ 2004-04-10 03:10 . 2003-06-19 19:05 7440 c:\winnt\system32\dllcache\control.exe
+ 2009-10-22 01:40 . 2003-06-19 19:05 9264 c:\winnt\system32\dllcache\compbatt.sys
+ 2004-04-10 03:10 . 2003-06-19 19:05 3856 c:\winnt\system32\dllcache\comcat.dll
+ 2009-10-22 01:40 . 2003-06-19 19:05 9904 c:\winnt\system32\dllcache\cmbatt.sys
+ 2009-10-22 01:40 . 1999-09-28 00:29 7536 c:\winnt\system32\dllcache\changer.sys
+ 2009-10-22 01:40 . 1999-09-25 16:11 7568 c:\winnt\system32\dllcache\cd20xrnt.sys
+ 2004-04-10 03:10 . 2003-06-19 19:05 7440 c:\winnt\system32\dllcache\c_is2022.dll
+ 2009-10-22 01:40 . 2003-06-19 19:05 9392 c:\winnt\system32\dllcache\breecemc.sys
+ 2004-04-10 03:10 . 2003-06-19 19:05 8976 c:\winnt\system32\dllcache\autolfn.exe
+ 2004-04-09 17:42 . 1999-09-25 10:35 2896 c:\winnt\system32\dllcache\audstub.sys
+ 2009-10-22 01:39 . 2003-06-19 19:05 9424 c:\winnt\system32\dllcache\atlmc.sys
+ 2009-10-22 01:39 . 1999-10-21 16:34 6544 c:\winnt\system32\dllcache\archqic.sys
+ 2009-10-22 01:39 . 1999-09-25 15:36 6320 c:\winnt\system32\dllcache\apmbatt.sys
+ 2009-10-22 01:39 . 1999-10-07 20:32 3056 c:\winnt\system32\dllcache\alsfm.sys
+ 2009-10-22 01:37 . 1999-12-01 04:38 7440 c:\winnt\system32\dllcache\af450.dll
+ 2009-10-22 01:39 . 2003-06-19 19:05 9968 c:\winnt\system32\dllcache\adicvls.sys
+ 2009-10-22 01:39 . 2003-06-19 19:05 9904 c:\winnt\system32\dllcache\adicsc.sys
+ 2004-04-10 03:19 . 2003-06-19 19:05 172664 c:\winnt\system32\dllcache\xenroll.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 195856 c:\winnt\system32\dllcache\wzcsvc.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 542480 c:\winnt\system32\dllcache\wsecedit.dll
+ 2005-01-12 19:40 . 2005-01-12 19:40 239888 c:\winnt\system32\dllcache\wow32.dll
- 2005-02-06 23:06 . 2005-01-12 19:40 239888 c:\winnt\system32\dllcache\wow32.dll
+ 2004-04-10 03:19 . 2003-06-19 19:05 110681 c:\winnt\system32\dllcache\wmiprov.dll
+ 2005-01-12 19:39 . 2005-01-12 19:39 167184 c:\winnt\system32\dllcache\wintrust.dll
- 2004-04-30 03:23 . 2005-01-12 19:39 167184 c:\winnt\system32\dllcache\wintrust.dll
- 2005-02-06 23:07 . 2007-03-13 09:44 245520 c:\winnt\system32\dllcache\winsrv.dll
+ 2000-07-26 12:00 . 2007-03-13 09:44 245520 c:\winnt\system32\dllcache\winsrv.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 113936 c:\winnt\system32\dllcache\winspool.drv
+ 2004-04-10 03:19 . 2003-06-19 19:05 239376 c:\winnt\system32\dllcache\winsmon.dll
+ 2004-04-10 03:19 . 2003-06-19 19:05 193296 c:\winnt\system32\dllcache\winrep.exe
+ 2004-04-10 03:19 . 2003-06-19 19:05 196706 c:\winnt\system32\dllcache\winmgmt.exe
- 2005-02-06 23:04 . 2005-04-08 11:51 186640 c:\winnt\system32\dllcache\WINLOGON.EXE
+ 2005-04-08 11:51 . 2005-04-08 11:51 186640 c:\winnt\system32\dllcache\winlogon.exe
- 2004-12-07 22:37 . 2009-06-26 17:53 576512 c:\winnt\system32\dllcache\WININET.DLL
+ 2009-06-26 17:53 . 2009-06-26 17:53 576512 c:\winnt\system32\dllcache\wininet.dll
+ 2004-04-10 03:19 . 2003-06-19 19:05 270608 c:\winnt\system32\dllcache\winhlp32.exe
+ 2009-10-22 01:47 . 1999-09-25 04:55 602128 c:\winnt\system32\dllcache\winacpci.sys
+ 2009-10-22 01:39 . 1999-09-25 04:55 771824 c:\winnt\system32\dllcache\winacisa.sys
+ 2004-04-10 03:18 . 2003-06-19 19:05 163927 c:\winnt\system32\dllcache\wbemtest.exe
+ 2004-04-10 03:18 . 2003-06-19 19:05 372825 c:\winnt\system32\dllcache\wbemess.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 168013 c:\winnt\system32\dllcache\wbemdisp.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 647257 c:\winnt\system32\dllcache\wbemcore.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 708696 c:\winnt\system32\dllcache\wbemcomn.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 254018 c:\winnt\system32\dllcache\wbemcntl.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 155920 c:\winnt\system32\dllcache\wavemsp.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 353552 c:\winnt\system32\dllcache\w95upgnt.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 346384 c:\winnt\system32\dllcache\w3svc.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 425232 c:\winnt\system32\dllcache\w3scfg.dll
+ 2009-10-22 01:47 . 1999-12-01 04:39 253200 c:\winnt\system32\dllcache\vssetup.dll
+ 2009-10-22 01:47 . 1999-12-07 21:43 333168 c:\winnt\system32\dllcache\voodoo3.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 977680 c:\winnt\system32\dllcache\vfpodbc.dll
- 2002-02-26 20:58 . 2008-01-05 09:05 401408 c:\winnt\system32\dllcache\vbscript.dll
+ 2008-01-05 09:05 . 2008-01-05 09:05 401408 c:\winnt\system32\dllcache\vbscript.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 315664 c:\winnt\system32\dllcache\usp10.dll
- 2003-08-05 20:14 . 2005-04-08 11:54 399120 c:\winnt\system32\dllcache\USERENV.DLL
+ 2005-04-08 11:54 . 2005-04-08 11:54 399120 c:\winnt\system32\dllcache\userenv.dll
- 2004-12-07 22:37 . 2009-06-26 17:52 462336 c:\winnt\system32\dllcache\URLMON.DLL
+ 2009-06-26 17:52 . 2009-06-26 17:52 462336 c:\winnt\system32\dllcache\urlmon.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 173232 c:\winnt\system32\dllcache\update.sys
+ 2000-07-26 12:00 . 2005-01-12 19:40 322832 c:\winnt\system32\dllcache\untfs.dll
- 2005-01-12 19:40 . 2005-01-12 19:40 322832 c:\winnt\system32\dllcache\untfs.dll
+ 2004-05-13 02:53 . 2002-12-11 20:08 192512 c:\winnt\system32\dllcache\unregmp2.exe
+ 2000-07-26 12:00 . 2003-06-19 19:05 261392 c:\winnt\system32\dllcache\ulib.dll
- 2004-04-30 03:23 . 2005-09-05 08:18 398608 c:\winnt\system32\dllcache\txfaux.dll
+ 2005-09-05 08:18 . 2005-09-05 08:18 398608 c:\winnt\system32\dllcache\txfaux.dll
+ 2009-10-22 01:47 . 1999-12-01 04:39 323856 c:\winnt\system32\dllcache\twui200.dll
+ 2009-10-22 01:47 . 1999-12-01 04:39 165648 c:\winnt\system32\dllcache\twui120.dll
+ 2009-10-22 01:47 . 1999-11-30 06:34 804112 c:\winnt\system32\dllcache\twrc200.dll
+ 2009-10-22 01:47 . 1999-11-30 06:34 484112 c:\winnt\system32\dllcache\twrc120.dll
+ 2009-10-22 01:47 . 1999-11-19 19:11 154384 c:\winnt\system32\dllcache\tridkbm.sys
+ 2009-10-22 01:47 . 1999-12-07 21:43 523408 c:\winnt\system32\dllcache\tridkb.dll
+ 2009-10-22 01:47 . 1999-11-19 19:11 191888 c:\winnt\system32\dllcache\trid3dm.sys
+ 2009-10-22 01:47 . 1999-12-07 21:43 277520 c:\winnt\system32\dllcache\trid3d.dll
+ 2009-10-22 01:47 . 1999-10-06 20:50 231408 c:\winnt\system32\dllcache\tosdvd03.sys
+ 2009-10-22 01:47 . 1999-10-06 20:50 242256 c:\winnt\system32\dllcache\tosdvd02.sys
+ 2004-04-10 03:18 . 2003-06-19 19:05 186128 c:\winnt\system32\dllcache\tlntsvr.exe
+ 2009-10-22 01:47 . 1999-09-25 00:18 123856 c:\winnt\system32\dllcache\tjisdn.sys
+ 2004-04-10 03:18 . 2003-06-19 19:05 187664 c:\winnt\system32\dllcache\thumbvw.dll
+ 2009-10-22 01:47 . 1999-10-29 20:25 141136 c:\winnt\system32\dllcache\tgiulnt5.sys
- 2005-05-12 10:25 . 2008-06-18 10:05 320528 c:\winnt\system32\dllcache\tcpip.sys
+ 2000-07-26 12:00 . 2008-06-18 10:05 320528 c:\winnt\system32\dllcache\tcpip.sys
- 2005-01-13 09:10 . 2005-07-02 11:30 175888 c:\winnt\system32\dllcache\tapisrv.dll
+ 2005-07-02 11:30 . 2005-07-02 11:30 175888 c:\winnt\system32\dllcache\tapisrv.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 126736 c:\winnt\system32\dllcache\tapi32.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 375568 c:\winnt\system32\dllcache\tapi3.dll
+ 2009-10-22 01:47 . 1999-12-07 21:43 251312 c:\winnt\system32\dllcache\t2r4disp.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 509712 c:\winnt\system32\dllcache\syssetup.dll
+ 2009-10-22 01:47 . 1999-12-01 04:39 346624 c:\winnt\system32\dllcache\syncprop.dll
+ 2004-04-10 03:18 . 2008-06-19 12:28 247326 c:\winnt\system32\dllcache\strmdll.dll
- 2006-08-21 15:52 . 2008-06-19 12:28 247326 c:\winnt\system32\dllcache\strmdll.dll
+ 2009-10-22 01:39 . 1999-12-01 04:39 176400 c:\winnt\system32\dllcache\stlnprop.dll
+ 2009-10-22 01:39 . 1999-11-03 13:37 280912 c:\winnt\system32\dllcache\stlnata.sys
+ 2009-10-22 01:47 . 1999-12-01 04:39 186640 c:\winnt\system32\dllcache\stivs32.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 180312 c:\winnt\system32\dllcache\stdprov.dll
- 2005-05-03 08:10 . 2008-12-11 12:09 239472 c:\winnt\system32\dllcache\srv.sys
+ 2000-07-26 12:00 . 2008-12-11 12:09 239472 c:\winnt\system32\dllcache\srv.sys
+ 2009-10-22 01:39 . 1999-12-01 04:39 420624 c:\winnt\system32\dllcache\spxports.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 187024 c:\winnt\system32\dllcache\spcmdcon.sys
+ 2004-04-10 03:13 . 2003-06-19 19:05 120448 c:\winnt\system32\dllcache\softkey.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 214288 c:\winnt\system32\dllcache\snmpsnap.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 107792 c:\winnt\system32\dllcache\sndrec32.exe
+ 2004-04-10 03:18 . 2003-06-19 19:05 159841 c:\winnt\system32\dllcache\smtpcons.dll
+ 2009-10-22 01:46 . 2003-06-20 02:45 444176 c:\winnt\system32\dllcache\smtp_smtpsvc.dll
+ 2009-10-22 01:46 . 2003-06-20 02:45 183568 c:\winnt\system32\dllcache\smtp_smtpadm.dll
+ 2009-10-22 01:46 . 2003-06-20 02:45 234768 c:\winnt\system32\dllcache\smtp_seo.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 402704 c:\winnt\system32\dllcache\smtp_cdonts.dll
+ 2009-10-22 01:39 . 2003-06-20 02:44 322320 c:\winnt\system32\dllcache\smtp_aqueue.dll
+ 2004-04-10 03:18 . 2003-06-19 19:05 285456 c:\winnt\system32\dllcache\smlogcfg.dll
+ 2009-10-22 01:39 . 2003-06-19 19:05 104656 c:\winnt\system32\dllcache\skfpwin.sys
+ 2009-10-22 01:39 . 1999-12-07 21:43 188688 c:\winnt\system32\dllcache\sisv256.dll
+ 2009-10-22 01:39 . 1999-12-07 21:43 179792 c:\winnt\system32\dllcache\sis6306v.dll
+ 2009-10-22 01:46 . 1999-12-07 21:43 190512 c:\winnt\system32\dllcache\sis300v.dll
+ 2009-06-26 17:47 . 2009-06-26 17:47 402944 c:\winnt\system32\dllcache\shlwapi.dll
- 2004-12-08 00:11 . 2009-06-26 17:47 402944 c:\winnt\system32\dllcache\SHLWAPI.DLL
+ 2009-10-22 01:46 . 1999-12-07 21:43 493424 c:\winnt\system32\dllcache\sgiul50.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 148400 c:\winnt\system32\dllcache\sfmatalk.sys
+ 2005-04-08 10:34 . 2005-04-08 10:34 973072 c:\winnt\system32\dllcache\sfcfiles.dll
- 2004-04-30 03:23 . 2005-04-08 10:34 973072 c:\winnt\system32\dllcache\sfcfiles.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 570128 c:\winnt\system32\dllcache\setupapi.dll
+ 2004-04-10 03:17 . 2003-06-19 19:05 159820 c:\winnt\system32\dllcache\scrcons.exe
+ 2008-11-18 14:08 . 2008-11-18 14:08 147728 c:\winnt\system32\dllcache\schannel.dll
+ 2005-01-12 19:39 . 2005-01-12 19:39 261904 c:\winnt\system32\dllcache\scesrv.dll
- 2004-04-30 03:23 . 2005-01-12 19:39 261904 c:\winnt\system32\dllcache\scesrv.dll
+ 2005-01-12 19:39 . 2005-01-12 19:39 114448 c:\winnt\system32\dllcache\scecli.dll
- 2004-04-30 03:23 . 2005-01-12 19:39 114448 c:\winnt\system32\dllcache\scecli.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 100112 c:\winnt\system32\dllcache\scardsvr.exe
- 2004-04-30 03:23 . 2005-04-08 11:54 390416 c:\winnt\system32\dllcache\samsrv.dll
+ 2000-07-26 12:00 . 2005-04-08 11:54 390416 c:\winnt\system32\dllcache\samsrv.dll
+ 2009-10-22 01:46 . 1999-12-07 21:43 246256 c:\winnt\system32\dllcache\s3sav4.dll
+ 2009-10-22 01:46 . 1999-12-07 21:43 213776 c:\winnt\system32\dllcache\s3sav3d.dll
+ 2009-10-22 01:46 . 1999-12-07 21:43 304688 c:\winnt\system32\dllcache\s3mvirge.dll
+ 2009-10-22 01:46 . 1999-12-07 21:43 293456 c:\winnt\system32\dllcache\s3mt3d.dll
+ 2009-10-22 01:46 . 1999-11-19 19:20 168112 c:\winnt\system32\dllcache\s3m.sys
+ 2004-04-10 03:17 . 2003-06-19 19:05 176912 c:\winnt\system32\dllcache\rsvp.exe
+ 2004-04-10 03:17 . 2003-06-19 19:05 108304 c:\winnt\system32\dllcache\rsnotify.exe
+ 2004-04-10 03:16 . 2003-06-19 19:05 134928 c:\winnt\system32\dllcache\rsaenh.dll
+ 2004-04-10 03:17 . 2003-06-19 19:05 132368 c:\winnt\system32\dllcache\rsabase.dll
+ 2005-09-05 08:18 . 2005-09-05 08:18 212240 c:\winnt\system32\dllcache\rpcss.dll
- 2005-01-13 23:27 . 2005-09-05 08:18 212240 c:\winnt\system32\dllcache\rpcss.dll
+ 2009-04-22 13:38 . 2009-04-22 13:38 437008 c:\winnt\system32\dllcache\rpcrt4.dll
- 2004-04-30 03:23 . 2009-04-22 13:38 437008 c:\winnt\system32\dllcache\rpcrt4.dll
+ 2004-04-10 03:17 . 2003-06-19 19:05 105232 c:\winnt\system32\dllcache\rend.dll
+ 2004-04-10 03:17 . 2003-06-19 19:05 139536 c:\winnt\system32\dllcache\regedt32.exe
+ 2000-07-26 12:00 . 2008-08-27 16:28 170800 c:\winnt\system32\dllcache\rdbss.sys
- 2005-02-18 14:04 . 2008-08-27 16:28 170800 c:\winnt\system32\dllcache\rdbss.sys
+ 2004-04-10 03:17 . 2003-06-19 19:05 100624 c:\winnt\system32\dllcache\rastls.dll
+ 2004-04-10 03:17 . 2003-06-19 19:05 198928 c:\winnt\system32\dllcache\rasppp.dll
+ 2004-04-10 03:17 . 2003-06-19 19:05 154896 c:\winnt\system32\dllcache\rasmontr.dll
- 2005-01-12 19:39 . 2005-01-12 19:39 531216 c:\winnt\system32\dllcache\rasdlg.dll
+ 2000-07-26 12:00 . 2005-01-12 19:39 531216 c:\winnt\system32\dllcache\rasdlg.dll
+ 2000-07-26 12:00 . 2005-04-08 11:54 200464 c:\winnt\system32\dllcache\rasapi32.dll
- 2005-04-08 11:54 . 2005-04-08 11:54 200464 c:\winnt\system32\dllcache\rasapi32.dll
+ 2004-04-10 03:16 . 2004-10-05 15:43 362496 c:\winnt\system32\dllcache\qmgr.dll
- 2004-10-05 15:43 . 2004-10-05 15:43 362496 c:\winnt\system32\dllcache\qmgr.dll
+ 2004-04-10 03:17 . 2003-06-19 19:05 378128 c:\winnt\system32\dllcache\pws.exe
- 2004-04-30 03:23 . 2005-04-08 11:54 117520 c:\winnt\system32\dllcache\PSBASE.DLL
+ 2005-04-08 11:54 . 2005-04-08 11:54 117520 c:\winnt\system32\dllcache\psbase.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 381712 c:\winnt\system32\dllcache\printui.dll
+ 2009-10-22 01:46 . 1999-12-01 04:40 149264 c:\winnt\system32\dllcache\portmon.exe
+ 2004-04-10 02:28 . 2003-06-19 19:05 148208 c:\winnt\system32\dllcache\portcls.sys
+ 2009-10-22 01:45 . 1999-12-07 21:43 142320 c:\winnt\system32\dllcache\perm2dll.dll
+ 2009-10-22 01:45 . 1999-12-01 04:40 108304 c:\winnt\system32\dllcache\peer.exe
+ 2004-04-10 03:17 . 2003-06-19 19:05 151824 c:\winnt\system32\dllcache\pdh.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 109584 c:\winnt\system32\dllcache\pcmcia.sys
+ 2004-04-10 03:17 . 2003-06-19 19:05 221456 c:\winnt\system32\dllcache\osk.exe
+ 2004-04-10 03:17 . 2003-06-19 19:05 692496 c:\winnt\system32\dllcache\opengl32.dll
+ 2004-04-10 03:17 . 2003-06-19 19:05 164112 c:\winnt\system32\dllcache\olepro32.dll
+ 2004-04-10 03:17 . 2003-06-19 19:05 106256 c:\winnt\system32\dllcache\oleprn.dll
- 2007-08-26 02:07 . 2007-12-05 10:40 631056 c:\winnt\system32\dllcache\oleaut32.dll
+ 2000-07-26 12:00 . 2007-12-05 10:40 631056 c:\winnt\system32\dllcache\oleaut32.dll
+ 2005-09-05 08:18 . 2005-09-05 08:18 957712 c:\winnt\system32\dllcache\ole32.dll
- 2005-01-13 23:27 . 2005-09-05 08:18 957712 c:\winnt\system32\dllcache\OLE32.DLL
+ 2004-04-10 03:17 . 2003-06-19 19:05 110080 c:\winnt\system32\dllcache\offfilt.dll
+ 2004-04-10 03:17 . 2003-06-19 19:05 270608 c:\winnt\system32\dllcache\odbcjt32.dll
+ 2009-10-22 01:45 . 1999-09-25 00:17 175376 c:\winnt\system32\dllcache\oct3xnd5.sys
+ 2004-04-10 03:16 . 2003-06-19 19:05 214800 c:\winnt\system32\dllcache\objsel.dll
+ 2000-07-26 12:00 . 2006-09-01 04:57 161520 c:\winnt\system32\dllcache\nwrdr.sys
- 2004-09-06 06:06 . 2006-09-01 04:57 161520 c:\winnt\system32\dllcache\nwrdr.sys
- 2006-09-01 05:49 . 2006-09-01 05:49 140048 c:\winnt\system32\dllcache\nwprovau.dll
+ 2000-07-26 12:00 . 2006-09-01 05:49 140048 c:\winnt\system32\dllcache\nwprovau.dll
+ 2009-10-22 01:45 . 1999-10-27 20:23 345040 c:\winnt\system32\dllcache\nv4.sys
+ 2009-10-22 01:45 . 1999-12-07 21:43 530192 c:\winnt\system32\dllcache\nv4.dll
+ 2009-10-22 01:45 . 1999-10-27 20:21 201328 c:\winnt\system32\dllcache\nv3.sys
+ 2009-10-22 01:45 . 1999-12-07 21:43 125680 c:\winnt\system32\dllcache\nv3.dll
+ 2000-07-26 12:00 . 2004-12-15 04:54 398608 c:\winnt\system32\dllcache\ntvdm.exe
- 2005-02-06 23:06 . 2004-12-15 04:54 398608 c:\winnt\system32\dllcache\ntvdm.exe
+ 2004-04-10 03:16 . 2003-06-19 19:05 401168 c:\winnt\system32\dllcache\ntmssvc.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 173328 c:\winnt\system32\dllcache\ntmsdba.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 102672 c:\winnt\system32\dllcache\ntmarta.dll
- 2003-06-04 20:11 . 2005-05-10 09:20 513424 c:\winnt\system32\dllcache\ntfs.sys
+ 2000-07-26 12:00 . 2005-05-10 09:20 513424 c:\winnt\system32\dllcache\ntfs.sys
+ 2004-04-10 03:16 . 2003-06-19 19:05 196671 c:\winnt\system32\dllcache\ntevt.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 165136 c:\winnt\system32\dllcache\ntdsutil.exe
- 2004-04-30 03:23 . 2005-01-13 09:09 483600 c:\winnt\system32\dllcache\ntdll.dll
+ 2000-07-26 12:00 . 2005-08-16 09:39 483600 c:\winnt\system32\dllcache\ntdll.dll
+ 2004-04-10 03:16 . 2005-11-29 22:27 364544 c:\winnt\system32\dllcache\npdsplay.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 177424 c:\winnt\system32\dllcache\nmwb.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 136464 c:\winnt\system32\dllcache\nmft.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 212240 c:\winnt\system32\dllcache\nmas.dll
+ 2009-10-22 01:45 . 1999-10-06 21:17 111920 c:\winnt\system32\dllcache\nm5a2wdm.sys
- 2003-06-11 16:40 . 2005-01-12 19:39 114448 c:\winnt\system32\dllcache\newdev.dll
+ 2005-01-12 19:39 . 2005-01-12 19:39 114448 c:\winnt\system32\dllcache\newdev.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 477456 c:\winnt\system32\dllcache\netshell.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 173840 c:\winnt\system32\dllcache\netplwiz.dll
- 2004-04-30 03:23 . 2005-04-08 11:54 366864 c:\winnt\system32\dllcache\NETLOGON.DLL
+ 2005-04-08 11:54 . 2005-04-08 11:54 366864 c:\winnt\system32\dllcache\netlogon.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 131344 c:\winnt\system32\dllcache\netid.dll
+ 2000-07-26 12:00 . 2005-04-08 11:51 175632 c:\winnt\system32\dllcache\netbt.sys
- 2004-04-10 03:40 . 2005-04-08 11:51 175632 c:\winnt\system32\dllcache\netbt.sys
- 2005-02-06 23:05 . 2008-10-17 17:41 310032 c:\winnt\system32\dllcache\NETAPI32.DLL
+ 2008-10-17 17:41 . 2008-10-17 17:41 310032 c:\winnt\system32\dllcache\netapi32.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 124176 c:\winnt\system32\dllcache\net1.exe
+ 2000-07-26 12:00 . 2003-06-19 19:05 170928 c:\winnt\system32\dllcache\ndis.sys
+ 2009-10-22 01:45 . 1999-12-07 21:43 128240 c:\winnt\system32\dllcache\n9i3disp.dll
+ 2009-10-22 01:45 . 1999-12-07 21:43 100592 c:\winnt\system32\dllcache\n9i128v2.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 110352 c:\winnt\system32\dllcache\mycomput.dll
+ 2004-04-10 03:13 . 2003-06-19 19:05 177056 c:\winnt\system32\dllcache\multibox.dll
+ 2004-04-30 03:23 . 2003-06-19 19:05 151312 c:\winnt\system32\dllcache\mtstocom.exe
+ 2004-04-10 03:16 . 2003-06-19 19:05 514320 c:\winnt\system32\dllcache\msxml.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 116496 c:\winnt\system32\dllcache\msvfw32.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 286773 c:\winnt\system32\dllcache\msvcrt.dll
+ 2000-07-26 12:00 . 2005-04-08 11:51 125200 c:\winnt\system32\dllcache\msv1_0.dll
- 2004-04-30 03:23 . 2005-04-08 11:51 125200 c:\winnt\system32\dllcache\msv1_0.dll
+ 2004-09-07 15:59 . 2004-09-07 15:59 122128 c:\winnt\system32\dllcache\mstask.exe
- 2004-04-05 16:51 . 2004-09-07 15:59 122128 c:\winnt\system32\dllcache\mstask.exe
+ 2004-04-09 17:45 . 2003-06-19 19:05 319760 c:\winnt\system32\dllcache\mspaint.exe
+ 2004-04-10 03:15 . 2003-06-19 19:05 319760 c:\winnt\system32\dllcache\msinfo32.dll
+ 2004-04-10 03:15 . 2005-05-04 19:45 884736 c:\winnt\system32\dllcache\msimsg.dll
+ 2004-04-10 03:15 . 2005-05-04 19:45 271360 c:\winnt\system32\dllcache\msihnd.dll
+ 2005-04-08 11:54 . 2005-04-08 11:54 338704 c:\winnt\system32\dllcache\msgina.dll
- 2005-02-06 23:07 . 2005-04-08 11:54 338704 c:\winnt\system32\dllcache\MSGINA.DLL
- 2004-04-30 03:23 . 2008-06-25 12:33 728336 c:\winnt\system32\dllcache\msdtcprx.dll
+ 2006-04-23 08:01 . 2008-06-25 12:33 728336 c:\winnt\system32\dllcache\msdtcprx.dll
+ 2004-04-10 03:14 . 2003-06-19 19:05 236304 c:\winnt\system32\dllcache\msclus.dll
- 2005-02-18 14:04 . 2008-08-27 16:29 416016 c:\winnt\system32\dllcache\mrxsmb.sys
+ 2000-07-26 12:00 . 2008-08-27 16:29 416016 c:\winnt\system32\dllcache\mrxsmb.sys
+ 2004-04-10 03:14 . 2003-06-19 19:05 297744 c:\winnt\system32\dllcache\mqxp32.dll
+ 2007-10-17 07:22 . 2003-06-19 19:05 110352 c:\winnt\system32\dllcache\mqutil.dll
+ 2007-10-17 07:22 . 2003-06-19 19:05 400656 c:\winnt\system32\dllcache\mqsnap.dll
- 2007-10-17 07:22 . 2007-10-17 07:22 400656 c:\winnt\system32\dllcache\mqsnap.dll
+ 2007-10-17 07:22 . 2003-06-19 19:05 102672 c:\winnt\system32\dllcache\mqrt.dll
- 2007-10-17 07:22 . 2007-10-17 07:22 102672 c:\winnt\system32\dllcache\mqrt.dll
+ 2007-10-17 07:22 . 2003-06-19 19:05 428304 c:\winnt\system32\dllcache\mqqm.dll
+ 2007-10-17 07:22 . 2003-06-19 19:05 222480 c:\winnt\system32\dllcache\mqoa.dll
- 2007-10-17 07:22 . 2007-10-17 07:22 222480 c:\winnt\system32\dllcache\mqoa.dll
+ 2007-10-17 07:22 . 2003-06-19 19:05 266000 c:\winnt\system32\dllcache\mqmigrat.dll
+ 2004-04-10 03:14 . 2003-06-19 19:05 185104 c:\winnt\system32\dllcache\mqmailvb.dll
+ 2007-10-17 07:22 . 2003-06-19 19:05 217360 c:\winnt\system32\dllcache\mqads.dll
+ 2007-10-17 07:22 . 2003-06-19 19:05 281872 c:\winnt\system32\dllcache\mq1repl.dll
+ 2004-04-10 03:14 . 2003-06-19 19:05 139353 c:\winnt\system32\dllcache\mofd.dll
+ 2004-04-10 03:13 . 2003-06-19 19:05 111376 c:\winnt\system32\dllcache\mobsync.exe
+ 2004-04-10 03:13 . 2003-06-19 19:05 169232 c:\winnt\system32\dllcache\mobsync.dll
- 2006-08-11 03:18 . 2006-07-25 05:08 840976 c:\winnt\system32\dllcache\mmcndmgr.dll
+ 2004-04-10 03:13 . 2006-07-25 05:08 840976 c:\winnt\system32\dllcache\mmcndmgr.dll
+ 2004-04-10 03:13 . 2006-07-06 16:52 613648 c:\winnt\system32\dllcache\mmc.exe
- 2006-07-06 16:52 . 2006-07-06 16:52 613648 c:\winnt\system32\dllcache\mmc.exe
+ 2009-10-22 01:43 . 1999-11-29 22:47 150960 c:\winnt\system32\dllcache\mga64m.sys
+ 2009-10-22 01:43 . 1999-12-07 21:43 551536 c:\winnt\system32\dllcache\mga64d.dll
+ 2004-04-10 03:13 . 2003-06-19 19:05 102160 c:\winnt\system32\dllcache\mdminst.dll
+ 2009-10-22 01:43 . 1999-10-04 19:01 150992 c:\winnt\system32\dllcache\mdgndis5.sys
+ 2009-10-22 01:43 . 1999-10-23 18:01 410832 c:\winnt\system32\dllcache\ltmdmntt.sys
+ 2009-10-22 01:43 . 1999-11-08 21:38 543056 c:\winnt\system32\dllcache\ltmdmntl.sys
+ 2009-10-22 01:43 . 1999-10-23 18:01 408016 c:\winnt\system32\dllcache\ltmdmntc.sys
+ 2009-10-22 01:43 . 1999-10-23 18:01 413712 c:\winnt\system32\dllcache\ltmdmnt.sys
+ 2007-10-16 11:34 . 2007-10-16 11:34 513808 c:\winnt\system32\dllcache\lsasrv.dll
- 2005-04-08 11:54 . 2009-05-07 06:41 263440 c:\winnt\system32\dllcache\localspl.dll
+ 2000-07-26 12:00 . 2009-05-07 06:41 263440 c:\winnt\system32\dllcache\localspl.dll
+ 2004-04-10 03:13 . 2003-06-19 19:05 246032 c:\winnt\system32\dllcache\localsec.dll
+ 2009-10-22 01:43 . 1999-11-30 06:33 221456 c:\winnt\system32\dllcache\lgpusbrc.dll
+ 2004-04-10 02:28 . 2003-06-19 19:05 148304 c:\winnt\system32\dllcache\kmixer.sys
- 2005-02-06 23:07 . 2007-04-16 12:44 712976 c:\winnt\system32\dllcache\kernel32.dll
+ 2000-07-26 12:00 . 2007-04-16 12:44 712976 c:\winnt\system32\dllcache\kernel32.dll
+ 2008-01-05 09:05 . 2009-06-24 18:02 458752 c:\winnt\system32\dllcache\jscript.dll
- 2006-05-17 16:43 . 2009-06-24 18:02 458752 c:\winnt\system32\dllcache\jscript.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 374032 c:\winnt\system32\dllcache\jet500.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 159504 c:\winnt\system32\dllcache\iprtrmgr.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 165648 c:\winnt\system32\dllcache\instsch5.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 152336 c:\winnt\system32\dllcache\instrsa5.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 111376 c:\winnt\system32\dllcache\instndi5.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 536848 c:\winnt\system32\dllcache\instlsa5.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 164112 c:\winnt\system32\dllcache\instdss5.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 138000 c:\winnt\system32\dllcache\initpki.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 206096 c:\winnt\system32\dllcache\infosoft.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 248080 c:\winnt\system32\dllcache\infocomm.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 179472 c:\winnt\system32\dllcache\inetmgr.dll
+ 2005-05-03 21:26 . 2009-07-10 18:49 601088 c:\winnt\system32\dllcache\inetcomm.dll
- 2004-06-07 20:19 . 2009-07-10 18:49 601088 c:\winnt\system32\dllcache\INETCOMM.DLL
+ 2004-04-10 03:11 . 2003-06-19 19:05 282896 c:\winnt\system32\dllcache\imsinsnt.dll
+ 2004-04-10 03:12 . 2003-06-19 19:05 303680 c:\winnt\system32\dllcache\imeskf.dll
+ 2004-04-10 03:12 . 2003-06-19 19:05 293136 c:\winnt\system32\dllcache\imepad.dll
+ 2004-04-10 03:12 . 2003-06-19 19:05 208784 c:\winnt\system32\dllcache\imejputy.dll
+ 2004-04-10 03:12 . 2003-06-19 19:05 575517 c:\winnt\system32\dllcache\imejpknl.dll
+ 2004-04-10 03:12 . 2003-06-19 19:05 267536 c:\winnt\system32\dllcache\imejpdct.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 128784 c:\winnt\system32\dllcache\imagehlp.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 301840 c:\winnt\system32\dllcache\iisui.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 124176 c:\winnt\system32\dllcache\iisrtl.dll
+ 2005-01-12 19:39 . 2003-06-19 19:05 121616 c:\winnt\system32\dllcache\iischema.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 433936 c:\winnt\system32\dllcache\iis.dll
- 2004-12-07 17:51 . 2009-06-26 17:51 236032 c:\winnt\system32\dllcache\IEPEERS.DLL
+ 2008-10-15 19:52 . 2009-06-26 17:51 236032 c:\winnt\system32\dllcache\iepeers.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 122128 c:\winnt\system32\dllcache\idq.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 186640 c:\winnt\system32\dllcache\icwconn1.exe
- 2005-06-29 07:30 . 2005-06-29 07:30 246032 c:\winnt\system32\dllcache\icm32.dll
+ 2004-04-10 03:11 . 2005-06-29 07:30 246032 c:\winnt\system32\dllcache\icm32.dll
+ 2009-10-22 01:38 . 2003-06-19 19:05 140016 c:\winnt\system32\dllcache\icam3.sys
+ 2009-10-22 01:38 . 2003-06-19 19:05 104720 c:\winnt\system32\dllcache\ibmtrp.sys
+ 2009-10-22 01:38 . 1999-10-08 19:06 100112 c:\winnt\system32\dllcache\ibmtok.sys
+ 2004-04-10 03:11 . 2003-06-19 19:05 269584 c:\winnt\system32\dllcache\iassdo.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 100624 c:\winnt\system32\dllcache\iassam.dll
+ 2009-10-22 01:42 . 2003-06-19 19:05 489712 c:\winnt\system32\dllcache\i81xdnt5.dll
+ 2009-10-22 01:42 . 1999-12-07 21:43 461360 c:\winnt\system32\dllcache\i740dnt5.dll
+ 2005-01-12 19:39 . 2003-06-19 19:05 246544 c:\winnt\system32\dllcache\httpext.dll
+ 2009-10-22 01:42 . 1999-12-01 04:39 240912 c:\winnt\system32\dllcache\hposcl10.dll
- 2005-01-12 19:39 . 2005-01-12 19:39 163088 c:\winnt\system32\dllcache\h323msp.dll
+ 2004-04-10 03:11 . 2005-01-12 19:39 163088 c:\winnt\system32\dllcache\h323msp.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 118544 c:\winnt\system32\dllcache\gptext.dll
+ 2004-04-10 03:11 . 2005-01-12 19:39 305424 c:\winnt\system32\dllcache\gpedit.dll
- 2005-01-12 19:39 . 2005-01-12 19:39 305424 c:\winnt\system32\dllcache\gpedit.dll
+ 2009-10-22 01:42 . 1999-12-02 20:30 148240 c:\winnt\system32\dllcache\gfototwn.dll
+ 2009-10-22 01:42 . 1999-10-19 19:27 404528 c:\winnt\system32\dllcache\fxusbase.sys
+ 2009-10-22 01:42 . 1999-10-19 19:27 404912 c:\winnt\system32\dllcache\fusbbase.sys
+ 2004-04-10 03:11 . 2003-06-19 19:05 118032 c:\winnt\system32\dllcache\ftpsvc2.dll
- 2004-12-02 13:00 . 2004-12-02 13:00 116400 c:\winnt\system32\dllcache\ftdisk.sys
+ 2000-07-26 12:00 . 2004-12-02 13:00 116400 c:\winnt\system32\dllcache\ftdisk.sys
+ 2004-04-10 03:11 . 2003-06-19 19:05 299792 c:\winnt\system32\dllcache\fscfg.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 168009 c:\winnt\system32\dllcache\framedyn.dll
+ 2009-10-22 01:41 . 1999-09-25 00:17 388272 c:\winnt\system32\dllcache\fpcmbase.sys
+ 2009-10-22 01:41 . 1999-09-25 00:17 387440 c:\winnt\system32\dllcache\fpcibase.sys
+ 2004-04-10 03:11 . 2003-06-19 19:05 618605 c:\winnt\system32\dllcache\fp4autl.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 200976 c:\winnt\system32\dllcache\fontext.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 294672 c:\winnt\system32\dllcache\filemgmt.dll
+ 2009-10-22 01:41 . 1999-12-01 04:39 161040 c:\winnt\system32\dllcache\fcpatwc.dll
+ 2009-10-22 01:41 . 1999-09-25 00:17 387536 c:\winnt\system32\dllcache\fbase.sys
- 2009-06-10 20:03 . 2005-07-13 07:22 138000 c:\winnt\system32\dllcache\faxui.dll
+ 2005-07-13 07:22 . 2005-07-13 07:22 138000 c:\winnt\system32\dllcache\faxui.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 185616 c:\winnt\system32\dllcache\faxt30.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 155749 c:\winnt\system32\dllcache\fastprox.dll
+ 2000-07-26 12:00 . 2005-07-19 10:44 142288 c:\winnt\system32\dllcache\fastfat.sys
- 2005-07-19 10:44 . 2005-07-19 10:44 142288 c:\winnt\system32\dllcache\fastfat.sys
+ 2004-04-10 03:11 . 2003-06-19 19:05 243472 c:\winnt\system32\dllcache\explorer.exe
+ 2004-04-10 03:11 . 2003-06-19 19:05 187152 c:\winnt\system32\dllcache\eudcedit.exe
+ 2009-10-22 01:41 . 1999-09-30 21:47 227120 c:\winnt\system32\dllcache\es56pci.sys
+ 2008-07-10 10:00 . 2008-07-10 10:00 251152 c:\winnt\system32\dllcache\es.dll
- 2004-04-30 03:23 . 2008-07-10 10:00 251152 c:\winnt\system32\dllcache\es.dll
+ 2009-10-22 01:41 . 1999-09-25 00:17 466864 c:\winnt\system32\dllcache\eqn.sys
+ 2009-10-22 01:41 . 1999-10-15 19:35 214848 c:\winnt\system32\dllcache\emu10k1.sys
+ 2004-04-10 03:11 . 2003-06-19 19:05 157968 c:\winnt\system32\dllcache\els.dll
+ 2009-10-22 01:41 . 1999-09-25 04:55 469072 c:\winnt\system32\dllcache\el656ct5.sys
+ 2009-10-22 01:41 . 1999-10-01 02:28 133200 c:\winnt\system32\dllcache\ecndis.sys
+ 2009-10-22 01:37 . 1999-10-01 02:28 100432 c:\winnt\system32\dllcache\eccommdd.sys
- 2002-08-29 12:14 . 2009-06-26 17:51 192512 c:\winnt\system32\dllcache\DXTRANS.DLL
+ 2008-08-20 15:51 . 2009-06-26 17:51 192512 c:\winnt\system32\dllcache\dxtrans.dll
+ 2008-08-20 15:51 . 2009-06-26 17:51 351744 c:\winnt\system32\dllcache\dxtmsft.dll
- 2002-08-29 12:14 . 2009-06-26 17:51 351744 c:\winnt\system32\dllcache\DXTMSFT.DLL
+ 2004-04-10 03:11 . 2003-06-19 19:05 265488 c:\winnt\system32\dllcache\dxmrtp.dll
+ 2004-04-10 03:11 . 2006-08-22 10:05 498742 c:\winnt\system32\dllcache\dxmasf.dll
- 2005-03-02 11:38 . 2006-08-22 10:05 498742 c:\winnt\system32\dllcache\dxmasf.dll
+ 1999-11-30 23:40 . 2000-07-26 12:00 120592 c:\winnt\system32\dllcache\dvdplay.exe
+ 2004-04-10 03:11 . 2003-06-19 19:05 110864 c:\winnt\system32\dllcache\dsuiext.dll
+ 2004-04-10 03:16 . 2003-06-19 19:05 147216 c:\winnt\system32\dllcache\dssenh.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 145680 c:\winnt\system32\dllcache\dssbase.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 157456 c:\winnt\system32\dllcache\dsquery.dll
+ 2007-09-23 17:05 . 2004-07-09 09:27 381952 c:\winnt\system32\dllcache\dsound.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 146192 c:\winnt\system32\dllcache\dskquoui.dll
+ 2009-10-22 01:41 . 1999-11-06 19:06 358928 c:\winnt\system32\dllcache\ds1wdm.sys
+ 2000-07-26 12:00 . 2003-06-19 19:05 137936 c:\winnt\system32\dllcache\dmio.sys
+ 2004-04-10 03:10 . 2003-06-19 19:05 122368 c:\winnt\system32\dllcache\dmdskres.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 163600 c:\winnt\system32\dllcache\dmdskmgr.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 174864 c:\winnt\system32\dllcache\dmdlgs.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 316176 c:\winnt\system32\dllcache\dmconfig.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 369104 c:\winnt\system32\dllcache\dmboot.sys
+ 2004-04-10 03:10 . 2003-06-19 19:05 147728 c:\winnt\system32\dllcache\dmadmin.exe
+ 2009-10-22 01:40 . 1999-12-01 04:40 250640 c:\winnt\system32\dllcache\ditrace.exe
+ 2009-10-22 01:40 . 1999-10-01 02:29 220944 c:\winnt\system32\dllcache\disdnsu.dll
+ 2009-10-22 01:37 . 1999-12-01 04:40 598800 c:\winnt\system32\dllcache\digiview.exe
+ 2009-10-22 01:40 . 1999-12-01 04:38 261120 c:\winnt\system32\dllcache\digirlpt.dll
+ 2009-10-22 01:37 . 1999-12-01 04:38 203024 c:\winnt\system32\dllcache\digifwrk.dll
+ 2009-10-22 01:37 . 1999-12-01 04:38 107280 c:\winnt\system32\dllcache\digidbp.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 306448 c:\winnt\system32\dllcache\dhcpmon.dll
+ 2009-10-22 01:40 . 1999-12-01 04:38 426256 c:\winnt\system32\dllcache\dgconfig.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 221968 c:\winnt\system32\dllcache\devmgr.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 113936 c:\winnt\system32\dllcache\dcomcnfg.exe
+ 2009-10-22 01:40 . 1999-12-01 04:38 397072 c:\winnt\system32\dllcache\dc120.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 163088 c:\winnt\system32\dllcache\dbghelp.dll
+ 2009-10-22 01:40 . 1999-11-11 20:13 103120 c:\winnt\system32\dllcache\cwcspud.sys
+ 2009-10-22 01:40 . 1999-12-01 04:38 248080 c:\winnt\system32\dllcache\ctmasetp.dll
+ 2009-10-22 01:40 . 1999-10-23 18:10 141904 c:\winnt\system32\dllcache\ctlsb16.sys
+ 2004-04-10 03:10 . 2003-06-19 19:05 242960 c:\winnt\system32\dllcache\cscui.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 101136 c:\winnt\system32\dllcache\cscdll.dll
+ 2009-10-22 01:40 . 1999-12-01 04:38 125200 c:\winnt\system32\dllcache\csamsp.dll
+ 2005-01-12 19:39 . 2005-01-12 19:39 443664 c:\winnt\system32\dllcache\cryptui.dll
- 2003-06-18 17:13 . 2005-01-12 19:39 443664 c:\winnt\system32\dllcache\cryptui.dll
- 2004-04-30 03:23 . 2005-04-08 11:54 563984 c:\winnt\system32\dllcache\CRYPT32.DLL
+ 2005-04-08 11:54 . 2005-04-08 11:54 563984 c:\winnt\system32\dllcache\crypt32.dll
+ 2009-10-22 01:40 . 1999-09-25 00:16 107376 c:\winnt\system32\dllcache\cpqtrnd4.sys
+ 2004-04-10 03:10 . 2003-06-19 19:05 219920 c:\winnt\system32\dllcache\confmsp.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 659728 c:\winnt\system32\dllcache\conf.exe
+ 2000-07-26 12:00 . 2003-06-19 19:05 241424 c:\winnt\system32\dllcache\comdlg32.dll
- 2002-08-29 12:14 . 2006-08-28 08:44 530192 c:\winnt\system32\dllcache\comctl32.dll
+ 2006-08-28 08:44 . 2006-08-28 08:44 530192 c:\winnt\system32\dllcache\comctl32.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 159807 c:\winnt\system32\dllcache\cmprops.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 193808 c:\winnt\system32\dllcache\cmdial32.dll
- 2004-04-30 03:23 . 2004-11-02 22:48 236816 c:\winnt\system32\dllcache\CMD.EXE
+ 2004-11-02 22:48 . 2004-11-02 22:48 236816 c:\winnt\system32\dllcache\cmd.exe
+ 2004-04-10 03:10 . 2003-06-19 19:05 130832 c:\winnt\system32\dllcache\cluster.exe
+ 2005-09-05 08:18 . 2005-09-05 08:18 551184 c:\winnt\system32\dllcache\clbcatq.dll
- 2004-04-30 03:23 . 2005-09-05 08:18 551184 c:\winnt\system32\dllcache\clbcatq.dll
+ 2009-10-22 01:40 . 1999-09-25 15:37 248272 c:\winnt\system32\dllcache\cl546xm.sys
+ 2009-10-22 01:40 . 1999-12-07 21:43 175728 c:\winnt\system32\dllcache\cl546x.dll
+ 2009-10-22 01:40 . 1999-12-07 21:43 115568 c:\winnt\system32\dllcache\cl5465.dll
+ 1999-09-25 10:35 . 2000-07-26 12:00 272496 c:\winnt\system32\dllcache\cinemst2.sys
+ 2009-10-22 01:40 . 1999-09-25 15:36 282864 c:\winnt\system32\dllcache\cinemclc.sys
+ 2004-04-10 03:10 . 2003-06-19 19:05 156944 c:\winnt\system32\dllcache\ciadmin.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 422160 c:\winnt\system32\dllcache\certmgr.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 135440 c:\winnt\system32\dllcache\certcli.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 402704 c:\winnt\system32\dllcache\cdonts.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 127760 c:\winnt\system32\dllcache\capesnpn.dll
+ 2009-10-22 01:39 . 1999-12-07 21:43 257264 c:\winnt\system32\dllcache\banshee.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 226576 c:\winnt\system32\dllcache\avtapi.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 568592 c:\winnt\system32\dllcache\autofmt.exe
+ 2000-07-26 12:00 . 2003-06-19 19:05 589072 c:\winnt\system32\dllcache\autoconv.exe
- 2003-12-10 02:47 . 2003-12-10 02:47 579856 c:\winnt\system32\dllcache\autochk.exe
+ 2000-07-26 12:00 . 2003-12-10 02:47 579856 c:\winnt\system32\dllcache\autochk.exe
+ 2000-07-26 12:00 . 2003-06-19 19:05 331088 c:\winnt\system32\dllcache\atmuni.sys
+ 2004-04-10 03:10 . 2003-06-19 19:05 291888 c:\winnt\system32\dllcache\atmfd.dll
+ 2009-10-22 01:39 . 1999-12-07 21:43 140080 c:\winnt\system32\dllcache\atiraged.dll
+ 2009-10-22 01:39 . 1999-12-07 21:43 135184 c:\winnt\system32\dllcache\atidrab.dll
+ 2009-10-22 01:39 . 1999-10-27 20:11 250896 c:\winnt\system32\dllcache\ati2mpaa.sys
+ 2009-10-22 01:39 . 1999-12-07 21:43 139952 c:\winnt\system32\dllcache\ati2draa.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 143632 c:\winnt\system32\dllcache\asycfilt.dll
+ 2005-04-08 11:54 . 2003-06-19 19:05 338704 c:\winnt\system32\dllcache\asp.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 224016 c:\winnt\system32\dllcache\appmgr.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 120592 c:\winnt\system32\dllcache\appmgmts.dll
+ 2009-10-22 01:39 . 2003-06-19 19:05 597776 c:\winnt\system32\dllcache\altnd5.sys
+ 2000-07-26 12:00 . 2008-05-08 08:38 119152 c:\winnt\system32\dllcache\afd.sys
- 2005-04-21 08:03 . 2008-05-08 08:38 119152 c:\winnt\system32\dllcache\afd.sys
+ 2000-07-26 12:00 . 2005-04-21 08:08 401168 c:\winnt\system32\dllcache\advapi32.dll
- 2004-04-30 03:23 . 2005-04-21 08:08 401168 c:\winnt\system32\dllcache\advapi32.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 112400 c:\winnt\system32\dllcache\adsnw.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 201488 c:\winnt\system32\dllcache\adsnt.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 164112 c:\winnt\system32\dllcache\adsnds.dll
+ 2005-01-12 19:39 . 2003-06-19 19:05 246544 c:\winnt\system32\dllcache\adsiis.dll
+ 2009-10-22 01:39 . 1999-11-01 21:56 795456 c:\winnt\system32\dllcache\adm8830.sys
+ 2009-10-22 01:39 . 1999-11-01 21:56 601600 c:\winnt\system32\dllcache\adm8820.sys
+ 2009-10-22 01:39 . 1999-11-01 21:56 596768 c:\winnt\system32\dllcache\adm8810.sys
+ 2004-04-10 03:10 . 2003-06-19 19:05 182032 c:\winnt\system32\dllcache\activeds.dll
+ 2000-07-26 12:00 . 2003-06-19 19:05 163120 c:\winnt\system32\dllcache\acpi.sys
+ 2004-04-10 03:10 . 2003-06-19 19:05 150800 c:\winnt\system32\dllcache\accwiz.exe
+ 2009-10-22 01:39 . 1999-09-25 00:17 387536 c:\winnt\system32\dllcache\a1base.sys
+ 2009-10-22 01:37 . 1999-09-25 04:55 763024 c:\winnt\system32\dllcache\3cwmcru.sys
+ 2009-10-22 01:37 . 1999-11-01 21:42 801072 c:\winnt\system32\dllcache\3cpciadi.sys
+ 2009-10-22 01:37 . 1999-09-25 04:55 774928 c:\winnt\system32\dllcache\3cisati.sys
+ 2009-10-22 01:37 . 1999-09-25 04:55 792176 c:\winnt\system32\dllcache\3cisaadi.sys
+ 2008-11-13 13:08 . 2009-10-21 02:32 295606 c:\winnt\Installer\{AC76BA86-7AD7-1033-7B44-A81300000003}\SC_Reader.exe
- 2008-11-13 13:08 . 2009-08-03 19:32 295606 c:\winnt\Installer\{AC76BA86-7AD7-1033-7B44-A81300000003}\SC_Reader.exe
+ 2007-01-23 17:39 . 2007-01-23 17:39 443904 c:\winnt\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A3100000030\8.1.3\JP2KLib.dll
- 2005-02-06 23:04 . 2009-04-17 05:04 1645072 c:\winnt\system32\dllcache\win32k.sys
+ 2000-07-26 12:00 . 2009-04-17 05:04 1645072 c:\winnt\system32\dllcache\win32k.sys
+ 2009-10-22 01:46 . 2003-06-20 02:45 2533648 c:\winnt\system32\dllcache\smtp_smtpsnap.dll
- 2005-02-18 14:04 . 2008-04-15 23:13 2362640 c:\winnt\system32\dllcache\SHELL32.DLL
+ 2008-04-15 23:13 . 2008-04-15 23:13 2362640 c:\winnt\system32\dllcache\shell32.dll
- 2004-12-07 23:34 . 2009-07-22 17:50 1352192 c:\winnt\system32\dllcache\SHDOCVW.DLL
+ 2009-07-22 17:50 . 2009-07-22 17:50 1352192 c:\winnt\system32\dllcache\shdocvw.dll
+ 2004-04-10 03:17 . 2006-06-27 08:30 1427728 c:\winnt\system32\dllcache\query.dll
- 2005-01-12 19:39 . 2006-06-27 08:30 1427728 c:\winnt\system32\dllcache\query.dll
+ 2009-02-19 08:36 . 2009-06-03 01:23 1225728 c:\winnt\system32\dllcache\quartz.dll
- 2004-04-10 04:35 . 2009-06-03 01:23 1225728 c:\winnt\system32\dllcache\quartz.dll
- 2005-02-06 23:05 . 2007-03-05 15:51 1690880 c:\winnt\system32\dllcache\ntoskrnl.exe
+ 2000-07-26 12:00 . 2007-03-05 15:51 1690880 c:\winnt\system32\dllcache\ntoskrnl.exe
- 2005-02-06 23:05 . 2007-03-05 15:52 1713536 c:\winnt\system32\dllcache\ntkrnlpa.exe
+ 2000-07-21 12:05 . 2007-03-05 15:52 1713536 c:\winnt\system32\dllcache\ntkrnlpa.exe
+ 2000-07-26 12:00 . 2003-06-19 19:05 1164048 c:\winnt\system32\dllcache\ntbackup.exe
- 2004-07-16 04:37 . 2008-09-08 08:14 1121280 c:\winnt\system32\dllcache\msxml3.dll
+ 2008-09-08 08:14 . 2008-09-08 08:14 1121280 c:\winnt\system32\dllcache\msxml3.dll
+ 2009-03-03 19:36 . 2009-07-22 17:49 2707968 c:\winnt\system32\dllcache\mshtml.dll
- 2005-01-27 21:35 . 2009-07-22 17:49 2707968 c:\winnt\system32\dllcache\MSHTML.DLL
+ 2004-04-10 03:13 . 2003-06-19 19:05 1015859 c:\winnt\system32\dllcache\mfc42.dll
+ 2004-04-10 03:11 . 2003-06-19 19:05 1135376 c:\winnt\system32\dllcache\esent.dll
+ 2005-09-05 08:18 . 2005-09-05 08:18 1471248 c:\winnt\system32\dllcache\comsvcs.dll
- 2004-04-30 03:23 . 2005-09-05 08:18 1471248 c:\winnt\system32\dllcache\comsvcs.dll
+ 2004-04-10 03:10 . 2003-06-19 19:05 1089637 c:\winnt\system32\dllcache\cimwin32.dll
- 2005-08-30 09:29 . 2005-08-30 09:29 2532112 c:\winnt\system32\dllcache\cdosys.dll
+ 2004-04-10 03:10 . 2005-08-30 09:29 2532112 c:\winnt\system32\dllcache\cdosys.dll
+ 2009-06-26 17:47 . 2009-06-26 17:47 1018368 c:\winnt\system32\dllcache\browseui.dll
- 2004-12-07 23:41 . 2009-06-26 17:47 1018368 c:\winnt\system32\dllcache\BROWSEUI.DLL
+ 2009-08-12 21:55 . 2009-08-12 21:55 9680384 c:\winnt\Installer\35aff.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-21 2000112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 90112]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"mswspl"="c:\program files\Windows Media Player\wmplayer.exe" [2002-12-11 73728]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-10-18 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-12 155648]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2007-06-29 8466432]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"SiteAdvisor"="c:\program files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 36640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvMediaCenter"="c:\winnt\system32\NvMcTray.dll" [2007-06-29 81920]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-02-19 591696]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Synchronization Manager"="mobsync.exe" - c:\winnt\system32\mobsync.exe [2003-06-19 111376]
"SoundMan"="SOUNDMAN.EXE" - c:\winnt\SOUNDMAN.EXE [2003-12-19 65024]
"AtiPTA"="atiptaxx.exe" - c:\winnt\system32\atiptaxx.exe [2001-09-27 245760]
"nwiz"="nwiz.exe" - c:\winnt\system32\nwiz.exe [2007-06-29 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-06-19 186640]

c:\documents and settings\Steve.DADS2800\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-2-9 368640]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 878TVCard;Bt878 TV Card - Video Capture;c:\winnt\system32\drivers\Bt878.sys [2005-09-05 214692]
R2 878TVTuner;Bt878 TV Card - TV Tuner;c:\winnt\system32\drivers\BtTuner.sys [2005-09-05 11392]
R2 878Xbar;Bt878 TV Card - Crossbar;c:\winnt\system32\drivers\BtXbar.sys [2005-09-05 8448]
R2 BT848;Conexant's BtPCI WDM Video Capture;c:\winnt\system32\DRIVERS\BT848.sys [2007-09-24 371349]
R3 viafilter;VIA USB Filter;c:\winnt\System32\Drivers\viausb.sys [2003-06-18 9038]
S0 Lbd;Lbd;c:\winnt\system32\DRIVERS\Lbd.sys [2009-07-03 64160]
S0 viasraid;viasraid;c:\winnt\system32\drivers\viasraid.sys [2003-10-31 78988]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-09-15 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-09-15 74480]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-22 1028432]
S3 PxHelper;PxHelper;c:\winnt\system32\drivers\PxHelper.sys [2000-07-18 16512]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-09-15 7408]
S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\DRIVERS\usbhub20.sys [2003-06-19 49776]


--- Other Services/Drivers In Memory ---

*Deregistered* - 0117591256124937mcinstcleanup
.
Contents of the 'Scheduled Tasks' folder

2009-10-20 c:\winnt\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 00:55]

2009-10-01 c:\winnt\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 17:22]

2009-10-16 c:\winnt\Tasks\{1BDEB539-DA2B-41A4-97BD-E3FF82BCD63A}_DADS2800_Steve.job
- c:\winnt\system32\mobsync.exe [2004-04-10 19:05]

2009-10-21 c:\winnt\Tasks\{D91E47F1-2F1C-4FD2-9A1B-E3E3C29BBD2B}_DADS2800_Steve.job
- c:\winnt\system32\mobsync.exe [2004-04-10 19:05]

2009-10-21 c:\winnt\Tasks\{EFD46C1F-5B6B-457F-BD7E-23E7F1E81B7A}_DADS2800_Steve.job
- c:\winnt\system32\mobsync.exe [2004-04-10 19:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ntserver/Index.asp
LSP: %SystemRoot%\system32\msafd.dll
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-21 20:59
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(196)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL

- - - - - - - > 'explorer.exe'(1652)
c:\winnt\AppPatch\AcLayers.DLL
c:\program files\SiteAdvisor\6261\saHook.dll
c:\winnt\system32\SHDOCVW.DLL
.
Completion time: 2009-10-22 21:01
ComboFix-quarantined-files.txt 2009-10-22 02:01
ComboFix2.txt 2009-10-21 02:52
ComboFix3.txt 2009-10-19 23:30

Pre-Run: 14,925,111,296 bytes free
Post-Run: 14,921,936,896 bytes free

- - End Of File - - 1A86F4727BCBF20250778264F41D69FB

#13 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:08:46 AM

Posted 22 October 2009 - 10:18 AM

Hello, lazyvista.
We need to run a Panda Active Scan
  • Please go here to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
NEXT:

We need to run a Jotti scan

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows
  • Go to the Jotti website
  • When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

    c:\winnt\system32\comres.dll

  • Please post back the results of the scan in your next post.
**Note:If Jotti is busy, try the same at Virustotal
**Note: No logs will be produced. You can either copy/paste the results into your reply, or you can state the infection found (if any) and the scanner that found it


In your next reply, please include the following:
  • ActiveScan Report
  • Jotti Log(s)

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#14 lazyvista

lazyvista
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 23 October 2009 - 08:53 PM

I've included the activescan.txt file. I was unable to execut Jotti's malware scan because I was unable to locate a file named comres.dll on the system.

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-10-23 20:40:06
PROTECTIONS: 2
MALWARE: 26
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee Internet Security Suite 2007 9.15 No Yes
McAfee VirusScan Plus 13.15 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00039204 adware/cws Adware No 0 Yes No c:\documents and settings\steve.dads2800\favorites\adult
00046757 spyware/bridge Spyware No 1 Yes No hkey_local_machine\software\microsoft\windows\currentversion\run\mswspl
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\documents and settings\steve.dads2800\cookies\steve@trafficmp[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\steve.dads2800\cookies\steve@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\steve.dads2800\cookies\steve@atdmt[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\steve.dads2800\cookies\steve@247realmedia[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\steve.dads2800\cookies\steve@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\steve.dads2800\cookies\steve@mediaplex[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\steve.dads2800\cookies\steve@com[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No c:\documents and settings\steve.dads2800\cookies\steve@yadro[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\documents and settings\steve.dads2800\cookies\steve@xiti[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\steve.dads2800\cookies\steve@statcounter[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\steve.dads2800\cookies\steve@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\steve.dads2800\cookies\steve@apmebf[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\documents and settings\steve.dads2800\cookies\steve@burstnet[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\steve.dads2800\cookies\steve@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\steve.dads2800\cookies\steve@bs.serving-sys[2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\steve.dads2800\cookies\steve@www.burstbeacon[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\steve.dads2800\cookies\steve@advertising[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\steve.dads2800\cookies\steve@ads.pointroll[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\steve.dads2800\cookies\steve@realmedia[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\steve.dads2800\cookies\steve@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\documents and settings\steve.dads2800\cookies\steve@zedo[1].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No c:\documents and settings\steve.dads2800\cookies\steve@adviva[1].txt
00249100 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\steve.dads2800\cookies\steve@cgi-bin[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No c:\documents and settings\steve.dads2800\cookies\steve@smartadserver[2].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

#15 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:08:46 AM

Posted 24 October 2009 - 12:19 AM

Hi!

. I was unable to execut Jotti's malware scan because I was unable to locate a file named comres.dll on the system.

Could you manually check that folder, just to make sure the file doesn't exist. You can do this by opening My Computer, and navigating through.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users