Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This log posted per request


  • This topic is locked This topic is locked
22 replies to this topic

#1 MarkP31

MarkP31

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 09 December 2009 - 12:43 AM

Original thread



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:36:46 PM, on 12/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe
C:\WINDOWS\system32\lxducoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] "SOUNDMAN.EXE"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1222508896687
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1224348571819
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device - - C:\WINDOWS\system32\lxducoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 6373 bytes




DDS (Ver_09-12-01.01) - NTFSx86
Run by Administrator at 11:16:51.25 on Sun 12/06/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1126 [GMT -8:00]

AV: Webroot AntiVirus with Spy Sweeper *On-access scanning enabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe
C:\WINDOWS\system32\lxducoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\MRT.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mark\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uDefault_Page_URL =
uWindow Title =
mStart Page = hxxp://www.google.com
mWindow Title =
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [Window Washer] "c:\program files\webroot\washer\wwDisp.exe"
uRun: [SpybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe"
mRun: [NvMediaCenter] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SoundMan] "SOUNDMAN.EXE"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\billmi~1.lnk - c:\quickenw\BILLMIND.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\quickenw\QWDLLS.EXE
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222508896687
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224348571819
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~3\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 Pnp680;SiI 680 ATA Controller;c:\windows\system32\drivers\pnp680.sys [2008-9-26 71720]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-12-2 1858144]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [2009-6-2 94208]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2008-10-12 34916]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-11-6 4048240]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-6-7 1201640]
R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2009-6-11 598856]
R3 Ma730Pt;MA730 Bluetooth VCOM Driver;c:\windows\system32\drivers\ma730Pt.sys [2009-10-30 103040]
R3 Ma730Vad;MA730 Bluetooth Audio;c:\windows\system32\drivers\Ma730Vad.sys [2009-10-30 23376]
S0 tclondrv;tclondrv;c:\windows\system32\drivers\tclondrv.sys --> c:\windows\system32\drivers\tclondrv.sys [?]
S3 Ma730c;MA730 Bluetooth Core Driver;c:\windows\system32\drivers\ma730c.sys [2009-10-30 156128]

=============== Created Last 30 ================

2009-12-06 04:57:00 0 d-----w- c:\program files\Microsoft Security Essentials
2009-12-06 02:30:32 0 d-----w- c:\program files\Browser Hijack Recover
2009-12-06 00:12:23 0 d-----w- c:\program files\Error Expert
2009-12-05 23:31:34 248064 -c--a-w- c:\windows\system32\dllcache\cl546xm.sys
2009-12-05 23:31:33 170880 -c--a-w- c:\windows\system32\dllcache\cl546x.dll
2009-12-05 23:31:30 111232 -c--a-w- c:\windows\system32\dllcache\cl5465.dll
2009-12-05 23:31:26 45696 -c--a-w- c:\windows\system32\dllcache\cirrus.sys
2009-12-05 23:31:24 91264 -c--a-w- c:\windows\system32\dllcache\cirrus.dll
2009-12-05 23:31:19 272640 -c--a-w- c:\windows\system32\dllcache\cinemclc.sys
2009-12-05 23:31:17 980034 -c--a-w- c:\windows\system32\dllcache\cicap.sys
2009-12-05 23:10:07 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2009-12-05 23:08:30 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2009-12-05 23:07:55 102400 -c--a-w- c:\windows\system32\dllcache\binlsvc.dll
2009-12-05 23:06:59 70528 -c--a-w- c:\windows\system32\dllcache\atiragem.sys
2009-12-05 23:05:42 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
2009-12-05 23:05:40 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys
2009-12-05 23:05:39 12032 -c--a-w- c:\windows\system32\dllcache\amsint.sys
2009-12-05 23:05:38 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys
2009-12-05 23:05:36 5248 -c--a-w- c:\windows\system32\dllcache\aliide.sys
2009-12-05 23:05:36 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys
2009-12-05 23:05:35 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys
2009-12-05 23:05:33 56960 -c--a-w- c:\windows\system32\dllcache\aic78xx.sys
2009-12-05 23:05:32 55168 -c--a-w- c:\windows\system32\dllcache\aic78u2.sys
2009-12-05 23:05:31 12800 -c--a-w- c:\windows\system32\dllcache\aha154x.sys
2009-12-05 23:05:22 24576 -c--a-w- c:\windows\system32\dllcache\agcgauge.ax
2009-12-05 23:02:48 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-12-05 17:35:16 1074 ----a-w- c:\windows\system32\20041216.dat
2009-12-05 17:35:16 0 d-----w- c:\windows\system32\Temp
2009-12-05 17:35:16 0 d-----w- c:\windows\system32\Quarantine
2009-12-05 17:35:16 0 d-----w- c:\windows\system32\Logs
2009-12-05 17:35:16 0 d-----w- c:\windows\system32\CustomActions
2009-12-05 17:04:01 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-04 04:28:15 4444 ----a-w- c:\windows\system32\pid.PNF
2009-12-03 03:03:54 0 d-----w- c:\program files\a-squared Free
2009-11-30 02:11:02 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-11-30 02:11:00 0 d-----w- c:\docume~1\alluse~1\applic~1\QuickMediaConverter
2009-11-30 02:11:00 0 d-----w- c:\docume~1\admini~1\applic~1\Actecom
2009-11-30 02:09:06 0 d-----w- c:\program files\QuickMediaConverter
2009-11-29 18:30:34 0 d-----w- c:\program files\MSXML 4.0
2009-11-29 09:15:08 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-11-29 09:14:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-29 09:14:46 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-29 09:14:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-29 09:14:45 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-29 09:11:06 102800 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-11-29 07:21:56 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-29 07:21:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-11-29 07:14:21 0 ----a-w- c:\windows\system32\8104297.jun
2009-11-29 06:55:36 0 d-----w- c:\program files\Trend Micro
2009-11-29 01:42:47 0 d-----w- c:\windows\system32\wbem\Repository
2009-11-10 06:53:19 0 d-----w- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-11-10 06:53:02 0 d-----w- c:\docume~1\admini~1\applic~1\AVS4YOU
2009-11-10 06:50:42 0 d-----w- c:\program files\common files\AVSMedia
2009-11-10 06:50:00 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-11-10 06:49:59 0 d-----w- c:\program files\AVS4YOU

==================== Find3M ====================

2009-12-06 11:50:44 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-06 23:19:42 1563008 ----a-w- c:\windows\WRSetup.dll
2009-11-06 20:00:36 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-11-06 20:00:36 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-11-06 20:00:34 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2009-10-17 17:08:47 18312 ----a-w- c:\docume~1\admini~1\applic~1\GDIPFONTCACHEV1.DAT
2009-10-17 00:07:26 40960 ----a-w- c:\windows\system32\lxduvs.dll
2009-10-17 00:06:38 651264 ----a-w- c:\windows\system32\lxdupmui.dll
2009-10-17 00:06:36 860160 ----a-w- c:\windows\system32\lxduusb1.dll
2009-10-17 00:06:36 364544 ----a-w- c:\windows\system32\lxduinpa.dll
2009-10-17 00:06:36 339968 ----a-w- c:\windows\system32\lxduiesc.dll
2009-10-17 00:06:36 1069056 ----a-w- c:\windows\system32\lxduserv.dll
2009-10-17 00:06:34 577536 ----a-w- c:\windows\system32\lxdulmpm.dll
2009-10-17 00:06:34 323584 ----a-w- c:\windows\system32\lxduih.exe
2009-10-17 00:06:32 684032 ----a-w- c:\windows\system32\lxduhbn3.dll
2009-10-17 00:06:32 589824 ----a-w- c:\windows\system32\lxducoms.exe
2009-10-17 00:06:30 761856 ----a-w- c:\windows\system32\lxducomc.dll
2009-10-17 00:06:30 376832 ----a-w- c:\windows\system32\lxducomm.dll
2009-10-17 00:06:30 364544 ----a-w- c:\windows\system32\lxducfg.exe
2009-10-16 23:56:32 208896 ----a-w- c:\windows\system32\lxdugrd.dll
2009-10-16 05:32:46 409600 ----a-w- c:\windows\system32\lxducoin.dll
2009-09-25 05:37:11 667136 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37:09 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2008-09-27 10:03:22 983080 ----a-w- c:\program files\KeyUpdateTool_enu.exe

============= FINISH: 11:20:57.40 ===============


Thank you for your time.

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:18 AM

Posted 20 December 2009 - 08:08 PM

Hi,

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.


We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    CREATERESTOREPOINT

  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Then please post back here with the following logs:
  • OTL.txt
  • Extra.txt
Thanks

unite.jpg


#3 MarkP31

MarkP31
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 20 December 2009 - 09:33 PM

Hello syler and thank you for your time. Since my last post I have had numorus issues with the machine including a virtumonde infection. The machine was so bad that i had to slave the drive to another machine just to be able to start it. As a slave drive I was able to remove the virtuemonde files and removed 3 registry entrys. The browser problem was still there untill this morning, (switched back to master) I ran spybot, malwarebytes, and microsoft security essentials, all 3 found something diffrent still on the drive, and removed them. Now I have noticed that the machine is very slow to post and this afternoon I ran S&D and left the house. When I returned the machine had restarted itself I know this beckuse I was logged off. I an running the scan you requested now.


OTL Extras logfile created on: 12/20/2009 6:17:07 PM - Run 1
OTL by OldTimer - Version 3.1.19.0 Folder = F:\SpyWare
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 3800 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 71.80 Gb Free Space | 48.17% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 58.79 Gb Free Space | 78.88% Space Free | Partition Type: NTFS
Drive E: | 74.52 Gb Total Space | 43.66 Gb Free Space | 58.59% Space Free | Partition Type: NTFS
Drive F: | 9.32 Gb Total Space | 6.43 Gb Free Space | 69.08% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROCKIES31
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1659004503-1580436667-725345543-500\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\WINDOWS\system32\lxducoms.exe" = C:\WINDOWS\system32\lxducoms.exe:*:Enabled:5600-6600 Series Server -- ( )
"C:\WINDOWS\system32\winlogon86.exe" = C:\WINDOWS\system32\winlogon86.exe:*:Enabled:winlogon86 -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Webroot AntiVirus with Spy Sweeper
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A918DE8A-98C8-0920-0000-000005200043}" = LG VX8300 MA730G - Handset Manager lite V9.2
"{A918DE8A-98C8-0920-0000-0000052F0002}" = Headset Bluetooth Manager - MA730
"{A918DE8A-98C8-0920-0001-000000000000}" = Multimedia Samples
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-F400-7760-000000000001}" = Adobe Acrobat 6.0 Professional - English, Franšais, Deutsch
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D9D59C79-B080-4C94-B72A-1EB432ED192E}" = SIplugin
"{E32FC3D8-D106-425E-9F9E-8BE6E2E79AC9}" = InstallShield Tuner 6.0.1 For Adobe Acrobat
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Any Video Converter_is1" = Any Video Converter 2.7.6
"a-squared Free_is1" = a-squared Free 4.5
"AVS Audio Converter 6.1_is1" = AVS Audio Converter version 6.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"BroadJump Client Foundation" = BroadJump Client Foundation
"Browser Hijack Recover_is1" = Browser Hijack Recover(BHR) 3.0
"DAO 3.5" = DAO 3.5
"Error Expert_is1" = Error Expert 1.5
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.0
"HijackThis" = HijackThis 2.0.2
"Hoyle Classic Games II" = Hoyle Classic Games II
"InstallShield_{D9D59C79-B080-4C94-B72A-1EB432ED192E}" = SIplugin
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"LimeWire" = LimeWire 5.3.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaWidget - Easy iPod Transfer_is1" = MediaWidget 5.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft.Net.Client.3.5" = Microsoft .NET Framework Client Profile - PREVIEW
"NVIDIA Drivers" = NVIDIA Drivers
"Quicken Deluxe 2000" = Quicken Deluxe 2000
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1659004503-1580436667-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"New LEGO Digital Designer" = LEGO Digital Designer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/18/2009 12:53:42 PM | Computer Name = ROCKIES31 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module flash10c.ocx, version 10.0.32.18, fault address 0x000ac2ad.

Error - 9/18/2009 12:53:45 PM | Computer Name = ROCKIES31 | Source = Application Error | ID = 1001
Description = Fault bucket 1392267153.

Error - 9/19/2009 12:50:40 PM | Computer Name = ROCKIES31 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module mshtml.dll, version 6.0.2900.5848, fault address 0x00072351.

Error - 10/6/2009 7:56:15 PM | Computer Name = ROCKIES31 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module flash10c.ocx, version 10.0.32.18, fault address 0x000ae87d.

Error - 10/24/2009 1:08:57 PM | Computer Name = ROCKIES31 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module mshtml.dll, version 6.0.2900.5880, fault address 0x0007a98d.

Error - 10/26/2009 11:38:46 PM | Computer Name = ROCKIES31 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module flash10c.ocx, version 10.0.32.18, fault address 0x0002afd4.

Error - 11/3/2009 10:42:35 AM | Computer Name = ROCKIES31 | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/12/2009 10:46:49 AM | Computer Name = ROCKIES31 | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/14/2009 11:43:23 AM | Computer Name = ROCKIES31 | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/14/2009 12:41:54 PM | Computer Name = ROCKIES31 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module flash10c.ocx, version 10.0.32.18, fault address 0x000dea73.

[ System Events ]
Error - 12/20/2009 9:41:43 PM | Computer Name = ROCKIES31 | Source = ipnathlp | ID = 31012
Description = The DNS proxy agent encountered an error while obtaining the local
list of name-resolution servers. Some DNS or WINS servers may be inaccessible to
clients on the local network. The data is the error code.

Error - 12/20/2009 9:41:44 PM | Computer Name = ROCKIES31 | Source = ipnathlp | ID = 31012
Description = The DNS proxy agent encountered an error while obtaining the local
list of name-resolution servers. Some DNS or WINS servers may be inaccessible to
clients on the local network. The data is the error code.

Error - 12/20/2009 9:41:44 PM | Computer Name = ROCKIES31 | Source = ipnathlp | ID = 31012
Description = The DNS proxy agent encountered an error while obtaining the local
list of name-resolution servers. Some DNS or WINS servers may be inaccessible to
clients on the local network. The data is the error code.

Error - 12/20/2009 9:41:44 PM | Computer Name = ROCKIES31 | Source = ipnathlp | ID = 31012
Description = The DNS proxy agent encountered an error while obtaining the local
list of name-resolution servers. Some DNS or WINS servers may be inaccessible to
clients on the local network. The data is the error code.

Error - 12/20/2009 9:41:44 PM | Computer Name = ROCKIES31 | Source = ipnathlp | ID = 31012
Description = The DNS proxy agent encountered an error while obtaining the local
list of name-resolution servers. Some DNS or WINS servers may be inaccessible to
clients on the local network. The data is the error code.

Error - 12/20/2009 9:41:44 PM | Computer Name = ROCKIES31 | Source = ipnathlp | ID = 31012
Description = The DNS proxy agent encountered an error while obtaining the local
list of name-resolution servers. Some DNS or WINS servers may be inaccessible to
clients on the local network. The data is the error code.

Error - 12/20/2009 9:41:44 PM | Computer Name = ROCKIES31 | Source = ipnathlp | ID = 31012
Description = The DNS proxy agent encountered an error while obtaining the local
list of name-resolution servers. Some DNS or WINS servers may be inaccessible to
clients on the local network. The data is the error code.

Error - 12/20/2009 9:41:44 PM | Computer Name = ROCKIES31 | Source = ipnathlp | ID = 31012
Description = The DNS proxy agent encountered an error while obtaining the local
list of name-resolution servers. Some DNS or WINS servers may be inaccessible to
clients on the local network. The data is the error code.

Error - 12/20/2009 9:41:44 PM | Computer Name = ROCKIES31 | Source = ipnathlp | ID = 31012
Description = The DNS proxy agent encountered an error while obtaining the local
list of name-resolution servers. Some DNS or WINS servers may be inaccessible to
clients on the local network. The data is the error code.

Error - 12/20/2009 9:41:48 PM | Computer Name = ROCKIES31 | Source = ipnathlp | ID = 31012
Description = The DNS proxy agent encountered an error while obtaining the local
list of name-resolution servers. Some DNS or WINS servers may be inaccessible to
clients on the local network. The data is the error code.


< End of report >





OTL logfile created on: 12/20/2009 6:17:07 PM - Run 1
OTL by OldTimer - Version 3.1.19.0 Folder = F:\SpyWare
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 3800 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 71.80 Gb Free Space | 48.17% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 58.79 Gb Free Space | 78.88% Space Free | Partition Type: NTFS
Drive E: | 74.52 Gb Total Space | 43.66 Gb Free Space | 58.59% Space Free | Partition Type: NTFS
Drive F: | 9.32 Gb Total Space | 6.43 Gb Free Space | 69.08% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROCKIES31
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/20 18:14:03 | 00,513,536 | ---- | M] (OldTimer Tools) -- F:\SpyWare\OTL.exe
PRC - [2009/12/03 22:26:57 | 01,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/11/06 15:19:58 | 06,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/11/06 12:00:22 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/11/06 12:00:22 | 00,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SSU.exe
PRC - [2009/10/16 16:06:32 | 00,589,824 | ---- | M] ( ) -- C:\WINDOWS\system32\lxducoms.exe
PRC - [2009/10/16 15:53:44 | 00,094,208 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxduserv.exe
PRC - [2009/10/01 16:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2009/09/13 18:52:50 | 01,048,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/07/25 04:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/12/12 09:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/05/16 11:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/04/13 16:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\internet explorer\iexplore.exe
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/26 13:47:40 | 00,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
PRC - [2007/11/26 13:47:30 | 01,206,600 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\wwDisp.exe
PRC - [2007/04/16 14:28:22 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2003/05/14 22:19:50 | 00,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [1999/08/10 10:51:58 | 00,036,864 | ---- | M] (Intuit) -- C:\QUICKENW\QWDLLS.EXE


========== Modules (SafeList) ==========

MOD - [2009/12/20 18:14:03 | 00,513,536 | ---- | M] (OldTimer Tools) -- F:\SpyWare\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/12/03 22:26:57 | 01,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/11/06 12:00:22 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/10/16 16:06:32 | 00,589,824 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxducoms.exe -- (lxdu_device)
SRV - [2009/10/16 15:53:44 | 00,094,208 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe -- (lxduCATSCustConnectService)
SRV - [2009/10/01 16:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/12/12 09:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/05/16 11:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2007/11/26 13:47:40 | 00,598,856 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2004/10/22 01:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/11/06 12:00:36 | 00,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 12:00:36 | 00,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 12:00:34 | 00,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/08/28 19:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/06/18 18:48:04 | 00,142,832 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/11/15 10:41:34 | 00,071,720 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pnp680.sys -- (Pnp680)
DRV - [2008/09/24 09:40:22 | 04,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/05/16 11:01:00 | 06,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/11/13 00:47:45 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/01/08 14:06:26 | 00,156,128 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ma730c.sys -- (Ma730c)
DRV - [2006/09/21 11:23:22 | 00,103,040 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ma730Pt.sys -- (Ma730Pt)
DRV - [2006/02/28 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2005/11/22 13:32:14 | 00,023,376 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Ma730Vad.sys -- (Ma730Vad)
DRV - [2005/08/19 16:00:00 | 00,046,080 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/01/27 01:22:00 | 00,088,016 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/05/18 00:55:26 | 00,074,112 | R--- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viamraid.sys -- (viamraid)
DRV - [2004/02/23 19:08:52 | 00,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2001/08/17 12:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS)
DRV - [1999/08/10 10:51:58 | 00,034,916 | ---- | M] (Marimba, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MrtRate.sys -- (mrtRate)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1659004503-1580436667-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKU\S-1-5-21-1659004503-1580436667-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1659004503-1580436667-725345543-500\S-1-5-21-1659004503-1580436667-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2009/11/01 14:25:47 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/11/01 14:25:47 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: (707 bytes) - C:\WINDOWS\system32\drivers\etc\HOSTS
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-1659004503-1580436667-725345543-500\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-1659004503-1580436667-725345543-500\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-1659004503-1580436667-725345543-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\system32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\system32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-1659004503-1580436667-725345543-500..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1659004503-1580436667-725345543-500..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk = C:\QUICKENW\BILLMIND.EXE (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE (Intuit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1222508896687 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1224348571819 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O20 - AppInit_DLLs: (luwakefi.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\sayesiya.dll) - C:\WINDOWS\System32\sayesiya.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O21 - SSODL: fapusowug - {3e10d5a5-94d4-4aca-9b8f-922d368479dd} - C:\WINDOWS\System32\sayesiya.dll File not found
O22 - SharedTaskScheduler: {3e10d5a5-94d4-4aca-9b8f-922d368479dd} - tokatiluy - C:\WINDOWS\System32\sayesiya.dll File not found
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (OWS\S) - File not found
O30 - LSA: Security Packages - (em\\ecurity Packages settings..) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/26 10:11:27 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/12/15 22:02:12 | 00,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\WDSetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16892003295952896)

========== Files/Folders - Created Within 30 Days ==========

[2009/12/20 12:05:46 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/12/20 12:05:40 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/12/20 12:05:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/12/20 12:00:05 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/12/19 11:48:06 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009/12/19 11:47:29 | 00,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmfilt.dll
[2009/12/19 11:47:29 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpapi.dll
[2009/12/19 11:47:28 | 00,265,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\http.sys
[2009/12/19 11:24:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/12/19 10:29:29 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/12/19 10:06:25 | 00,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2009/12/19 10:06:08 | 01,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2009/12/19 10:06:08 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2009/12/19 10:06:01 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2009/12/19 10:05:59 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2009/12/19 10:05:49 | 00,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2009/12/19 10:05:42 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2009/12/19 10:05:41 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2009/12/19 10:05:25 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2009/12/19 09:17:06 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/12/19 09:15:04 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2009/12/19 09:15:02 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/12/19 09:14:15 | 01,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2009/12/19 09:14:01 | 00,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2009/12/19 09:12:23 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2009/12/19 09:12:20 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/12/19 09:12:10 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/12/19 09:12:07 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/12/19 09:12:06 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2009/12/19 09:11:55 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2009/12/18 22:44:18 | 00,000,000 | ---D | C] -- C:\Program Files\zztoy
[2009/12/18 20:48:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mark\My Documents\a-squared Free
[2009/12/18 20:04:43 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/12/18 12:32:08 | 00,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2009/12/18 12:32:08 | 00,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2009/12/18 12:32:08 | 00,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2009/12/18 12:32:08 | 00,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2009/12/18 12:32:08 | 00,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2009/12/18 12:32:08 | 00,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2009/12/18 12:31:58 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2009/12/18 12:31:52 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2009/12/18 12:31:51 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2009/12/18 12:31:50 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2009/12/18 12:31:50 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2009/12/18 12:31:49 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2009/12/18 12:31:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2009/12/18 12:31:47 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2009/12/18 12:31:47 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2009/12/18 12:31:47 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2009/12/18 12:31:39 | 00,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2009/12/18 12:31:39 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2009/12/18 12:31:37 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2009/12/18 12:31:37 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2009/12/18 12:31:37 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2009/12/18 12:31:37 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2009/12/18 12:31:37 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2009/12/18 12:31:36 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2009/12/18 12:31:36 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2009/12/18 12:31:36 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2009/12/18 12:31:34 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2009/12/18 12:31:33 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2009/12/18 12:31:32 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2009/12/18 12:31:31 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2009/12/18 12:31:31 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2009/12/18 12:31:30 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2009/12/18 12:31:30 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2009/12/18 12:31:29 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2009/12/18 12:31:29 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2009/12/18 12:31:29 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2009/12/18 12:31:28 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2009/12/18 12:31:28 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2009/12/18 12:31:28 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2009/12/18 12:31:28 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2009/12/18 12:31:28 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2009/12/18 12:31:28 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2009/12/18 12:31:28 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2009/12/18 12:31:28 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2009/12/18 12:31:28 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2009/12/18 12:31:27 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2009/12/18 12:31:27 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2009/12/18 12:31:27 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2009/12/18 12:31:27 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2009/12/18 12:31:27 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2009/12/18 12:31:24 | 02,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2009/12/18 12:31:24 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2009/12/18 12:31:24 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2009/12/18 12:31:23 | 00,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2009/12/18 12:31:21 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2009/12/18 12:31:20 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2009/12/18 12:31:18 | 00,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2009/12/18 12:31:18 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/12/18 12:31:18 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/12/18 12:31:18 | 00,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2009/12/18 12:31:18 | 00,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2009/12/18 12:31:15 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2009/12/18 12:31:15 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2009/12/18 12:31:13 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2009/12/18 12:31:13 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2009/12/18 12:31:11 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2009/12/18 12:31:11 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2009/12/18 12:31:11 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2009/12/18 12:31:11 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2009/12/18 12:31:10 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2009/12/18 12:31:10 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2009/12/18 12:31:09 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2009/12/18 12:31:08 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2009/12/18 12:31:08 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2009/12/18 12:31:08 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2009/12/18 12:31:04 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2009/12/18 12:31:03 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2009/12/18 12:31:00 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2009/12/18 12:30:55 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2009/12/18 12:30:55 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2009/12/18 12:30:53 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2009/12/18 12:30:51 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2009/12/18 12:30:49 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2009/12/18 12:30:48 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2009/12/18 12:30:48 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2009/12/18 12:30:47 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2009/12/18 12:30:46 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2009/12/18 12:30:44 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2009/12/18 12:30:43 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2009/12/18 12:30:43 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2009/12/18 12:30:43 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2009/12/18 12:30:43 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2009/12/18 12:30:43 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2009/12/18 12:30:43 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2009/12/18 12:30:43 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2009/12/18 12:30:43 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2009/12/18 12:30:43 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2009/12/18 12:30:42 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2009/12/18 12:30:42 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2009/12/18 12:30:42 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2009/12/18 12:30:42 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2009/12/18 12:30:41 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2009/12/18 12:30:41 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2009/12/18 12:30:41 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2009/12/18 12:30:41 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2009/12/18 12:30:41 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2009/12/18 12:30:41 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2009/12/18 12:30:41 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2009/12/18 12:30:41 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2009/12/18 12:30:41 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2009/12/18 12:30:40 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2009/12/18 12:30:40 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2009/12/18 12:30:40 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2009/12/18 12:30:40 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2009/12/18 12:30:40 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2009/12/18 12:30:40 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2009/12/18 12:30:40 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2009/12/18 12:30:39 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2009/12/18 12:30:39 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2009/12/18 12:30:39 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2009/12/18 12:30:39 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2009/12/18 12:30:39 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2009/12/18 12:30:36 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2009/12/18 12:30:35 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2009/12/18 12:30:35 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2009/12/18 12:30:33 | 00,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2009/12/18 12:30:33 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2009/12/18 12:30:32 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2009/12/18 12:30:32 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2009/12/18 12:30:31 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2009/12/18 12:30:31 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2009/12/18 12:30:31 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2009/12/18 12:30:27 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2009/12/18 12:30:18 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2009/12/18 12:30:17 | 00,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll
[2009/12/18 12:30:16 | 01,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2009/12/18 12:30:16 | 00,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2009/12/18 12:30:16 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2009/12/18 12:30:14 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2009/12/18 12:30:13 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2009/12/18 12:30:11 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2009/12/18 12:30:11 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2009/12/18 12:30:10 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2009/12/18 12:30:09 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2009/12/18 12:30:08 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2009/12/18 12:30:08 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2009/12/18 12:30:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2009/12/18 12:30:07 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2009/12/18 12:30:06 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2009/12/18 12:30:05 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/12/18 12:30:05 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2009/12/18 12:30:05 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2009/12/18 12:30:05 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2009/12/18 12:29:57 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2009/12/18 12:29:57 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2009/12/18 12:29:56 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2009/12/18 12:29:56 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2009/12/18 12:29:55 | 01,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2009/12/18 12:29:55 | 00,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2009/12/18 12:29:54 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2009/12/18 12:29:54 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2009/12/18 12:29:54 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2009/12/18 12:29:53 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2009/12/18 12:29:53 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2009/12/18 12:29:53 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2009/12/18 12:29:52 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2009/12/18 12:29:52 | 00,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2009/12/18 12:29:52 | 00,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2009/12/18 12:29:52 | 00,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2009/12/18 12:29:52 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2009/12/18 12:29:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2009/12/18 12:29:51 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2009/12/18 12:29:51 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2009/12/18 12:29:51 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2009/12/18 12:29:50 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2009/12/18 12:29:50 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/12/18 12:29:49 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2009/12/18 12:29:42 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2009/12/18 12:29:41 | 01,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2009/12/18 12:29:41 | 00,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2009/12/18 12:29:41 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2009/12/18 12:29:41 | 00,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2009/12/18 12:29:40 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2009/12/18 12:29:40 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2009/12/18 12:29:39 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2009/12/18 12:29:28 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2009/12/18 12:29:28 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2009/12/18 12:29:27 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2009/12/18 12:29:19 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2009/12/18 12:29:18 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2009/12/18 12:29:18 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2009/12/18 12:29:14 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2009/12/18 12:29:07 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2009/12/18 12:29:07 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2009/12/18 12:29:06 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2009/12/18 12:29:06 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2009/12/18 12:29:05 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2009/12/18 12:29:05 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2009/12/18 12:29:00 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2009/12/18 12:28:56 | 00,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2009/12/18 12:26:54 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2009/12/18 12:26:42 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2009/12/18 12:24:58 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2009/12/18 12:19:42 | 00,027,165 | ---- | C] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\drivers\fetnd5.sys
[2009/12/18 12:17:05 | 00,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTL8139.sys
[2009/12/18 12:09:49 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2009/12/18 12:09:49 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2009/12/18 12:09:49 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2009/12/18 12:09:49 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2009/12/10 18:24:20 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrhptoxh.sys
[2009/12/10 18:20:00 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rstdodak.sys
[2009/12/10 18:09:38 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\lrqttpix.sys
[2009/12/10 17:59:15 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bvvkrfjx.sys
[2009/12/10 17:48:53 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ughrbngr.sys
[2009/12/10 17:38:31 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\qfybbsxz.sys
[2009/12/10 17:28:09 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kjwtyfpw.sys
[2009/12/10 17:17:47 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vwolzrkj.sys
[2009/12/10 17:07:25 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rtdggxgx.sys
[2009/12/10 16:57:03 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dpafkobq.sys
[2009/12/10 16:47:11 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\loilujhn.sys
[2009/12/10 16:36:38 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\djcbukfi.sys
[2009/12/10 16:26:16 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vcnmqvmj.sys
[2009/12/10 16:15:53 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gqraaygd.sys
[2009/12/10 16:05:31 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gyvesrrh.sys
[2009/12/10 15:55:09 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bypkezxm.sys
[2009/12/10 15:44:47 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ftrhezfl.sys
[2009/12/10 15:34:24 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nzrefysz.sys
[2009/12/10 15:24:02 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pjpifdut.sys
[2009/12/10 15:13:40 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hbtcuzbn.sys
[2009/12/10 15:03:18 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vvooemvr.sys
[2009/12/10 14:52:56 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uafurbkn.sys
[2009/12/10 14:43:04 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tosnekpo.sys
[2009/12/10 14:32:31 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\exyqahfq.sys
[2009/12/10 14:22:09 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cmbvrsjz.sys
[2009/12/10 14:11:47 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ieswtqck.sys
[2009/12/10 14:01:30 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ebzsrgjs.sys
[2009/12/10 13:46:56 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fweaeixj.sys
[2009/12/10 13:36:32 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\caftjuom.sys
[2009/12/10 13:26:10 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pkjaogju.sys
[2009/12/10 13:15:45 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fexcvrqv.sys
[2009/12/10 13:05:19 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\qtelpklt.sys
[2009/12/10 12:54:57 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\udukgrgc.sys
[2009/12/10 12:44:20 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fdpbgddq.sys
[2009/12/10 12:34:30 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vepbkgwv.sys
[2009/12/10 12:23:49 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vetcwesl.sys
[2009/12/10 12:13:12 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fgmrmdek.sys
[2009/12/10 12:02:41 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\makaiysc.sys
[2009/12/10 11:52:08 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ynjpvpfg.sys
[2009/12/10 11:41:33 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rcbigtsu.sys
[2009/12/10 11:31:11 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cqchfdmi.sys
[2009/12/10 11:20:19 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jcwwjvjn.sys
[2009/12/10 11:09:30 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wnohoesu.sys
[2009/12/10 11:00:06 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tgfhindz.sys
[2009/12/10 10:48:37 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ekozpqcp.sys
[2009/12/10 10:37:52 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\orrdvwij.sys
[2009/12/10 10:27:58 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ulmhwset.sys
[2009/12/10 10:18:01 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\iyipttoz.sys
[2009/12/10 10:08:05 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fqbnafzc.sys
[2009/12/10 09:57:10 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gkvhhbkb.sys
[2009/12/10 09:46:10 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xamouqgj.sys
[2009/12/10 09:36:11 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\lvqdzehi.sys
[2009/12/10 09:26:13 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\idsskwzw.sys
[2009/12/10 09:15:19 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cgvkheik.sys
[2009/12/10 09:04:16 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xckryihy.sys
[2009/12/10 08:53:27 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tvqfhbjq.sys
[2009/12/10 08:42:46 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vxrfkrwy.sys
[2009/12/10 08:32:46 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uvxuttlz.sys
[2009/12/10 08:22:50 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\maujtexb.sys
[2009/12/10 08:11:15 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ufquuvyw.sys
[2009/12/10 07:58:38 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\itglrrkr.sys
[2009/12/10 07:50:15 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bkadhjnl.sys
[2009/12/10 07:38:12 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kmkyzzun.sys
[2009/12/10 07:26:27 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\euplzukg.sys
[2009/12/10 07:16:26 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bhzsdszv.sys
[2009/12/10 07:07:03 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ipbuboys.sys
[2009/12/10 06:55:38 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\eedhxyov.sys
[2009/12/10 06:44:38 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hpyskuhz.sys
[2009/12/10 06:34:36 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\btvznmet.sys
[2009/12/10 06:23:39 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\yowwxnbx.sys
[2009/12/10 06:15:24 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\brgqfnop.sys
[2009/12/10 06:03:13 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nybdvmqu.sys
[2009/12/10 05:52:20 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mfowiiat.sys
[2009/12/10 05:41:23 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\efnhvklw.sys
[2009/12/10 05:30:24 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ugvoceug.sys
[2009/12/10 05:22:19 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gqagihzb.sys
[2009/12/10 05:09:22 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sscqvren.sys
[2009/12/10 04:58:25 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kfsyytzj.sys
[2009/12/10 04:47:27 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hmeovhgn.sys
[2009/12/10 04:37:22 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jmogstay.sys
[2009/12/10 04:26:31 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jhiswqre.sys
[2009/12/10 04:15:34 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\lfvbmggg.sys
[2009/12/10 04:05:36 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\egwjpgel.sys
[2009/12/10 03:54:26 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uuxioldf.sys
[2009/12/10 03:44:26 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uylcippk.sys
[2009/12/10 03:33:21 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\yniyalxu.sys
[2009/12/10 03:22:25 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vqpoqalt.sys
[2009/12/10 03:12:10 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jatttnxl.sys
[2009/12/10 03:01:14 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fjfsenjp.sys
[2009/12/10 02:50:16 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwqsnwrn.sys
[2009/12/10 02:40:12 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\eqfmiqdm.sys
[2009/12/10 02:29:08 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\zywqrsbl.sys
[2009/12/10 02:21:46 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xckxipvz.sys
[2009/12/10 02:08:14 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rqhzghnj.sys
[2009/12/10 01:56:39 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\saxgqqtt.sys
[2009/12/10 01:45:34 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nlzrfvsf.sys
[2009/12/10 01:34:38 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rufxzoni.sys
[2009/12/10 01:23:43 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jmerskpc.sys
[2009/12/10 01:12:54 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\lvnfftsa.sys
[2009/12/10 01:01:48 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bjpkacpl.sys
[2009/12/10 00:50:49 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jyjmgmfp.sys
[2009/12/10 00:40:45 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\holtxlwm.sys
[2009/12/10 00:29:56 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\iauagpyd.sys
[2009/12/10 00:20:00 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tjcwbdza.sys
[2009/12/10 00:09:02 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\zkibwsss.sys
[2009/12/10 00:02:02 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\qavtoymo.sys
[2009/12/09 23:49:05 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jrwqruuc.sys
[2009/12/09 23:38:54 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wtojamhj.sys
[2009/12/09 23:28:49 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dwpsytan.sys
[2009/12/09 23:17:51 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fkbhzdmc.sys
[2009/12/09 23:07:50 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gdvqcqem.sys
[2009/12/09 22:56:54 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\svwbqrzk.sys
[2009/12/09 22:46:02 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xfyzwhhr.sys
[2009/12/09 22:44:24 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ckjnjkrm.sys
[2009/12/09 22:41:35 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fcvwleyi.sys
[2009/12/09 22:40:28 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\semrgvbw.sys
[2009/12/09 22:39:24 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\itctbgav.sys
[2009/12/09 22:38:03 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ommmmqie.sys
[2009/12/09 22:27:48 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\npjpniii.sys
[2009/12/09 22:17:03 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kvgstrfo.sys
[2009/12/09 22:06:49 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xmzptyeo.sys
[2009/12/09 21:56:32 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\lcumjijl.sys
[2009/12/09 21:46:04 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uqjyrtwd.sys
[2009/12/09 21:45:44 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\upterodx.sys
[2009/12/09 07:29:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2009/12/09 06:55:52 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gzaazwfy.sys
[2009/12/09 06:49:54 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\honjrgzb.sys
[2009/12/09 06:46:22 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rpticmym.sys
[2009/12/09 06:45:13 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fdtsajwe.sys
[2009/12/09 06:44:14 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tpppxqsj.sys
[2009/12/05 20:57:00 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2009/12/05 18:30:32 | 00,000,000 | ---D | C] -- C:\Program Files\Browser Hijack Recover
[2009/12/05 16:12:23 | 00,000,000 | ---D | C] -- C:\Program Files\Error Expert
[2009/12/05 12:01:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mark\My Documents\Downloads
[2009/12/05 11:47:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
[2009/12/05 11:46:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2009/12/05 11:44:58 | 00,563,864 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Mark\My Documents\ChromeSetup.exe
[2009/12/05 09:35:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IsolatedStorage
[2009/12/05 09:35:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Temp
[2009/12/05 09:35:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Quarantine
[2009/12/05 09:35:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Logs
[2009/12/05 09:35:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CustomActions
[2009/12/05 09:35:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2009/12/05 09:22:21 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/05 09:04:01 | 00,195,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2009/12/05 09:01:47 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/12/02 19:03:54 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared Free
[2009/11/29 18:11:00 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\Actecom
[2009/11/29 18:11:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickMediaConverter
[2009/11/29 18:09:06 | 00,000,000 | ---D | C] -- C:\Program Files\QuickMediaConverter
[2009/11/29 18:08:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WDSetup
[2009/11/29 10:30:34 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/11/29 01:15:08 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/11/29 01:14:50 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/29 01:14:46 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/29 01:14:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/29 01:14:45 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/29 01:11:06 | 00,102,800 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/11/28 23:21:56 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/11/28 23:21:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/11/28 22:55:36 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/07/31 02:01:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/06/08 16:41:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/06/02 18:41:57 | 00,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxducoin.dll
[2009/06/02 18:25:42 | 00,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDUhcp.dll
[2009/06/02 18:25:41 | 00,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduinpa.dll
[2009/06/02 18:25:41 | 00,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduiesc.dll
[2009/06/02 18:25:40 | 01,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduserv.dll
[2009/06/02 18:25:40 | 00,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduusb1.dll
[2009/06/02 18:25:39 | 00,651,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdupmui.dll
[2009/06/02 18:25:39 | 00,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdulmpm.dll
[2009/06/02 18:25:37 | 00,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduhbn3.dll
[2009/06/02 18:25:36 | 00,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxducomm.dll
[2009/06/02 18:25:35 | 00,761,856 | ---- | C] ( ) -- C:\WINDOWS\System32\lxducomc.dll
[2009/02/05 10:17:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2008/10/14 05:13:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/09/27 02:03:22 | 00,983,080 | ---- | C] (Microsoft Corporation) -- C:\Program Files\KeyUpdateTool_enu.exe
[2008/09/26 10:11:20 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/20 17:52:03 | 00,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1580436667-725345543-500UA.job
[2009/12/20 17:36:05 | 00,181,020 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/12/20 17:35:58 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/20 14:28:00 | 00,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\{96681319-0477-435B-8958-126FD4BC3133}_ROCKIES31_MP.job
[2009/12/20 14:22:16 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/12/20 14:17:09 | 00,000,433 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/12/20 14:16:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/20 14:16:41 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/20 14:16:39 | 21,470,12608 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/20 14:16:37 | 21,470,41280 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009/12/20 12:14:44 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/12/20 11:52:01 | 00,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1580436667-725345543-500Core.job
[2009/12/20 11:51:01 | 00,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/12/19 16:28:23 | 10,223,616 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2009/12/19 16:28:23 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2009/12/19 12:04:25 | 00,523,522 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/19 12:04:25 | 00,442,026 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/19 12:04:25 | 00,071,674 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/19 11:58:18 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/19 11:57:38 | 02,002,920 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2009/12/19 11:37:06 | 00,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2009/12/19 11:27:44 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/12/19 11:24:16 | 00,115,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/19 09:53:31 | 00,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2009/12/18 22:44:24 | 00,000,587 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/18 20:48:59 | 00,000,648 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\a-squared Free.lnk
[2009/12/18 12:53:45 | 00,018,312 | ---- | M] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2009/12/18 12:38:19 | 00,018,312 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/18 12:32:56 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/12/18 12:28:09 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/12/18 12:28:09 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/12/18 12:27:57 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/12/18 12:27:08 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/12/18 12:27:08 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/12/18 12:27:02 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/12/18 12:27:02 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/12/18 12:27:02 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/12/18 12:27:02 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/12/18 12:27:02 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/12/18 12:27:02 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/12/18 12:26:49 | 00,001,505 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/12/18 12:25:08 | 00,023,348 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/12/18 12:23:31 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/12/18 12:09:59 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/13 13:37:04 | 03,746,026 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/12/10 18:24:21 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrhptoxh.sys
[2009/12/10 18:24:20 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysED61186E
[2009/12/10 18:20:00 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys7968738B
[2009/12/10 18:20:00 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rstdodak.sys
[2009/12/10 18:09:38 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys62940531
[2009/12/10 18:09:38 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\lrqttpix.sys
[2009/12/10 17:59:16 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bvvkrfjx.sys
[2009/12/10 17:59:15 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys555802CF
[2009/12/10 17:48:54 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ughrbngr.sys
[2009/12/10 17:48:53 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys1CA7FA9A
[2009/12/10 17:38:32 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\qfybbsxz.sys
[2009/12/10 17:38:31 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys57A9176B
[2009/12/10 17:28:09 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys0FEE6EBB
[2009/12/10 17:28:09 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kjwtyfpw.sys
[2009/12/10 17:17:47 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys48A7F418
[2009/12/10 17:17:47 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vwolzrkj.sys
[2009/12/10 17:07:25 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys7949AC93
[2009/12/10 17:07:25 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rtdggxgx.sys
[2009/12/10 16:57:03 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysE2A6CA96
[2009/12/10 16:57:03 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dpafkobq.sys
[2009/12/10 16:47:11 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\loilujhn.sys
[2009/12/10 16:47:10 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysC4667FFF
[2009/12/10 16:36:39 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\djcbukfi.sys
[2009/12/10 16:36:38 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysAED42813
[2009/12/10 16:26:16 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys3272F53A
[2009/12/10 16:26:16 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vcnmqvmj.sys
[2009/12/10 16:15:54 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gqraaygd.sys
[2009/12/10 16:15:53 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys76E111A5
[2009/12/10 16:05:32 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gyvesrrh.sys
[2009/12/10 16:05:31 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys24A7F75F
[2009/12/10 15:55:09 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysD89C1844
[2009/12/10 15:55:09 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bypkezxm.sys
[2009/12/10 15:44:47 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysCF997D26
[2009/12/10 15:44:47 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ftrhezfl.sys
[2009/12/10 15:34:25 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nzrefysz.sys
[2009/12/10 15:34:24 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys92F2166E
[2009/12/10 15:24:03 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pjpifdut.sys
[2009/12/10 15:24:02 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys840CE614
[2009/12/10 15:13:41 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hbtcuzbn.sys
[2009/12/10 15:13:40 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysEF6E6828
[2009/12/10 15:03:18 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys280FB84D
[2009/12/10 15:03:18 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vvooemvr.sys
[2009/12/10 14:52:56 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys3CCA9140
[2009/12/10 14:52:56 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uafurbkn.sys
[2009/12/10 14:43:04 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys9C189013
[2009/12/10 14:43:04 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tosnekpo.sys
[2009/12/10 14:32:32 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\exyqahfq.sys
[2009/12/10 14:32:31 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysEDC9E411
[2009/12/10 14:22:10 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cmbvrsjz.sys
[2009/12/10 14:22:09 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys9D76384F
[2009/12/10 14:11:47 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysF0187DED
[2009/12/10 14:11:47 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ieswtqck.sys
[2009/12/10 14:01:31 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ebzsrgjs.sys
[2009/12/10 14:01:30 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys5FC17012
[2009/12/10 13:46:57 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fweaeixj.sys
[2009/12/10 13:46:56 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysE8E797D4
[2009/12/10 13:36:32 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysAFE77813
[2009/12/10 13:36:32 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\caftjuom.sys
[2009/12/10 13:26:10 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysEAB5E746
[2009/12/10 13:26:10 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pkjaogju.sys
[2009/12/10 13:15:45 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys7AC194B4
[2009/12/10 13:15:45 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fexcvrqv.sys
[2009/12/10 13:05:20 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\qtelpklt.sys
[2009/12/10 13:05:19 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysB958D4EB
[2009/12/10 12:54:58 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\udukgrgc.sys
[2009/12/10 12:54:57 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysDD23AEE1
[2009/12/10 12:44:20 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys1A0A2F13
[2009/12/10 12:44:20 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fdpbgddq.sys
[2009/12/10 12:34:30 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysA7A2125E
[2009/12/10 12:34:30 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vepbkgwv.sys
[2009/12/10 12:23:50 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vetcwesl.sys
[2009/12/10 12:23:49 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys8A4C2388
[2009/12/10 12:13:13 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fgmrmdek.sys
[2009/12/10 12:13:12 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysFE2B4992
[2009/12/10 12:02:42 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\makaiysc.sys
[2009/12/10 12:02:41 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys897B3DB7
[2009/12/10 11:52:09 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ynjpvpfg.sys
[2009/12/10 11:52:08 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys89C0CA56
[2009/12/10 11:41:33 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rcbigtsu.sys
[2009/12/10 11:41:32 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysD90BEE57
[2009/12/10 11:31:12 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cqchfdmi.sys
[2009/12/10 11:31:11 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysEB011882
[2009/12/10 11:20:20 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jcwwjvjn.sys
[2009/12/10 11:20:19 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys2E1DB463
[2009/12/10 11:09:31 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wnohoesu.sys
[2009/12/10 11:09:30 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysB6028012
[2009/12/10 11:00:09 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tgfhindz.sys
[2009/12/10 11:00:06 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys39BA71CD
[2009/12/10 10:48:38 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ekozpqcp.sys
[2009/12/10 10:48:36 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys0388FBDF
[2009/12/10 10:37:53 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\orrdvwij.sys
[2009/12/10 10:37:52 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys4181D088
[2009/12/10 10:27:58 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys64551CA9
[2009/12/10 10:27:58 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ulmhwset.sys
[2009/12/10 10:18:04 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\iyipttoz.sys
[2009/12/10 10:18:00 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys6333D8DA
[2009/12/10 10:08:07 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fqbnafzc.sys
[2009/12/10 10:08:04 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys1D485A03
[2009/12/10 09:57:13 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gkvhhbkb.sys
[2009/12/10 09:57:09 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys03B446C9
[2009/12/10 09:46:11 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xamouqgj.sys
[2009/12/10 09:46:09 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys2D38C8ED
[2009/12/10 09:36:14 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\lvqdzehi.sys
[2009/12/10 09:36:10 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys2CBB26D9
[2009/12/10 09:26:16 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\idsskwzw.sys
[2009/12/10 09:26:12 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys285B30EB
[2009/12/10 09:15:22 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cgvkheik.sys
[2009/12/10 09:15:18 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys7422064D
[2009/12/10 09:04:18 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xckryihy.sys
[2009/12/10 09:04:16 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys3A4361B2
[2009/12/10 08:53:29 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tvqfhbjq.sys
[2009/12/10 08:53:26 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys1CF226ED
[2009/12/10 08:42:48 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vxrfkrwy.sys
[2009/12/10 08:42:46 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysBCB65B05
[2009/12/10 08:32:48 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uvxuttlz.sys
[2009/12/10 08:32:45 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys8D0F4757
[2009/12/10 08:22:52 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\maujtexb.sys
[2009/12/10 08:22:49 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys9D29101F
[2009/12/10 08:11:17 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ufquuvyw.sys
[2009/12/10 08:11:14 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys6072D978
[2009/12/10 07:58:40 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\itglrrkr.sys
[2009/12/10 07:58:36 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysB0CCCB5B
[2009/12/10 07:50:18 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bkadhjnl.sys
[2009/12/10 07:50:15 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys116971F7
[2009/12/10 07:38:14 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kmkyzzun.sys
[2009/12/10 07:38:11 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys681179E4
[2009/12/10 07:26:30 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\euplzukg.sys
[2009/12/10 07:26:26 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys6DBE6E44
[2009/12/10 07:16:28 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bhzsdszv.sys
[2009/12/10 07:16:25 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys9D1705FD
[2009/12/10 07:07:05 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ipbuboys.sys
[2009/12/10 07:07:02 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys1F3EDAA4
[2009/12/10 06:55:38 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysB636F7A7
[2009/12/10 06:55:38 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\eedhxyov.sys
[2009/12/10 06:44:41 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hpyskuhz.sys
[2009/12/10 06:44:38 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysADDB5B62
[2009/12/10 06:34:39 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\btvznmet.sys
[2009/12/10 06:34:36 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys3E3BC466
[2009/12/10 06:23:41 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\yowwxnbx.sys
[2009/12/10 06:23:38 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysBA0AA43A
[2009/12/10 06:15:25 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\brgqfnop.sys
[2009/12/10 06:15:23 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys394F43BC
[2009/12/10 06:03:15 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nybdvmqu.sys
[2009/12/10 06:03:12 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys8311154E
[2009/12/10 05:52:22 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mfowiiat.sys
[2009/12/10 05:52:17 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys914DED72
[2009/12/10 05:41:25 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\efnhvklw.sys
[2009/12/10 05:41:22 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysE4B04F52
[2009/12/10 05:30:26 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ugvoceug.sys
[2009/12/10 05:30:23 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysA527750C
[2009/12/10 05:22:21 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gqagihzb.sys
[2009/12/10 05:22:19 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysCB7CBEC5
[2009/12/10 05:09:24 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sscqvren.sys
[2009/12/10 05:09:21 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysB3168F5E
[2009/12/10 04:58:27 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kfsyytzj.sys
[2009/12/10 04:58:24 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys15F69F6A
[2009/12/10 04:47:28 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hmeovhgn.sys
[2009/12/10 04:47:26 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys29509752
[2009/12/10 04:37:23 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jmogstay.sys
[2009/12/10 04:37:21 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys0609F256
[2009/12/10 04:26:33 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jhiswqre.sys
[2009/12/10 04:26:30 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys7406860C
[2009/12/10 04:15:36 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\lfvbmggg.sys
[2009/12/10 04:15:34 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys9F4BACD9
[2009/12/10 04:05:38 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\egwjpgel.sys
[2009/12/10 04:05:35 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysD7A0DE3E
[2009/12/10 03:54:29 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uuxioldf.sys
[2009/12/10 03:54:26 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys73E096AD
[2009/12/10 03:44:28 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uylcippk.sys
[2009/12/10 03:44:25 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys3ACED42A
[2009/12/10 03:33:23 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\yniyalxu.sys
[2009/12/10 03:33:20 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys3605184E
[2009/12/10 03:22:27 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vqpoqalt.sys
[2009/12/10 03:22:24 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys66910D76
[2009/12/10 03:12:13 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jatttnxl.sys
[2009/12/10 03:12:09 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys310516D8
[2009/12/10 03:01:17 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fjfsenjp.sys
[2009/12/10 03:01:14 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys17407AD7
[2009/12/10 02:50:18 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwqsnwrn.sys
[2009/12/10 02:50:15 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysFFB981D2
[2009/12/10 02:40:15 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\eqfmiqdm.sys
[2009/12/10 02:40:12 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysBF3F24CE
[2009/12/10 02:29:10 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\zywqrsbl.sys
[2009/12/10 02:29:07 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysA2C7947B
[2009/12/10 02:21:49 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xckxipvz.sys
[2009/12/10 02:21:46 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys21F4FA02
[2009/12/10 02:08:16 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rqhzghnj.sys
[2009/12/10 02:08:13 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysD53E454C
[2009/12/10 01:56:42 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\saxgqqtt.sys
[2009/12/10 01:56:39 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys35EEE713
[2009/12/10 01:45:35 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nlzrfvsf.sys
[2009/12/10 01:45:33 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysE31722DE
[2009/12/10 01:34:40 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rufxzoni.sys
[2009/12/10 01:34:37 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys295D693C
[2009/12/10 01:23:46 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jmerskpc.sys
[2009/12/10 01:23:43 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys8AB704B8
[2009/12/10 01:12:55 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\lvnfftsa.sys
[2009/12/10 01:12:53 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys3CB7D7DC
[2009/12/10 01:01:50 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bjpkacpl.sys
[2009/12/10 01:01:47 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys62DC51E9
[2009/12/10 00:50:50 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jyjmgmfp.sys
[2009/12/10 00:50:49 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysF8616D3B
[2009/12/10 00:40:46 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\holtxlwm.sys
[2009/12/10 00:40:44 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys68A350E2
[2009/12/10 00:29:58 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\iauagpyd.sys
[2009/12/10 00:29:55 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys8C887F7A
[2009/12/10 00:20:02 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tjcwbdza.sys
[2009/12/10 00:20:00 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysEE3F2B4D
[2009/12/10 00:09:05 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\zkibwsss.sys
[2009/12/10 00:09:02 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysD1B43803
[2009/12/10 00:02:04 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\qavtoymo.sys
[2009/12/10 00:02:01 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys6417CF80
[2009/12/09 23:49:07 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jrwqruuc.sys
[2009/12/09 23:49:04 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys249DA68F
[2009/12/09 23:38:56 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wtojamhj.sys
[2009/12/09 23:38:54 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys637CD27B
[2009/12/09 23:28:51 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dwpsytan.sys
[2009/12/09 23:28:48 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysDBB56AB4
[2009/12/09 23:17:53 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fkbhzdmc.sys
[2009/12/09 23:17:50 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysB15493F8
[2009/12/09 23:07:52 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gdvqcqem.sys
[2009/12/09 23:07:49 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys3883EEA7
[2009/12/09 22:56:56 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\svwbqrzk.sys
[2009/12/09 22:56:53 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys05D043ED
[2009/12/09 22:46:04 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xfyzwhhr.sys
[2009/12/09 22:46:01 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys8FE594A7
[2009/12/09 22:44:26 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ckjnjkrm.sys
[2009/12/09 22:44:23 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys7F0DC4E7
[2009/12/09 22:41:37 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fcvwleyi.sys
[2009/12/09 22:41:34 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys7CB3A67D
[2009/12/09 22:40:29 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\semrgvbw.sys
[2009/12/09 22:40:27 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys2DF29414
[2009/12/09 22:39:26 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\itctbgav.sys
[2009/12/09 22:39:23 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys0D889A53
[2009/12/09 22:38:06 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ommmmqie.sys
[2009/12/09 22:38:03 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysFEC2F9C5
[2009/12/09 22:27:49 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\npjpniii.sys
[2009/12/09 22:27:47 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys53C0B60C
[2009/12/09 22:17:05 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kvgstrfo.sys
[2009/12/09 22:17:03 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys731182B5
[2009/12/09 22:06:51 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xmzptyeo.sys
[2009/12/09 22:06:48 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys9E855D2D
[2009/12/09 21:56:34 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\lcumjijl.sys
[2009/12/09 21:56:32 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysDE713294
[2009/12/09 21:46:05 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uqjyrtwd.sys
[2009/12/09 21:45:45 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\upterodx.sys
[2009/12/09 21:45:43 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys32403C88
[2009/12/09 06:55:53 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gzaazwfy.sys
[2009/12/09 06:55:52 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys9828723F
[2009/12/09 06:49:55 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\honjrgzb.sys
[2009/12/09 06:46:27 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rpticmym.sys
[2009/12/09 06:45:14 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fdtsajwe.sys
[2009/12/09 06:45:13 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys413FF5D5
[2009/12/09 06:44:16 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tpppxqsj.sys
[2009/12/09 06:44:13 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys040FAA64
[2009/12/08 21:36:43 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/12/08 08:13:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/06 11:16:19 | 00,000,905 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to dds.lnk
[2009/12/05 19:53:57 | 00,000,667 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\IEXPLORE.lnk
[2009/12/05 18:30:38 | 00,000,749 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Browser Hijack Recover(BHR).lnk
[2009/12/05 16:12:27 | 00,000,665 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Error Expert.lnk
[2009/12/05 15:08:56 | 00,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2009/12/05 11:45:05 | 00,563,864 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Mark\My Documents\ChromeSetup.exe
[2009/12/05 09:35:16 | 00,001,074 | ---- | M] () -- C:\WINDOWS\System32\20041216.dat
[2009/12/05 09:35:14 | 00,000,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2009/12/03 22:25:01 | 00,001,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus.lnk
[2009/12/03 22:08:26 | 00,000,164 | ---- | M] () -- C:\WINDOWS\install.dat
[2009/12/03 21:04:44 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/12/03 20:28:21 | 00,013,588 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2009/12/03 20:28:16 | 00,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/29 18:11:02 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/11/29 01:11:03 | 00,102,800 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/11/28 23:22:23 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2009/11/28 23:14:21 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\8104297.jun
[2009/11/28 22:43:57 | 00,000,707 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/11/21 07:51:42 | 01,206,508 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/11/21 07:51:04 | 00,471,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/20 12:07:24 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/12/19 11:42:24 | 00,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/12/19 11:37:06 | 00,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2009/12/19 10:06:41 | 00,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2009/12/19 10:06:41 | 00,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2009/12/19 10:06:41 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2009/12/19 10:06:41 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2009/12/19 10:06:41 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2009/12/19 10:06:41 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2009/12/19 10:06:41 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2009/12/19 10:06:41 | 00,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2009/12/19 10:06:41 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2009/12/19 10:06:41 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2009/12/19 10:06:41 | 00,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2009/12/19 10:06:41 | 00,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2009/12/19 10:06:41 | 00,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2009/12/19 10:06:41 | 00,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2009/12/19 10:06:41 | 00,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2009/12/19 10:06:41 | 00,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2009/12/19 10:06:41 | 00,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2009/12/19 10:06:40 | 00,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2009/12/19 10:06:40 | 00,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2009/12/19 10:06:40 | 00,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2009/12/19 10:06:40 | 00,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2009/12/19 10:06:40 | 00,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2009/12/19 10:06:40 | 00,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2009/12/19 10:06:40 | 00,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2009/12/19 10:06:40 | 00,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2009/12/19 10:06:40 | 00,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2009/12/19 10:06:40 | 00,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2009/12/19 10:06:40 | 00,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2009/12/19 10:06:36 | 00,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2009/12/19 10:06:36 | 00,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2009/12/19 10:06:36 | 00,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2009/12/19 10:06:32 | 00,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2009/12/19 10:06:32 | 00,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2009/12/19 10:06:32 | 00,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2009/12/19 10:06:32 | 00,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2009/12/19 10:06:32 | 00,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2009/12/19 10:06:32 | 00,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2009/12/19 10:06:31 | 00,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2009/12/19 10:06:31 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2009/12/19 10:06:31 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2009/12/19 10:06:31 | 00,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2009/12/19 10:06:26 | 00,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2009/12/19 10:06:24 | 00,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2009/12/19 10:06:21 | 00,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2009/12/19 10:06:20 | 00,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2009/12/19 10:06:17 | 00,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2009/12/19 10:06:17 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2009/12/19 10:06:17 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2009/12/19 10:06:17 | 00,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2009/12/19 10:06:17 | 00,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2009/12/19 10:06:17 | 00,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2009/12/19 10:06:17 | 00,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2009/12/19 10:06:17 | 00,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2009/12/19 10:06:17 | 00,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2009/12/19 10:06:17 | 00,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2009/12/19 10:06:17 | 00,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2009/12/19 10:06:17 | 00,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2009/12/19 10:06:17 | 00,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2009/12/19 10:06:17 | 00,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2009/12/19 10:06:17 | 00,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2009/12/19 10:06:17 | 00,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2009/12/19 10:06:13 | 00,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2009/12/19 10:06:11 | 00,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2009/12/19 10:06:11 | 00,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2009/12/19 10:05:59 | 00,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
[2009/12/19 10:05:59 | 00,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2009/12/19 10:05:59 | 00,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2009/12/19 10:05:59 | 00,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2009/12/19 10:05:59 | 00,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
[2009/12/19 10:05:55 | 00,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2009/12/19 10:05:30 | 00,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2009/12/19 10:05:20 | 00,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2009/12/19 10:05:20 | 00,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2009/12/19 10:05:20 | 00,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2009/12/19 10:05:20 | 00,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2009/12/19 10:05:20 | 00,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2009/12/19 10:05:19 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2009/12/19 10:05:19 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2009/12/19 10:05:19 | 00,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2009/12/19 10:05:19 | 00,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2009/12/19 10:05:19 | 00,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2009/12/19 10:05:16 | 00,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2009/12/18 20:48:59 | 00,000,648 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\a-squared Free.lnk
[2009/12/18 12:31:11 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2009/12/18 12:31:11 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2009/12/18 12:30:45 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2009/12/18 12:30:44 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/12/18 12:30:35 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009/12/18 12:30:32 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009/12/18 12:30:14 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2009/12/18 12:29:53 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/12/18 12:29:49 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009/12/18 12:29:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2009/12/18 12:29:48 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009/12/18 12:29:48 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2009/12/18 12:29:48 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2009/12/18 12:29:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009/12/18 12:29:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009/12/18 12:29:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2009/12/18 12:29:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2009/12/18 12:29:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2009/12/18 12:29:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2009/12/18 12:29:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2009/12/18 12:29:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2009/12/18 12:29:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2009/12/18 12:29:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2009/12/18 12:29:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2009/12/18 12:29:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2009/12/18 12:29:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2009/12/18 12:29:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2009/12/18 12:29:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2009/12/18 12:29:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2009/12/18 12:29:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2009/12/18 12:29:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2009/12/18 12:29:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2009/12/18 12:29:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2009/12/18 12:29:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2009/12/18 12:29:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2009/12/18 12:29:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2009/12/18 12:29:45 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2009/12/18 12:29:45 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2009/12/18 12:29:45 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2009/12/18 12:29:45 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2009/12/18 12:29:45 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2009/12/18 12:29:45 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2009/12/18 12:29:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2009/12/18 12:29:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2009/12/18 12:29:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2009/12/18 12:29:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2009/12/18 12:29:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2009/12/18 12:29:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2009/12/18 12:29:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2009/12/18 12:29:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2009/12/18 12:29:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2009/12/18 12:29:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2009/12/18 12:29:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2009/12/18 12:29:43 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2009/12/18 12:29:43 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2009/12/18 12:29:43 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2009/12/18 12:29:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009/12/18 12:29:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009/12/18 12:29:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009/12/18 12:29:42 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2009/12/18 12:29:41 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2009/12/18 12:27:08 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/12/18 12:27:02 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/12/18 12:27:02 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/12/18 12:27:02 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/12/18 12:27:02 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/12/18 12:27:02 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/12/18 12:20:43 | 00,186,407 | ---- | C] () -- C:\WINDOWS\System32\nvapps.nvb
[2009/12/18 12:09:12 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/12/18 12:09:12 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/12/18 12:09:12 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009/12/18 12:09:12 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/12/18 12:09:12 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/12/18 12:09:11 | 01,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2009/12/18 12:09:11 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/12/10 18:24:20 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysED61186E
[2009/12/10 18:20:00 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys7968738B
[2009/12/10 18:09:38 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys62940531
[2009/12/10 17:59:15 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys555802CF
[2009/12/10 17:48:53 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys1CA7FA9A
[2009/12/10 17:38:31 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys57A9176B
[2009/12/10 17:28:09 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys0FEE6EBB
[2009/12/10 17:17:47 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys48A7F418
[2009/12/10 17:07:25 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys7949AC93
[2009/12/10 16:57:03 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysE2A6CA96
[2009/12/10 16:47:10 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysC4667FFF
[2009/12/10 16:36:38 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysAED42813
[2009/12/10 16:26:15 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys3272F53A
[2009/12/10 16:15:53 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys76E111A5
[2009/12/10 16:05:31 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys24A7F75F
[2009/12/10 15:55:09 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysD89C1844
[2009/12/10 15:44:46 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysCF997D26
[2009/12/10 15:34:24 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys92F2166E
[2009/12/10 15:24:02 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys840CE614
[2009/12/10 15:13:40 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysEF6E6828
[2009/12/10 15:03:18 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys280FB84D
[2009/12/10 14:52:56 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys3CCA9140
[2009/12/10 14:43:03 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys9C189013
[2009/12/10 14:32:31 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysEDC9E411
[2009/12/10 14:22:09 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys9D76384F
[2009/12/10 14:11:47 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysF0187DED
[2009/12/10 14:01:30 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys5FC17012
[2009/12/10 13:46:56 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysE8E797D4
[2009/12/10 13:36:32 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysAFE77813
[2009/12/10 13:26:10 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysEAB5E746
[2009/12/10 13:15:45 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys7AC194B4
[2009/12/10 13:05:19 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysB958D4EB
[2009/12/10 12:54:57 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysDD23AEE1
[2009/12/10 12:44:20 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys1A0A2F13
[2009/12/10 12:34:30 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysA7A2125E
[2009/12/10 12:23:49 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys8A4C2388
[2009/12/10 12:13:12 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysFE2B4992
[2009/12/10 12:02:41 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys897B3DB7
[2009/12/10 11:52:08 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys89C0CA56
[2009/12/10 11:41:32 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysD90BEE57
[2009/12/10 11:31:11 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysEB011882
[2009/12/10 11:20:19 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys2E1DB463
[2009/12/10 11:09:30 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysB6028012
[2009/12/10 11:00:06 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys39BA71CD
[2009/12/10 10:48:36 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys0388FBDF
[2009/12/10 10:37:52 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys4181D088
[2009/12/10 10:27:58 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys64551CA9
[2009/12/10 10:18:00 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys6333D8DA
[2009/12/10 10:08:04 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys1D485A03
[2009/12/10 09:57:09 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys03B446C9
[2009/12/10 09:46:09 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys2D38C8ED
[2009/12/10 09:36:10 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys2CBB26D9
[2009/12/10 09:26:12 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys285B30EB
[2009/12/10 09:15:18 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys7422064D
[2009/12/10 09:04:15 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys3A4361B2
[2009/12/10 08:53:25 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys1CF226ED
[2009/12/10 08:42:46 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysBCB65B05
[2009/12/10 08:32:45 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys8D0F4757
[2009/12/10 08:22:49 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys9D29101F
[2009/12/10 08:11:14 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys6072D978
[2009/12/10 07:58:36 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysB0CCCB5B
[2009/12/10 07:50:15 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys116971F7
[2009/12/10 07:37:58 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys681179E4
[2009/12/10 07:26:26 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys6DBE6E44
[2009/12/10 07:16:25 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys9D1705FD
[2009/12/10 07:07:02 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys1F3EDAA4
[2009/12/10 06:55:38 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysB636F7A7
[2009/12/10 06:44:37 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysADDB5B62
[2009/12/10 06:34:35 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys3E3BC466
[2009/12/10 06:23:38 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysBA0AA43A
[2009/12/10 06:15:23 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys394F43BC
[2009/12/10 06:03:12 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys8311154E
[2009/12/10 05:52:17 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys914DED72
[2009/12/10 05:41:22 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysE4B04F52
[2009/12/10 05:30:23 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysA527750C
[2009/12/10 05:22:19 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysCB7CBEC5
[2009/12/10 05:09:21 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysB3168F5E
[2009/12/10 04:58:24 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys15F69F6A
[2009/12/10 04:47:26 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys29509752
[2009/12/10 04:37:21 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys0609F256
[2009/12/10 04:26:29 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys7406860C
[2009/12/10 04:15:34 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys9F4BACD9
[2009/12/10 04:05:35 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysD7A0DE3E
[2009/12/10 03:54:25 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys73E096AD
[2009/12/10 03:44:25 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys3ACED42A
[2009/12/10 03:33:20 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys3605184E
[2009/12/10 03:22:24 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys66910D76
[2009/12/10 03:12:09 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys310516D8
[2009/12/10 03:01:13 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys17407AD7
[2009/12/10 02:50:15 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysFFB981D2
[2009/12/10 02:40:11 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysBF3F24CE
[2009/12/10 02:29:07 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysA2C7947B
[2009/12/10 02:21:46 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys21F4FA02
[2009/12/10 02:08:13 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysD53E454C
[2009/12/10 01:56:38 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys35EEE713
[2009/12/10 01:45:33 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysE31722DE
[2009/12/10 01:34:37 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys295D693C
[2009/12/10 01:23:42 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys8AB704B8
[2009/12/10 01:12:53 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys3CB7D7DC
[2009/12/10 01:01:47 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys62DC51E9
[2009/12/10 00:50:48 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysF8616D3B
[2009/12/10 00:40:44 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys68A350E2
[2009/12/10 00:29:55 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys8C887F7A
[2009/12/10 00:19:59 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysEE3F2B4D
[2009/12/10 00:09:01 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysD1B43803
[2009/12/10 00:02:01 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys6417CF80
[2009/12/09 23:49:04 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys249DA68F
[2009/12/09 23:38:53 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys637CD27B
[2009/12/09 23:28:48 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysDBB56AB4
[2009/12/09 23:17:50 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysB15493F8
[2009/12/09 23:07:49 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys3883EEA7
[2009/12/09 22:56:53 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys05D043ED
[2009/12/09 22:46:01 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys8FE594A7
[2009/12/09 22:44:23 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys7F0DC4E7
[2009/12/09 22:41:34 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys7CB3A67D
[2009/12/09 22:40:27 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys2DF29414
[2009/12/09 22:39:23 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys0D889A53
[2009/12/09 22:38:03 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysFEC2F9C5
[2009/12/09 22:27:47 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys53C0B60C
[2009/12/09 22:17:02 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys731182B5
[2009/12/09 22:06:48 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys9E855D2D
[2009/12/09 21:56:32 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysDE713294
[2009/12/09 21:45:43 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys32403C88
[2009/12/09 06:55:52 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys9828723F
[2009/12/09 06:45:13 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys413FF5D5
[2009/12/09 06:44:13 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys040FAA64
[2009/12/08 21:35:17 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/12/06 11:16:19 | 00,000,905 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to dds.lnk
[2009/12/05 19:53:57 | 00,000,667 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\IEXPLORE.lnk
[2009/12/05 18:30:38 | 00,000,749 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Browser Hijack Recover(BHR).lnk
[2009/12/05 11:57:28 | 00,002,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2009/12/05 11:47:23 | 00,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1580436667-725345543-500UA.job
[2009/12/05 11:47:22 | 00,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1580436667-725345543-500Core.job
[2009/12/05 09:35:16 | 00,001,074 | ---- | C] () -- C:\WINDOWS\System32\20041216.dat
[2009/12/05 09:35:14 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2009/12/03 22:25:00 | 00,001,669 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus.lnk
[2009/12/03 20:28:15 | 00,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2009/12/03 20:06:53 | 21,470,12608 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/29 18:11:02 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/11/29 01:14:56 | 00,000,587 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/28 23:22:23 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2009/11/28 23:14:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\8104297.jun
[2009/11/06 12:00:28 | 00,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/10/30 15:56:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI
[2009/10/30 15:35:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PhoneBkExe.INI
[2009/10/30 15:33:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2009/06/02 18:42:05 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxduvs.dll
[2009/06/02 18:40:43 | 01,036,288 | ---- | C] () -- C:\WINDOWS\System32\lxdudrs.dll
[2009/06/02 18:40:43 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxducaps.dll
[2009/06/02 18:40:43 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxducnv4.dll
[2009/06/02 18:39:47 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxduoem.dll
[2009/06/02 18:39:47 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDUPMON.DLL
[2009/06/02 18:39:47 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXDUFXPU.DLL
[2009/06/02 18:27:31 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdurwrd.ini
[2009/06/02 18:25:42 | 00,389,120 | ---- | C] () -- C:\WINDOWS\System32\LXDUinst.dll
[2009/06/02 18:25:37 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdugrd.dll
[2009/02/06 06:47:47 | 00,002,108 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\rx_audio.Cache
[2009/02/06 06:10:20 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\rx_image.Cache
[2009/02/04 09:30:18 | 00,000,304 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/12/28 19:38:56 | 00,000,209 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/10/20 10:25:58 | 00,000,068 | ---- | C] () -- C:\WINDOWS\QWCF.INI
[2008/10/13 11:13:43 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2008/10/13 11:13:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2008/10/13 11:13:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2008/10/12 23:34:58 | 00,000,028 | ---- | C] () -- C:\WINDOWS\qfnonl.ini
[2008/10/12 20:59:00 | 00,000,967 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/10/12 20:58:57 | 00,000,675 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2008/10/06 09:15:28 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/27 10:41:52 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/26 22:36:59 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008/09/26 22:35:12 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/05/16 11:01:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 11:01:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 11:01:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/08/30 04:29:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/11/30 02:10:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2003/10/01 23:00:00 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/01 23:00:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/07/28 06:19:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2003/07/28 06:19:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006/02/28 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 10:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\sp2qfe\netlogon.dll
[2009/02/06 10:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll
[2006/02/28 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006/02/28 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: VIAMRAID.SYS >
[2004/05/18 00:55:26 | 00,074,112 | R--- | M] (VIA Technologies inc,.ltd) MD5=F199939205DCCC7836AE5AB8B5DD5E83 -- C:\WINDOWS\system32\drivers\viamraid.sys

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 898 bytes -> C:\WINDOWS\System32\drivers\gzaazwfy.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\zywqrsbl.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\zkibwsss.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\yowwxnbx.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\ynjpvpfg.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\yniyalxu.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\xmzptyeo.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\xfyzwhhr.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\xckxipvz.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\xckryihy.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\xamouqgj.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\wtojamhj.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\wnohoesu.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\vxrfkrwy.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\vwolzrkj.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\vvooemvr.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\vqpoqalt.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\vetcwesl.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\vepbkgwv.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\vcnmqvmj.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\uylcippk.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\uvxuttlz.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\uuxioldf.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\ulmhwset.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\ugvoceug.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\ughrbngr.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\ufquuvyw.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\udukgrgc.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\uafurbkn.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\tvqfhbjq.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\tpppxqsj.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\tosnekpo.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\tjcwbdza.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\tgfhindz.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\svwbqrzk.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\sscqvren.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\semrgvbw.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\saxgqqtt.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\rufxzoni.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\rtdggxgx.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\rstdodak.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\rqhzghnj.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\rcbigtsu.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\qtelpklt.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\qfybbsxz.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\qavtoymo.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\pkjaogju.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\pjpifdut.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\orrdvwij.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\ommmmqie.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\nzrefysz.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\nybdvmqu.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\nwqsnwrn.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\npjpniii.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\nlzrfvsf.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\mrhptoxh.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\mfowiiat.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\maujtexb.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\makaiysc.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\lvqdzehi.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\lvnfftsa.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\lrqttpix.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\loilujhn.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\lfvbmggg.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\lcumjijl.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\kvgstrfo.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\kmkyzzun.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\kjwtyfpw.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\kfsyytzj.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\jyjmgmfp.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\jrwqruuc.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\jmogstay.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\jmerskpc.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\jhiswqre.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\jcwwjvjn.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\jatttnxl.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\iyipttoz.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\itctbgav.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\ipbuboys.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\ieswtqck.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\idsskwzw.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\iauagpyd.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\hpyskuhz.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\holtxlwm.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\hmeovhgn.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\hbtcuzbn.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\gyvesrrh.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\gqraaygd.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\gqagihzb.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\gkvhhbkb.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\gdvqcqem.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\fweaeixj.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\ftrhezfl.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\fqbnafzc.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\fkbhzdmc.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\fjfsenjp.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\fgmrmdek.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\fexcvrqv.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\fdtsajwe.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\fdpbgddq.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\fcvwleyi.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\exyqahfq.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\euplzukg.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\eqfmiqdm.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\ekozpqcp.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\egwjpgel.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\efnhvklw.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\eedhxyov.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\dwpsytan.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\dpafkobq.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\djcbukfi.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\cqchfdmi.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\cmbvrsjz.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\ckjnjkrm.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\cgvkheik.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\caftjuom.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\bypkezxm.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\bvvkrfjx.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\btvznmet.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\brgqfnop.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\bkadhjnl.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\bjpkacpl.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\bhzsdszv.sys:changelist
@Alternate Data Stream - 408 bytes -> C:\WINDOWS\System32\drivers\uqjyrtwd.sys:changelist
@Alternate Data Stream - 408 bytes -> C:\WINDOWS\System32\drivers\rpticmym.sys:changelist
@Alternate Data Stream - 376 bytes -> C:\WINDOWS\System32\drivers\honjrgzb.sys:changelist
@Alternate Data Stream - 1540 bytes -> C:\WINDOWS\System32\drivers\upterodx.sys:changelist
@Alternate Data Stream - 1540 bytes -> C:\WINDOWS\System32\drivers\itglrrkr.sys:changelist
@Alternate Data Stream - 1540 bytes -> C:\WINDOWS\System32\drivers\ebzsrgjs.sys:changelist
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B174FAE
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2947BEA
< End of report >

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:18 AM

Posted 20 December 2009 - 10:07 PM

Hello MarkP31,
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Untick the following boxes on the right side of the Gmer screen.
    Sections
    IAT/EAT
    Show All
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

unite.jpg


#5 MarkP31

MarkP31
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 20 December 2009 - 11:08 PM

OK your scan did crash the machine here is the stop error I got:

PFN_LIST CORRUPT

STOP: 0x0000004E (0x00000007, 0x0007FB3E, 0x00000001, 0x00000000)

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:18 AM

Posted 21 December 2009 - 10:07 AM

Let's try this instead then.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#7 MarkP31

MarkP31
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 23 December 2009 - 12:46 AM

Sorry for the delayed response Syler, its been a couple of very long work days. I am downloading combofix as I type this.

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:18 AM

Posted 23 December 2009 - 01:17 PM

HP I shall await you log.

unite.jpg


#9 MarkP31

MarkP31
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 26 December 2009 - 11:36 PM

ComboFix 09-12-26.01 - Administrator 12/26/2009 20:08:42.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1512 [GMT -8:00]
Running from: f:\spyware\ComboFix.exe
AV: Webroot AntiVirus with Spy Sweeper *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\Webroot\WEBROO~1\Backup\ntSVc.ocx
c:\recycler\S-1-5-21-1659004503-1580436667-725345543-1003
c:\recycler\S-1-5-21-842925246-682003330-1801674531-500
c:\windows\EventSystem.log
c:\windows\h288.exe
c:\windows\system32\20041216.dat
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.lnk
c:\windows\system32\logs

.
((((((((((((((((((((((((( Files Created from 2009-11-27 to 2009-12-27 )))))))))))))))))))))))))))))))
.

2009-12-20 20:05 . 2009-12-20 20:05 -------- d-----w- c:\program files\iPod
2009-12-20 20:05 . 2009-12-20 20:19 -------- d-----w- c:\program files\iTunes
2009-12-20 20:05 . 2009-12-20 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-20 20:00 . 2009-12-20 20:01 -------- d-----w- c:\program files\QuickTime
2009-12-19 19:48 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-19 19:47 . 2009-10-21 05:38 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2009-12-19 19:47 . 2009-10-21 05:38 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2009-12-19 19:47 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
2009-12-19 18:06 . 2004-08-04 12:00 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip
2009-12-19 18:06 . 2004-08-04 12:00 22060 -c----w- c:\windows\system32\dllcache\npds.zip
2009-12-19 18:06 . 2009-07-31 18:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-12-19 18:06 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-12-19 18:05 . 2008-04-14 00:12 123392 ------w- c:\windows\system32\mplay32.exe
2009-12-19 18:05 . 2008-04-14 00:12 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2009-12-19 17:17 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-19 17:16 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-12-19 17:16 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-12-19 17:16 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-12-19 17:16 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-12-19 17:16 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-19 17:16 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-12-19 17:16 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-19 17:16 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-12-19 17:15 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-12-19 17:15 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-19 17:14 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-19 17:14 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-12-19 17:14 . 2008-08-14 10:04 138496 -c----w- c:\windows\system32\dllcache\afd.sys
2009-12-19 17:12 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-12-19 17:12 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-19 17:12 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-19 17:12 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-19 17:12 . 2009-08-04 14:20 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-19 17:11 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-12-19 06:44 . 2009-12-19 06:45 -------- d-----w- c:\program files\zztoy
2009-12-19 04:04 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-19 03:23 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-12-18 20:32 . 2006-02-28 12:00 4677 -c--a-w- c:\windows\system32\dllcache\zeeverm.dll
2009-12-18 20:32 . 2006-02-28 12:00 41029 -c--a-w- c:\windows\system32\dllcache\zcorem.dll
2009-12-18 20:32 . 2006-02-28 12:00 36937 -c--a-w- c:\windows\system32\dllcache\zclientm.exe
2009-12-18 20:32 . 2006-02-28 12:00 29760 -c--a-w- c:\windows\system32\dllcache\znetm.dll
2009-12-18 20:32 . 2006-02-28 12:00 13894 -c--a-w- c:\windows\system32\dllcache\zonelibm.dll
2009-12-18 20:32 . 2006-02-28 12:00 113222 -c--a-w- c:\windows\system32\dllcache\zoneclim.dll
2009-12-18 20:30 . 2006-02-28 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2009-12-18 20:29 . 2006-02-28 12:00 20480 -c--a-w- c:\windows\system32\dllcache\counters.dll
2009-12-18 20:26 . 2006-02-28 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-12-18 20:19 . 2001-08-17 20:13 27165 ----a-w- c:\windows\system32\drivers\fetnd5.sys
2009-12-18 20:17 . 2004-08-04 06:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2009-12-18 20:17 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-18 20:09 . 2006-02-28 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-12-18 20:09 . 2006-02-28 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-12-18 20:09 . 2006-02-28 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-12-18 20:09 . 2006-02-28 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-12-12 06:35 . 2009-12-12 06:35 -------- d-s---w- c:\windows\system32\config\systemprofile\UserData
2009-12-11 02:24 . 2009-12-11 02:24 30784 ----a-w- c:\windows\system32\drivers\mrhptoxh.sys
2009-12-11 02:20 . 2009-12-11 02:20 30784 ----a-w- c:\windows\system32\drivers\rstdodak.sys
2009-12-11 02:09 . 2009-12-11 02:09 30784 ----a-w- c:\windows\system32\drivers\lrqttpix.sys
2009-12-11 01:59 . 2009-12-11 01:59 30784 ----a-w- c:\windows\system32\drivers\bvvkrfjx.sys
2009-12-11 01:48 . 2009-12-11 01:48 30784 ----a-w- c:\windows\system32\drivers\ughrbngr.sys
2009-12-11 01:38 . 2009-12-11 01:38 30784 ----a-w- c:\windows\system32\drivers\qfybbsxz.sys
2009-12-11 01:28 . 2009-12-11 01:28 30784 ----a-w- c:\windows\system32\drivers\kjwtyfpw.sys
2009-12-11 01:17 . 2009-12-11 01:17 30784 ----a-w- c:\windows\system32\drivers\vwolzrkj.sys
2009-12-11 01:07 . 2009-12-11 01:07 30784 ----a-w- c:\windows\system32\drivers\rtdggxgx.sys
2009-12-11 00:57 . 2009-12-11 00:57 30784 ----a-w- c:\windows\system32\drivers\dpafkobq.sys
2009-12-11 00:47 . 2009-12-11 00:47 30784 ----a-w- c:\windows\system32\drivers\loilujhn.sys
2009-12-11 00:36 . 2009-12-11 00:36 30784 ----a-w- c:\windows\system32\drivers\djcbukfi.sys
2009-12-11 00:26 . 2009-12-11 00:26 30784 ----a-w- c:\windows\system32\drivers\vcnmqvmj.sys
2009-12-11 00:15 . 2009-12-11 00:15 30784 ----a-w- c:\windows\system32\drivers\gqraaygd.sys
2009-12-11 00:05 . 2009-12-11 00:05 30784 ----a-w- c:\windows\system32\drivers\gyvesrrh.sys
2009-12-10 23:55 . 2009-12-10 23:55 30784 ----a-w- c:\windows\system32\drivers\bypkezxm.sys
2009-12-10 23:44 . 2009-12-10 23:44 30784 ----a-w- c:\windows\system32\drivers\ftrhezfl.sys
2009-12-10 23:34 . 2009-12-10 23:34 30784 ----a-w- c:\windows\system32\drivers\nzrefysz.sys
2009-12-10 23:24 . 2009-12-10 23:24 30784 ----a-w- c:\windows\system32\drivers\pjpifdut.sys
2009-12-10 23:13 . 2009-12-10 23:13 30784 ----a-w- c:\windows\system32\drivers\hbtcuzbn.sys
2009-12-10 23:03 . 2009-12-10 23:03 30784 ----a-w- c:\windows\system32\drivers\vvooemvr.sys
2009-12-10 22:52 . 2009-12-10 22:52 30784 ----a-w- c:\windows\system32\drivers\uafurbkn.sys
2009-12-10 22:43 . 2009-12-10 22:43 30784 ----a-w- c:\windows\system32\drivers\tosnekpo.sys
2009-12-10 22:32 . 2009-12-10 22:32 30784 ----a-w- c:\windows\system32\drivers\exyqahfq.sys
2009-12-10 22:22 . 2009-12-10 22:22 30784 ----a-w- c:\windows\system32\drivers\cmbvrsjz.sys
2009-12-10 22:11 . 2009-12-10 22:11 30784 ----a-w- c:\windows\system32\drivers\ieswtqck.sys
2009-12-10 22:01 . 2009-12-10 22:01 30784 ----a-w- c:\windows\system32\drivers\ebzsrgjs.sys
2009-12-10 21:46 . 2009-12-10 21:46 30784 ----a-w- c:\windows\system32\drivers\fweaeixj.sys
2009-12-10 21:36 . 2009-12-10 21:36 30784 ----a-w- c:\windows\system32\drivers\caftjuom.sys
2009-12-10 21:26 . 2009-12-10 21:26 30784 ----a-w- c:\windows\system32\drivers\pkjaogju.sys
2009-12-10 21:15 . 2009-12-10 21:15 30784 ----a-w- c:\windows\system32\drivers\fexcvrqv.sys
2009-12-10 21:05 . 2009-12-10 21:05 30784 ----a-w- c:\windows\system32\drivers\qtelpklt.sys
2009-12-10 20:54 . 2009-12-10 20:54 30784 ----a-w- c:\windows\system32\drivers\udukgrgc.sys
2009-12-10 20:44 . 2009-12-10 20:44 30784 ----a-w- c:\windows\system32\drivers\fdpbgddq.sys
2009-12-10 20:34 . 2009-12-10 20:34 30784 ----a-w- c:\windows\system32\drivers\vepbkgwv.sys
2009-12-10 20:23 . 2009-12-10 20:23 30784 ----a-w- c:\windows\system32\drivers\vetcwesl.sys
2009-12-10 20:13 . 2009-12-10 20:13 30784 ----a-w- c:\windows\system32\drivers\fgmrmdek.sys
2009-12-10 20:02 . 2009-12-10 20:02 30784 ----a-w- c:\windows\system32\drivers\makaiysc.sys
2009-12-10 19:52 . 2009-12-10 19:52 30784 ----a-w- c:\windows\system32\drivers\ynjpvpfg.sys
2009-12-10 19:41 . 2009-12-10 19:41 30784 ----a-w- c:\windows\system32\drivers\rcbigtsu.sys
2009-12-10 19:31 . 2009-12-10 19:31 30784 ----a-w- c:\windows\system32\drivers\cqchfdmi.sys
2009-12-10 19:20 . 2009-12-10 19:20 30784 ----a-w- c:\windows\system32\drivers\jcwwjvjn.sys
2009-12-10 19:09 . 2009-12-10 19:09 30784 ----a-w- c:\windows\system32\drivers\wnohoesu.sys
2009-12-10 19:00 . 2009-12-10 19:00 30784 ----a-w- c:\windows\system32\drivers\tgfhindz.sys
2009-12-10 18:48 . 2009-12-10 18:48 30784 ----a-w- c:\windows\system32\drivers\ekozpqcp.sys
2009-12-10 18:37 . 2009-12-10 18:37 30784 ----a-w- c:\windows\system32\drivers\orrdvwij.sys
2009-12-10 18:27 . 2009-12-10 18:27 30784 ----a-w- c:\windows\system32\drivers\ulmhwset.sys
2009-12-10 18:18 . 2009-12-10 18:18 30784 ----a-w- c:\windows\system32\drivers\iyipttoz.sys
2009-12-10 18:08 . 2009-12-10 18:08 30784 ----a-w- c:\windows\system32\drivers\fqbnafzc.sys
2009-12-10 17:57 . 2009-12-10 17:57 30784 ----a-w- c:\windows\system32\drivers\gkvhhbkb.sys
2009-12-10 17:46 . 2009-12-10 17:46 30784 ----a-w- c:\windows\system32\drivers\xamouqgj.sys
2009-12-10 17:36 . 2009-12-10 17:36 30784 ----a-w- c:\windows\system32\drivers\lvqdzehi.sys
2009-12-10 17:26 . 2009-12-10 17:26 30784 ----a-w- c:\windows\system32\drivers\idsskwzw.sys
2009-12-10 17:15 . 2009-12-10 17:15 30784 ----a-w- c:\windows\system32\drivers\cgvkheik.sys
2009-12-10 17:04 . 2009-12-10 17:04 30784 ----a-w- c:\windows\system32\drivers\xckryihy.sys
2009-12-10 16:53 . 2009-12-10 16:53 30784 ----a-w- c:\windows\system32\drivers\tvqfhbjq.sys
2009-12-10 16:42 . 2009-12-10 16:42 30784 ----a-w- c:\windows\system32\drivers\vxrfkrwy.sys
2009-12-10 16:32 . 2009-12-10 16:32 30784 ----a-w- c:\windows\system32\drivers\uvxuttlz.sys
2009-12-10 16:22 . 2009-12-10 16:22 30784 ----a-w- c:\windows\system32\drivers\maujtexb.sys
2009-12-10 16:11 . 2009-12-10 16:11 30784 ----a-w- c:\windows\system32\drivers\ufquuvyw.sys
2009-12-10 15:58 . 2009-12-10 15:58 30784 ----a-w- c:\windows\system32\drivers\itglrrkr.sys
2009-12-10 15:50 . 2009-12-10 15:50 30784 ----a-w- c:\windows\system32\drivers\bkadhjnl.sys
2009-12-10 15:38 . 2009-12-10 15:38 30784 ----a-w- c:\windows\system32\drivers\kmkyzzun.sys
2009-12-10 15:26 . 2009-12-10 15:26 30784 ----a-w- c:\windows\system32\drivers\euplzukg.sys
2009-12-10 15:16 . 2009-12-10 15:16 30784 ----a-w- c:\windows\system32\drivers\bhzsdszv.sys
2009-12-10 15:07 . 2009-12-10 15:07 30784 ----a-w- c:\windows\system32\drivers\ipbuboys.sys
2009-12-10 14:55 . 2009-12-10 14:55 30784 ----a-w- c:\windows\system32\drivers\eedhxyov.sys
2009-12-10 14:44 . 2009-12-10 14:44 30784 ----a-w- c:\windows\system32\drivers\hpyskuhz.sys
2009-12-10 14:34 . 2009-12-10 14:34 30784 ----a-w- c:\windows\system32\drivers\btvznmet.sys
2009-12-10 14:23 . 2009-12-10 14:23 30784 ----a-w- c:\windows\system32\drivers\yowwxnbx.sys
2009-12-10 14:15 . 2009-12-10 14:15 30784 ----a-w- c:\windows\system32\drivers\brgqfnop.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-25 21:19 . 2009-04-30 19:29 -------- d-----w- c:\documents and settings\Erica.ROCKIES31\Application Data\Apple Computer
2009-12-25 01:44 . 2008-10-01 11:33 -------- d--h--w- c:\documents and settings\Administrator\Application Data\LimeWire
2009-12-24 07:17 . 2008-10-01 11:30 -------- d-----w- c:\program files\Java
2009-12-24 07:16 . 2009-12-20 19:50 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-24 07:16 . 2009-12-20 19:50 79488 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-20 20:19 . 2008-09-27 19:53 -------- d--h--w- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-12-20 20:05 . 2008-10-19 14:24 -------- d-----w- c:\program files\Common Files\Apple
2009-12-20 19:52 . 2009-12-20 19:52 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-20 19:51 . 2008-10-06 14:03 -------- d-----w- c:\program files\Safari
2009-12-20 19:49 . 2009-12-20 19:49 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-12-19 06:45 . 2009-12-19 06:45 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-18 20:53 . 2009-06-27 02:54 18312 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-12-18 20:38 . 2008-09-26 19:51 18312 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-18 20:25 . 2008-09-26 18:48 23348 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-13 21:03 . 2009-12-13 21:03 257640 ----a-w- c:\documents and settings\All Users\SPLDC.tmp
2009-12-11 02:38 . 2009-12-10 05:44 96512 ----a-w- c:\windows\system32\drivers\OLD6A.tmp
2009-12-11 02:38 . 2009-12-10 05:44 96512 ----a-w- c:\windows\system32\drivers\OLD66.tmp
2009-12-11 02:38 . 2009-12-10 05:44 96512 ----a-w- c:\windows\system32\drivers\OLD62.tmp
2009-12-11 02:24 . 2009-12-11 02:24 96512 ----a-w- c:\windows\system32\drivers\atapi.sysED61186E
2009-12-11 02:20 . 2009-12-11 02:20 96512 ----a-w- c:\windows\system32\drivers\atapi.sys7968738B
2009-12-11 02:09 . 2009-12-11 02:09 96512 ----a-w- c:\windows\system32\drivers\atapi.sys62940531
2009-12-11 01:59 . 2009-12-11 01:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys555802CF
2009-12-11 01:48 . 2009-12-11 01:48 96512 ----a-w- c:\windows\system32\drivers\atapi.sys1CA7FA9A
2009-12-11 01:38 . 2009-12-11 01:38 96512 ----a-w- c:\windows\system32\drivers\atapi.sys57A9176B
2009-12-11 01:28 . 2009-12-11 01:28 96512 ----a-w- c:\windows\system32\drivers\atapi.sys0FEE6EBB
2009-12-11 01:17 . 2009-12-11 01:17 96512 ----a-w- c:\windows\system32\drivers\atapi.sys48A7F418
2009-12-11 01:07 . 2009-12-11 01:07 96512 ----a-w- c:\windows\system32\drivers\atapi.sys7949AC93
2009-12-11 00:57 . 2009-12-11 00:57 96512 ----a-w- c:\windows\system32\drivers\atapi.sysE2A6CA96
2009-12-11 00:47 . 2009-12-11 00:47 96512 ----a-w- c:\windows\system32\drivers\atapi.sysC4667FFF
2009-12-11 00:36 . 2009-12-11 00:36 96512 ----a-w- c:\windows\system32\drivers\atapi.sysAED42813
2009-12-11 00:26 . 2009-12-11 00:26 96512 ----a-w- c:\windows\system32\drivers\atapi.sys3272F53A
2009-12-11 00:15 . 2009-12-11 00:15 96512 ----a-w- c:\windows\system32\drivers\atapi.sys76E111A5
2009-12-11 00:05 . 2009-12-11 00:05 96512 ----a-w- c:\windows\system32\drivers\atapi.sys24A7F75F
2009-12-10 23:55 . 2009-12-10 23:55 96512 ----a-w- c:\windows\system32\drivers\atapi.sysD89C1844
2009-12-10 23:44 . 2009-12-10 23:44 96512 ----a-w- c:\windows\system32\drivers\atapi.sysCF997D26
2009-12-10 23:34 . 2009-12-10 23:34 96512 ----a-w- c:\windows\system32\drivers\atapi.sys92F2166E
2009-12-10 23:24 . 2009-12-10 23:24 96512 ----a-w- c:\windows\system32\drivers\atapi.sys840CE614
2009-12-10 23:13 . 2009-12-10 23:13 96512 ----a-w- c:\windows\system32\drivers\atapi.sysEF6E6828
2009-12-10 23:03 . 2009-12-10 23:03 96512 ----a-w- c:\windows\system32\drivers\atapi.sys280FB84D
2009-12-10 22:52 . 2009-12-10 22:52 96512 ----a-w- c:\windows\system32\drivers\atapi.sys3CCA9140
2009-12-10 22:43 . 2009-12-10 22:43 96512 ----a-w- c:\windows\system32\drivers\atapi.sys9C189013
2009-12-10 22:32 . 2009-12-10 22:32 96512 ----a-w- c:\windows\system32\drivers\atapi.sysEDC9E411
2009-12-10 22:22 . 2009-12-10 22:22 96512 ----a-w- c:\windows\system32\drivers\atapi.sys9D76384F
2009-12-10 22:11 . 2009-12-10 22:11 96512 ----a-w- c:\windows\system32\drivers\atapi.sysF0187DED
2009-12-10 22:01 . 2009-12-10 22:01 96512 ----a-w- c:\windows\system32\drivers\OLD6A.tmp96DBC135
2009-12-10 22:01 . 2009-12-10 22:01 96512 ----a-w- c:\windows\system32\drivers\OLD66.tmp4D4B0CD3
2009-12-10 22:01 . 2009-12-10 22:01 96512 ----a-w- c:\windows\system32\drivers\OLD62.tmpFC7F3460
2009-12-10 22:01 . 2009-12-10 22:01 96512 ----a-w- c:\windows\system32\drivers\atapi.sys5FC17012
2009-12-10 21:46 . 2009-12-10 21:46 96512 ----a-w- c:\windows\system32\drivers\atapi.sysE8E797D4
2009-12-10 21:36 . 2009-12-10 21:36 96512 ----a-w- c:\windows\system32\drivers\atapi.sysAFE77813
2009-12-10 21:26 . 2009-12-10 21:26 96512 ----a-w- c:\windows\system32\drivers\atapi.sysEAB5E746
2009-12-10 21:15 . 2009-12-10 21:15 96512 ----a-w- c:\windows\system32\drivers\atapi.sys7AC194B4
2009-12-10 21:05 . 2009-12-10 21:05 96512 ----a-w- c:\windows\system32\drivers\atapi.sysB958D4EB
2009-12-10 20:54 . 2009-12-10 20:54 96512 ----a-w- c:\windows\system32\drivers\atapi.sysDD23AEE1
2009-12-10 20:44 . 2009-12-10 20:44 96512 ----a-w- c:\windows\system32\drivers\atapi.sys1A0A2F13
2009-12-10 20:34 . 2009-12-10 20:34 96512 ----a-w- c:\windows\system32\drivers\atapi.sysA7A2125E
2009-12-10 20:23 . 2009-12-10 20:23 96512 ----a-w- c:\windows\system32\drivers\atapi.sys8A4C2388
2009-12-10 20:13 . 2009-12-10 20:13 96512 ----a-w- c:\windows\system32\drivers\atapi.sysFE2B4992
2009-12-10 20:02 . 2009-12-10 20:02 96512 ----a-w- c:\windows\system32\drivers\atapi.sys897B3DB7
2009-12-10 19:52 . 2009-12-10 19:52 96512 ----a-w- c:\windows\system32\drivers\atapi.sys89C0CA56
2009-12-10 19:41 . 2009-12-10 19:41 96512 ----a-w- c:\windows\system32\drivers\atapi.sysD90BEE57
2009-12-10 19:31 . 2009-12-10 19:31 96512 ----a-w- c:\windows\system32\drivers\atapi.sysEB011882
2009-12-10 19:20 . 2009-12-10 19:20 96512 ----a-w- c:\windows\system32\drivers\atapi.sys2E1DB463
2009-12-10 19:09 . 2009-12-10 19:09 96512 ----a-w- c:\windows\system32\drivers\atapi.sysB6028012
2009-12-10 19:00 . 2009-12-10 19:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys39BA71CD
2009-12-10 18:48 . 2009-12-10 18:48 96512 ----a-w- c:\windows\system32\drivers\atapi.sys0388FBDF
2009-12-10 18:37 . 2009-12-10 18:37 96512 ----a-w- c:\windows\system32\drivers\atapi.sys4181D088
2009-12-10 18:27 . 2009-12-10 18:27 96512 ----a-w- c:\windows\system32\drivers\atapi.sys64551CA9
2009-12-10 18:18 . 2009-12-10 18:18 96512 ----a-w- c:\windows\system32\drivers\atapi.sys6333D8DA
2009-12-10 18:08 . 2009-12-10 18:08 96512 ----a-w- c:\windows\system32\drivers\atapi.sys1D485A03
2009-12-10 17:57 . 2009-12-10 17:57 96512 ----a-w- c:\windows\system32\drivers\atapi.sys03B446C9
2009-12-10 17:46 . 2009-12-10 17:46 96512 ----a-w- c:\windows\system32\drivers\atapi.sys2D38C8ED
2009-12-10 17:36 . 2009-12-10 17:36 96512 ----a-w- c:\windows\system32\drivers\atapi.sys2CBB26D9
2009-12-10 17:26 . 2009-12-10 17:26 96512 ----a-w- c:\windows\system32\drivers\atapi.sys285B30EB
2009-12-10 17:15 . 2009-12-10 17:15 96512 ----a-w- c:\windows\system32\drivers\atapi.sys7422064D
2009-12-10 17:04 . 2009-12-10 17:04 96512 ----a-w- c:\windows\system32\drivers\atapi.sys3A4361B2
2009-12-10 16:53 . 2009-12-10 16:53 96512 ----a-w- c:\windows\system32\drivers\atapi.sys1CF226ED
2009-12-10 16:42 . 2009-12-10 16:42 96512 ----a-w- c:\windows\system32\drivers\atapi.sysBCB65B05
2009-12-10 16:32 . 2009-12-10 16:32 96512 ----a-w- c:\windows\system32\drivers\atapi.sys8D0F4757
2009-12-10 16:22 . 2009-12-10 16:22 96512 ----a-w- c:\windows\system32\drivers\atapi.sys9D29101F
2009-12-10 16:11 . 2009-12-10 16:11 96512 ----a-w- c:\windows\system32\drivers\atapi.sys6072D978
2009-12-10 15:58 . 2009-12-10 15:58 96512 ----a-w- c:\windows\system32\drivers\atapi.sysB0CCCB5B
2009-12-10 15:58 . 2009-12-10 15:58 96512 ----a-w- c:\windows\system32\drivers\OLD62.tmpFDAE5014
2009-12-10 15:58 . 2009-12-10 15:58 96512 ----a-w- c:\windows\system32\drivers\OLD66.tmpCF4B6690
2009-12-10 15:58 . 2009-12-10 15:58 96512 ----a-w- c:\windows\system32\drivers\OLD6A.tmp0FE3D46F
2009-12-10 15:50 . 2009-12-10 15:50 96512 ----a-w- c:\windows\system32\drivers\atapi.sys116971F7
2009-12-10 15:38 . 2009-12-10 15:37 96512 ----a-w- c:\windows\system32\drivers\atapi.sys681179E4
2009-12-10 15:26 . 2009-12-10 15:26 96512 ----a-w- c:\windows\system32\drivers\atapi.sys6DBE6E44
2009-12-10 15:16 . 2009-12-10 15:16 96512 ----a-w- c:\windows\system32\drivers\atapi.sys9D1705FD
2009-12-10 15:07 . 2009-12-10 15:07 96512 ----a-w- c:\windows\system32\drivers\atapi.sys1F3EDAA4
2009-12-10 14:55 . 2009-12-10 14:55 96512 ----a-w- c:\windows\system32\drivers\atapi.sysB636F7A7
2009-12-10 14:44 . 2009-12-10 14:44 96512 ----a-w- c:\windows\system32\drivers\atapi.sysADDB5B62
2009-12-10 14:34 . 2009-12-10 14:34 96512 ----a-w- c:\windows\system32\drivers\atapi.sys3E3BC466
2009-12-10 14:23 . 2009-12-10 14:23 96512 ----a-w- c:\windows\system32\drivers\atapi.sysBA0AA43A
2009-12-10 14:15 . 2009-12-10 14:15 96512 ----a-w- c:\windows\system32\drivers\atapi.sys394F43BC
2009-12-10 14:03 . 2009-12-10 14:03 96512 ----a-w- c:\windows\system32\drivers\atapi.sys8311154E
2009-12-10 13:52 . 2009-12-10 13:52 96512 ----a-w- c:\windows\system32\drivers\atapi.sys914DED72
2009-12-10 13:41 . 2009-12-10 13:41 96512 ----a-w- c:\windows\system32\drivers\atapi.sysE4B04F52
2009-12-10 13:30 . 2009-12-10 13:30 96512 ----a-w- c:\windows\system32\drivers\atapi.sysA527750C
2009-12-10 13:22 . 2009-12-10 13:22 96512 ----a-w- c:\windows\system32\drivers\atapi.sysCB7CBEC5
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2007-11-26 1206600]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-14 217193]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Billminder.lnk - c:\quickenw\BILLMIND.EXE [2008-10-12 36864]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]
Quicken Startup.lnk - c:\quickenw\QWDLLS.EXE [2008-10-12 36864]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\lxducoms.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Pnp680;SiI 680 ATA Controller;c:\windows\system32\drivers\pnp680.sys [9/26/2008 12:15 PM 71720]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [4/21/2009 5:27 PM 29808]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [12/18/2009 8:48 PM 1858144]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [6/2/2009 6:41 PM 94208]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [10/12/2008 8:58 PM 34916]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [6/7/2009 8:08 AM 1201640]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [6/11/2009 9:15 PM 598856]
R3 Ma730Pt;MA730 Bluetooth VCOM Driver;c:\windows\system32\drivers\ma730Pt.sys [10/30/2009 10:47 AM 103040]
R3 Ma730Vad;MA730 Bluetooth Audio;c:\windows\system32\drivers\Ma730Vad.sys [10/30/2009 10:47 AM 23376]
S0 tclondrv;tclondrv;c:\windows\system32\DRIVERS\tclondrv.sys --> c:\windows\system32\DRIVERS\tclondrv.sys [?]
S1 atcztukz;atcztukz;\??\c:\windows\system32\drivers\atcztukz.sys --> c:\windows\system32\drivers\atcztukz.sys [?]
S1 dtrtwpsg;dtrtwpsg;\??\c:\windows\system32\drivers\dtrtwpsg.sys --> c:\windows\system32\drivers\dtrtwpsg.sys [?]
S1 emqacqme;emqacqme;\??\c:\windows\system32\drivers\emqacqme.sys --> c:\windows\system32\drivers\emqacqme.sys [?]
S1 gdffxhry;gdffxhry;\??\c:\windows\system32\drivers\gdffxhry.sys --> c:\windows\system32\drivers\gdffxhry.sys [?]
S1 lgralcog;lgralcog;\??\c:\windows\system32\drivers\lgralcog.sys --> c:\windows\system32\drivers\lgralcog.sys [?]
S1 lyqahrfs;lyqahrfs;\??\c:\windows\system32\drivers\lyqahrfs.sys --> c:\windows\system32\drivers\lyqahrfs.sys [?]
S1 meryfnhj;meryfnhj;\??\c:\windows\system32\drivers\meryfnhj.sys --> c:\windows\system32\drivers\meryfnhj.sys [?]
S1 msxxfuxr;msxxfuxr;\??\c:\windows\system32\drivers\msxxfuxr.sys --> c:\windows\system32\drivers\msxxfuxr.sys [?]
S1 qgacgtis;qgacgtis;\??\c:\windows\system32\drivers\qgacgtis.sys --> c:\windows\system32\drivers\qgacgtis.sys [?]
S1 qrtqqjcj;qrtqqjcj;\??\c:\windows\system32\drivers\qrtqqjcj.sys --> c:\windows\system32\drivers\qrtqqjcj.sys [?]
S1 qzrujjao;qzrujjao;\??\c:\windows\system32\drivers\qzrujjao.sys --> c:\windows\system32\drivers\qzrujjao.sys [?]
S1 tfvfvhhf;tfvfvhhf;\??\c:\windows\system32\drivers\tfvfvhhf.sys --> c:\windows\system32\drivers\tfvfvhhf.sys [?]
S1 uepuitgs;uepuitgs;\??\c:\windows\system32\drivers\uepuitgs.sys --> c:\windows\system32\drivers\uepuitgs.sys [?]
S1 vrfitocg;vrfitocg;\??\c:\windows\system32\drivers\vrfitocg.sys --> c:\windows\system32\drivers\vrfitocg.sys [?]
S1 vyusnnxs;vyusnnxs;\??\c:\windows\system32\drivers\vyusnnxs.sys --> c:\windows\system32\drivers\vyusnnxs.sys [?]
S1 vzgsemop;vzgsemop;\??\c:\windows\system32\drivers\vzgsemop.sys --> c:\windows\system32\drivers\vzgsemop.sys [?]
S1 xarflgtf;xarflgtf;\??\c:\windows\system32\drivers\xarflgtf.sys --> c:\windows\system32\drivers\xarflgtf.sys [?]
S1 xvtijtht;xvtijtht;\??\c:\windows\system32\drivers\xvtijtht.sys --> c:\windows\system32\drivers\xvtijtht.sys [?]
S1 yvhgfzsa;yvhgfzsa;\??\c:\windows\system32\drivers\yvhgfzsa.sys --> c:\windows\system32\drivers\yvhgfzsa.sys [?]
S1 yxvqjvuk;yxvqjvuk;\??\c:\windows\system32\drivers\yxvqjvuk.sys --> c:\windows\system32\drivers\yxvqjvuk.sys [?]
S3 Ma730c;MA730 Bluetooth Core Driver;c:\windows\system32\drivers\ma730c.sys [10/30/2009 10:47 AM 156128]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mWindow Title =
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
DPF: Microsoft XML Parser for Java
.
- - - - ORPHANS REMOVED - - - -

SharedTaskScheduler-{3e10d5a5-94d4-4aca-9b8f-922d368479dd} - c:\windows\system32\sayesiya.dll
SSODL-fapusowug-{3e10d5a5-94d4-4aca-9b8f-922d368479dd} - c:\windows\system32\sayesiya.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-26 20:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2952)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxducoms.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\SOUNDMAN.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-12-26 20:22:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-27 04:22

Pre-Run: 104,219,348,992 bytes free
Post-Run: 104,125,022,208 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=5 Default=5 Failed=0 LastKnownGood=4 Sets=1,2,3,4,5
- - End Of File - - 9F93D0466D3D0810BAD45F331B287E1B

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:18 AM

Posted 27 December 2009 - 01:09 AM

I see that you were not running Combofix from the desktop, please delete the copy you have, then download a new copy
and save it to your desktop.


Before you do any of the next step you need to temporarily disable the TeaTimer protection in spybot, as it may
stop the tools we use from doing their job. Please keep it disabled whilst I am helping you then you can enable it again
when your clean.

To disable Teatimer, open Spybot and click on the Mode tab and select Advanced mode.
It will ask you if your sure you want to go into advanced mode, select yes.
Now go to tools and click on the resident tab.
Uncheck the box that says "Resident "TeaTimer" (Protection of over-all system settings) active".
Then close Spybot and reboot your computer.



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\drivers\mrhptoxh.sys
c:\windows\system32\drivers\rstdodak.sys
c:\windows\system32\drivers\lrqttpix.sys
c:\windows\system32\drivers\bvvkrfjx.sys
c:\windows\system32\drivers\ughrbngr.sys
c:\windows\system32\drivers\qfybbsxz.sys
c:\windows\system32\drivers\kjwtyfpw.sys
c:\windows\system32\drivers\vwolzrkj.sys
c:\windows\system32\drivers\rtdggxgx.sys
c:\windows\system32\drivers\dpafkobq.sys
c:\windows\system32\drivers\loilujhn.sys
c:\windows\system32\drivers\djcbukfi.sys
c:\windows\system32\drivers\vcnmqvmj.sys
c:\windows\system32\drivers\gqraaygd.sys
c:\windows\system32\drivers\gyvesrrh.sys
c:\windows\system32\drivers\bypkezxm.sys
c:\windows\system32\drivers\ftrhezfl.sys
c:\windows\system32\drivers\nzrefysz.sys
c:\windows\system32\drivers\pjpifdut.sys
c:\windows\system32\drivers\hbtcuzbn.sys
c:\windows\system32\drivers\vvooemvr.sys
c:\windows\system32\drivers\uafurbkn.sys
c:\windows\system32\drivers\tosnekpo.sys
c:\windows\system32\drivers\exyqahfq.sys
c:\windows\system32\drivers\cmbvrsjz.sys
c:\windows\system32\drivers\ieswtqck.sys
c:\windows\system32\drivers\ebzsrgjs.sys
c:\windows\system32\drivers\fweaeixj.sys
c:\windows\system32\drivers\caftjuom.sys
c:\windows\system32\drivers\pkjaogju.sys
c:\windows\system32\drivers\fexcvrqv.sys
c:\windows\system32\drivers\qtelpklt.sys
c:\windows\system32\drivers\udukgrgc.sys
c:\windows\system32\drivers\fdpbgddq.sys
c:\windows\system32\drivers\vepbkgwv.sys
c:\windows\system32\drivers\vetcwesl.sys
c:\windows\system32\drivers\fgmrmdek.sys
c:\windows\system32\drivers\makaiysc.sys
c:\windows\system32\drivers\ynjpvpfg.sys
c:\windows\system32\drivers\rcbigtsu.sys
c:\windows\system32\drivers\cqchfdmi.sys
c:\windows\system32\drivers\jcwwjvjn.sys
c:\windows\system32\drivers\wnohoesu.sys
c:\windows\system32\drivers\tgfhindz.sys
c:\windows\system32\drivers\ekozpqcp.sys
c:\windows\system32\drivers\orrdvwij.sys
c:\windows\system32\drivers\ulmhwset.sys
c:\windows\system32\drivers\iyipttoz.sys
c:\windows\system32\drivers\fqbnafzc.sys
c:\windows\system32\drivers\gkvhhbkb.sys
c:\windows\system32\drivers\xamouqgj.sys
c:\windows\system32\drivers\lvqdzehi.sys
c:\windows\system32\drivers\idsskwzw.sys
c:\windows\system32\drivers\cgvkheik.sys
c:\windows\system32\drivers\xckryihy.sys
c:\windows\system32\drivers\tvqfhbjq.sys
c:\windows\system32\drivers\vxrfkrwy.sys
c:\windows\system32\drivers\uvxuttlz.sys
c:\windows\system32\drivers\maujtexb.sys
c:\windows\system32\drivers\ufquuvyw.sys
c:\windows\system32\drivers\itglrrkr.sys
c:\windows\system32\drivers\bkadhjnl.sys
c:\windows\system32\drivers\kmkyzzun.sys
c:\windows\system32\drivers\euplzukg.sys
c:\windows\system32\drivers\bhzsdszv.sys
c:\windows\system32\drivers\ipbuboys.sys
c:\windows\system32\drivers\eedhxyov.sys
c:\windows\system32\drivers\hpyskuhz.sys
c:\windows\system32\drivers\btvznmet.sys
c:\windows\system32\drivers\yowwxnbx.sys
c:\windows\system32\drivers\brgqfnop.sys
c:\documents and settings\All Users\SPLDC.tmp
c:\windows\system32\drivers\OLD6A.tmp
c:\windows\system32\drivers\OLD66.tmp
c:\windows\system32\drivers\OLD62.tmp
c:\windows\system32\drivers\atapi.sysED61186E
c:\windows\system32\drivers\atapi.sys7968738B
c:\windows\system32\drivers\atapi.sys62940531
c:\windows\system32\drivers\atapi.sys555802CF
c:\windows\system32\drivers\atapi.sys1CA7FA9A
c:\windows\system32\drivers\atapi.sys57A9176B
c:\windows\system32\drivers\atapi.sys0FEE6EBB
c:\windows\system32\drivers\atapi.sys48A7F418
c:\windows\system32\drivers\atapi.sys7949AC93
c:\windows\system32\drivers\atapi.sysE2A6CA96
c:\windows\system32\drivers\atapi.sysC4667FFF
c:\windows\system32\drivers\atapi.sysAED42813
c:\windows\system32\drivers\atapi.sys3272F53A
c:\windows\system32\drivers\atapi.sys76E111A5
c:\windows\system32\drivers\atapi.sys24A7F75F
c:\windows\system32\drivers\atapi.sysD89C1844
c:\windows\system32\drivers\atapi.sysCF997D26
c:\windows\system32\drivers\atapi.sys92F2166E
c:\windows\system32\drivers\atapi.sys840CE614
c:\windows\system32\drivers\atapi.sysEF6E6828
c:\windows\system32\drivers\atapi.sys280FB84D
c:\windows\system32\drivers\atapi.sys3CCA9140
c:\windows\system32\drivers\atapi.sys9C189013
c:\windows\system32\drivers\atapi.sysEDC9E411
c:\windows\system32\drivers\atapi.sys9D76384F
c:\windows\system32\drivers\atapi.sysF0187DED
c:\windows\system32\drivers\OLD6A.tmp96DBC135
c:\windows\system32\drivers\OLD66.tmp4D4B0CD3
c:\windows\system32\drivers\OLD62.tmpFC7F3460
c:\windows\system32\drivers\atapi.sys5FC17012
c:\windows\system32\drivers\atapi.sysE8E797D4
c:\windows\system32\drivers\atapi.sysAFE77813
c:\windows\system32\drivers\atapi.sysEAB5E746
c:\windows\system32\drivers\atapi.sys7AC194B4
c:\windows\system32\drivers\atapi.sysB958D4EB
c:\windows\system32\drivers\atapi.sysDD23AEE1
c:\windows\system32\drivers\atapi.sys1A0A2F13
c:\windows\system32\drivers\atapi.sysA7A2125E
c:\windows\system32\drivers\atapi.sys8A4C2388
c:\windows\system32\drivers\atapi.sysFE2B4992
c:\windows\system32\drivers\atapi.sys897B3DB7
c:\windows\system32\drivers\atapi.sys89C0CA56
c:\windows\system32\drivers\atapi.sysD90BEE57
c:\windows\system32\drivers\atapi.sysEB011882
c:\windows\system32\drivers\atapi.sys2E1DB463
c:\windows\system32\drivers\atapi.sysB6028012
c:\windows\system32\drivers\atapi.sys39BA71CD
c:\windows\system32\drivers\atapi.sys0388FBDF
c:\windows\system32\drivers\atapi.sys4181D088
c:\windows\system32\drivers\atapi.sys64551CA9
c:\windows\system32\drivers\atapi.sys6333D8DA
c:\windows\system32\drivers\atapi.sys1D485A03
c:\windows\system32\drivers\atapi.sys03B446C9
c:\windows\system32\drivers\atapi.sys2D38C8ED
c:\windows\system32\drivers\atapi.sys2CBB26D9
c:\windows\system32\drivers\atapi.sys285B30EB
c:\windows\system32\drivers\atapi.sys7422064D
c:\windows\system32\drivers\atapi.sys3A4361B2
c:\windows\system32\drivers\atapi.sys1CF226ED
c:\windows\system32\drivers\atapi.sysBCB65B05
c:\windows\system32\drivers\atapi.sys8D0F4757
c:\windows\system32\drivers\atapi.sys9D29101F
c:\windows\system32\drivers\atapi.sys6072D978
c:\windows\system32\drivers\atapi.sysB0CCCB5B
c:\windows\system32\drivers\OLD62.tmpFDAE5014
c:\windows\system32\drivers\OLD66.tmpCF4B6690
c:\windows\system32\drivers\OLD6A.tmp0FE3D46F
c:\windows\system32\drivers\atapi.sys116971F7
c:\windows\system32\drivers\atapi.sys681179E4
c:\windows\system32\drivers\atapi.sys6DBE6E44
c:\windows\system32\drivers\atapi.sys9D1705FD
c:\windows\system32\drivers\atapi.sys1F3EDAA4
c:\windows\system32\drivers\atapi.sysB636F7A7
c:\windows\system32\drivers\atapi.sysADDB5B62
c:\windows\system32\drivers\atapi.sys3E3BC466
c:\windows\system32\drivers\atapi.sysBA0AA43A
c:\windows\system32\drivers\atapi.sys394F43BC
c:\windows\system32\drivers\atapi.sys8311154E
c:\windows\system32\drivers\atapi.sys914DED72
c:\windows\system32\drivers\atapi.sysE4B04F52
c:\windows\system32\drivers\atapi.sysA527750C
 c:\windows\system32\drivers\atapi.sysCB7CBEC5
Driver::
tclondrv
atcztukz
dtrtwpsg
emqacqme
gdffxhry
lgralcog
lyqahrfs
meryfnhj
msxxfuxr
qgacgtis
qrtqqjcj
qzrujjao
 tfvfvhhf
uepuitgs
vrfitocg
vyusnnxs
vzgsemop
xarflgtf
xvtijtht
yvhgfzsa
yxvqjvuk

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

unite.jpg


#11 MarkP31

MarkP31
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 27 December 2009 - 02:33 AM

ComboFix 09-12-26.02 - Administrator 12/26/2009 23:22:11.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1507 [GMT -8:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Webroot AntiVirus with Spy Sweeper *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
.

((((((((((((((((((((((((( Files Created from 2009-11-27 to 2009-12-27 )))))))))))))))))))))))))))))))
.

2009-12-20 20:05 . 2009-12-20 20:05 -------- d-----w- c:\program files\iPod
2009-12-20 20:05 . 2009-12-20 20:19 -------- d-----w- c:\program files\iTunes
2009-12-20 20:05 . 2009-12-20 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-20 20:00 . 2009-12-20 20:01 -------- d-----w- c:\program files\QuickTime
2009-12-20 19:52 . 2009-12-20 19:52 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-20 19:50 . 2009-12-24 07:16 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-20 19:50 . 2009-12-24 07:16 79488 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-20 19:49 . 2009-12-20 19:49 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-12-19 19:48 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-19 19:47 . 2009-10-21 05:38 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2009-12-19 19:47 . 2009-10-21 05:38 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2009-12-19 19:47 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
2009-12-19 18:06 . 2004-08-04 12:00 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip
2009-12-19 18:06 . 2004-08-04 12:00 22060 -c----w- c:\windows\system32\dllcache\npds.zip
2009-12-19 18:06 . 2009-07-31 18:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-12-19 18:06 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-12-19 18:05 . 2008-04-14 00:12 123392 ------w- c:\windows\system32\mplay32.exe
2009-12-19 18:05 . 2008-04-14 00:12 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2009-12-19 17:17 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-19 17:16 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-12-19 17:16 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-12-19 17:16 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-12-19 17:16 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-12-19 17:16 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-19 17:16 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-12-19 17:16 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-19 17:16 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-12-19 17:15 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-12-19 17:15 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-19 17:14 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-19 17:14 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-12-19 17:14 . 2008-08-14 10:04 138496 -c----w- c:\windows\system32\dllcache\afd.sys
2009-12-19 17:12 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-12-19 17:12 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-19 17:12 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-19 17:12 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-19 17:12 . 2009-08-04 14:20 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-19 17:11 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-12-19 06:45 . 2009-12-19 06:45 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-19 06:44 . 2009-12-19 06:45 -------- d-----w- c:\program files\zztoy
2009-12-19 04:04 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-19 03:23 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-12-18 20:32 . 2006-02-28 12:00 4677 -c--a-w- c:\windows\system32\dllcache\zeeverm.dll
2009-12-18 20:32 . 2006-02-28 12:00 41029 -c--a-w- c:\windows\system32\dllcache\zcorem.dll
2009-12-18 20:32 . 2006-02-28 12:00 36937 -c--a-w- c:\windows\system32\dllcache\zclientm.exe
2009-12-18 20:32 . 2006-02-28 12:00 29760 -c--a-w- c:\windows\system32\dllcache\znetm.dll
2009-12-18 20:32 . 2006-02-28 12:00 13894 -c--a-w- c:\windows\system32\dllcache\zonelibm.dll
2009-12-18 20:32 . 2006-02-28 12:00 113222 -c--a-w- c:\windows\system32\dllcache\zoneclim.dll
2009-12-18 20:30 . 2006-02-28 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2009-12-18 20:29 . 2006-02-28 12:00 20480 -c--a-w- c:\windows\system32\dllcache\counters.dll
2009-12-18 20:26 . 2006-02-28 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-12-18 20:19 . 2001-08-17 20:13 27165 ----a-w- c:\windows\system32\drivers\fetnd5.sys
2009-12-18 20:17 . 2004-08-04 06:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2009-12-18 20:17 . 2008-04-13 18:40 96512 ------w- c:\windows\system32\drivers\atapi.sys
2009-12-18 20:09 . 2006-02-28 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-12-18 20:09 . 2006-02-28 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-12-18 20:09 . 2006-02-28 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-12-18 20:09 . 2006-02-28 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-12-12 06:35 . 2009-12-12 06:35 -------- d-s---w- c:\windows\system32\config\systemprofile\UserData
2009-12-11 02:24 . 2009-12-11 02:24 30784 ----a-w- c:\windows\system32\drivers\mrhptoxh.sys
2009-12-11 02:20 . 2009-12-11 02:20 30784 ----a-w- c:\windows\system32\drivers\rstdodak.sys
2009-12-11 02:09 . 2009-12-11 02:09 30784 ----a-w- c:\windows\system32\drivers\lrqttpix.sys
2009-12-11 01:59 . 2009-12-11 01:59 30784 ----a-w- c:\windows\system32\drivers\bvvkrfjx.sys
2009-12-11 01:48 . 2009-12-11 01:48 30784 ----a-w- c:\windows\system32\drivers\ughrbngr.sys
2009-12-11 01:38 . 2009-12-11 01:38 30784 ----a-w- c:\windows\system32\drivers\qfybbsxz.sys
2009-12-11 01:28 . 2009-12-11 01:28 30784 ----a-w- c:\windows\system32\drivers\kjwtyfpw.sys
2009-12-11 01:17 . 2009-12-11 01:17 30784 ----a-w- c:\windows\system32\drivers\vwolzrkj.sys
2009-12-11 01:07 . 2009-12-11 01:07 30784 ----a-w- c:\windows\system32\drivers\rtdggxgx.sys
2009-12-11 00:57 . 2009-12-11 00:57 30784 ----a-w- c:\windows\system32\drivers\dpafkobq.sys
2009-12-11 00:47 . 2009-12-11 00:47 30784 ----a-w- c:\windows\system32\drivers\loilujhn.sys
2009-12-11 00:36 . 2009-12-11 00:36 30784 ----a-w- c:\windows\system32\drivers\djcbukfi.sys
2009-12-11 00:26 . 2009-12-11 00:26 30784 ----a-w- c:\windows\system32\drivers\vcnmqvmj.sys
2009-12-11 00:15 . 2009-12-11 00:15 30784 ----a-w- c:\windows\system32\drivers\gqraaygd.sys
2009-12-11 00:05 . 2009-12-11 00:05 30784 ----a-w- c:\windows\system32\drivers\gyvesrrh.sys
2009-12-10 23:55 . 2009-12-10 23:55 30784 ----a-w- c:\windows\system32\drivers\bypkezxm.sys
2009-12-10 23:44 . 2009-12-10 23:44 30784 ----a-w- c:\windows\system32\drivers\ftrhezfl.sys
2009-12-10 23:34 . 2009-12-10 23:34 30784 ----a-w- c:\windows\system32\drivers\nzrefysz.sys
2009-12-10 23:24 . 2009-12-10 23:24 30784 ----a-w- c:\windows\system32\drivers\pjpifdut.sys
2009-12-10 23:13 . 2009-12-10 23:13 30784 ----a-w- c:\windows\system32\drivers\hbtcuzbn.sys
2009-12-10 23:03 . 2009-12-10 23:03 30784 ----a-w- c:\windows\system32\drivers\vvooemvr.sys
2009-12-10 22:52 . 2009-12-10 22:52 30784 ----a-w- c:\windows\system32\drivers\uafurbkn.sys
2009-12-10 22:43 . 2009-12-10 22:43 30784 ----a-w- c:\windows\system32\drivers\tosnekpo.sys
2009-12-10 22:32 . 2009-12-10 22:32 30784 ----a-w- c:\windows\system32\drivers\exyqahfq.sys
2009-12-10 22:22 . 2009-12-10 22:22 30784 ----a-w- c:\windows\system32\drivers\cmbvrsjz.sys
2009-12-10 22:11 . 2009-12-10 22:11 30784 ----a-w- c:\windows\system32\drivers\ieswtqck.sys
2009-12-10 22:01 . 2009-12-10 22:01 30784 ----a-w- c:\windows\system32\drivers\ebzsrgjs.sys
2009-12-10 21:46 . 2009-12-10 21:46 30784 ----a-w- c:\windows\system32\drivers\fweaeixj.sys
2009-12-10 21:36 . 2009-12-10 21:36 30784 ----a-w- c:\windows\system32\drivers\caftjuom.sys
2009-12-10 21:26 . 2009-12-10 21:26 30784 ----a-w- c:\windows\system32\drivers\pkjaogju.sys
2009-12-10 21:15 . 2009-12-10 21:15 30784 ----a-w- c:\windows\system32\drivers\fexcvrqv.sys
2009-12-10 21:05 . 2009-12-10 21:05 30784 ----a-w- c:\windows\system32\drivers\qtelpklt.sys
2009-12-10 20:54 . 2009-12-10 20:54 30784 ----a-w- c:\windows\system32\drivers\udukgrgc.sys
2009-12-10 20:44 . 2009-12-10 20:44 30784 ----a-w- c:\windows\system32\drivers\fdpbgddq.sys
2009-12-10 20:34 . 2009-12-10 20:34 30784 ----a-w- c:\windows\system32\drivers\vepbkgwv.sys
2009-12-10 20:23 . 2009-12-10 20:23 30784 ----a-w- c:\windows\system32\drivers\vetcwesl.sys
2009-12-10 20:13 . 2009-12-10 20:13 30784 ----a-w- c:\windows\system32\drivers\fgmrmdek.sys
2009-12-10 20:02 . 2009-12-10 20:02 30784 ----a-w- c:\windows\system32\drivers\makaiysc.sys
2009-12-10 19:52 . 2009-12-10 19:52 30784 ----a-w- c:\windows\system32\drivers\ynjpvpfg.sys
2009-12-10 19:41 . 2009-12-10 19:41 30784 ----a-w- c:\windows\system32\drivers\rcbigtsu.sys
2009-12-10 19:31 . 2009-12-10 19:31 30784 ----a-w- c:\windows\system32\drivers\cqchfdmi.sys
2009-12-10 19:20 . 2009-12-10 19:20 30784 ----a-w- c:\windows\system32\drivers\jcwwjvjn.sys
2009-12-10 19:09 . 2009-12-10 19:09 30784 ----a-w- c:\windows\system32\drivers\wnohoesu.sys
2009-12-10 19:00 . 2009-12-10 19:00 30784 ----a-w- c:\windows\system32\drivers\tgfhindz.sys
2009-12-10 18:48 . 2009-12-10 18:48 30784 ----a-w- c:\windows\system32\drivers\ekozpqcp.sys
2009-12-10 18:37 . 2009-12-10 18:37 30784 ----a-w- c:\windows\system32\drivers\orrdvwij.sys
2009-12-10 18:27 . 2009-12-10 18:27 30784 ----a-w- c:\windows\system32\drivers\ulmhwset.sys
2009-12-10 18:18 . 2009-12-10 18:18 30784 ----a-w- c:\windows\system32\drivers\iyipttoz.sys
2009-12-10 18:08 . 2009-12-10 18:08 30784 ----a-w- c:\windows\system32\drivers\fqbnafzc.sys
2009-12-10 17:57 . 2009-12-10 17:57 30784 ----a-w- c:\windows\system32\drivers\gkvhhbkb.sys
2009-12-10 17:46 . 2009-12-10 17:46 30784 ----a-w- c:\windows\system32\drivers\xamouqgj.sys
2009-12-10 17:36 . 2009-12-10 17:36 30784 ----a-w- c:\windows\system32\drivers\lvqdzehi.sys
2009-12-10 17:26 . 2009-12-10 17:26 30784 ----a-w- c:\windows\system32\drivers\idsskwzw.sys
2009-12-10 17:15 . 2009-12-10 17:15 30784 ----a-w- c:\windows\system32\drivers\cgvkheik.sys
2009-12-10 17:04 . 2009-12-10 17:04 30784 ----a-w- c:\windows\system32\drivers\xckryihy.sys
2009-12-10 16:53 . 2009-12-10 16:53 30784 ----a-w- c:\windows\system32\drivers\tvqfhbjq.sys
2009-12-10 16:42 . 2009-12-10 16:42 30784 ----a-w- c:\windows\system32\drivers\vxrfkrwy.sys
2009-12-10 16:32 . 2009-12-10 16:32 30784 ----a-w- c:\windows\system32\drivers\uvxuttlz.sys
2009-12-10 16:22 . 2009-12-10 16:22 30784 ----a-w- c:\windows\system32\drivers\maujtexb.sys
2009-12-10 16:11 . 2009-12-10 16:11 30784 ----a-w- c:\windows\system32\drivers\ufquuvyw.sys
2009-12-10 15:58 . 2009-12-10 15:58 30784 ----a-w- c:\windows\system32\drivers\itglrrkr.sys
2009-12-10 15:50 . 2009-12-10 15:50 30784 ----a-w- c:\windows\system32\drivers\bkadhjnl.sys
2009-12-10 15:38 . 2009-12-10 15:38 30784 ----a-w- c:\windows\system32\drivers\kmkyzzun.sys
2009-12-10 15:26 . 2009-12-10 15:26 30784 ----a-w- c:\windows\system32\drivers\euplzukg.sys
2009-12-10 15:16 . 2009-12-10 15:16 30784 ----a-w- c:\windows\system32\drivers\bhzsdszv.sys
2009-12-10 15:07 . 2009-12-10 15:07 30784 ----a-w- c:\windows\system32\drivers\ipbuboys.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-25 21:19 . 2009-04-30 19:29 -------- d-----w- c:\documents and settings\Erica.ROCKIES31\Application Data\Apple Computer
2009-12-25 01:44 . 2008-10-01 11:33 -------- d--h--w- c:\documents and settings\Administrator\Application Data\LimeWire
2009-12-24 07:17 . 2008-10-01 11:30 -------- d-----w- c:\program files\Java
2009-12-20 20:19 . 2008-09-27 19:53 -------- d--h--w- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-12-20 20:05 . 2008-10-19 14:24 -------- d-----w- c:\program files\Common Files\Apple
2009-12-20 19:51 . 2008-10-06 14:03 -------- d-----w- c:\program files\Safari
2009-12-18 20:53 . 2009-06-27 02:54 18312 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-12-18 20:38 . 2008-09-26 19:51 18312 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-18 20:25 . 2008-09-26 18:48 23348 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-13 21:03 . 2009-12-13 21:03 257640 ----a-w- c:\documents and settings\All Users\SPLDC.tmp
2009-12-11 02:38 . 2009-12-10 05:44 96512 ----a-w- c:\windows\system32\drivers\OLD6A.tmp
2009-12-11 02:38 . 2009-12-10 05:44 96512 ----a-w- c:\windows\system32\drivers\OLD66.tmp
2009-12-11 02:38 . 2009-12-10 05:44 96512 ----a-w- c:\windows\system32\drivers\OLD62.tmp
2009-12-11 02:24 . 2009-12-11 02:24 96512 ----a-w- c:\windows\system32\drivers\atapi.sysED61186E
2009-12-11 02:20 . 2009-12-11 02:20 96512 ----a-w- c:\windows\system32\drivers\atapi.sys7968738B
2009-12-11 02:09 . 2009-12-11 02:09 96512 ----a-w- c:\windows\system32\drivers\atapi.sys62940531
2009-12-11 01:59 . 2009-12-11 01:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys555802CF
2009-12-11 01:48 . 2009-12-11 01:48 96512 ----a-w- c:\windows\system32\drivers\atapi.sys1CA7FA9A
2009-12-11 01:38 . 2009-12-11 01:38 96512 ----a-w- c:\windows\system32\drivers\atapi.sys57A9176B
2009-12-11 01:28 . 2009-12-11 01:28 96512 ----a-w- c:\windows\system32\drivers\atapi.sys0FEE6EBB
2009-12-11 01:17 . 2009-12-11 01:17 96512 ----a-w- c:\windows\system32\drivers\atapi.sys48A7F418
2009-12-11 01:07 . 2009-12-11 01:07 96512 ----a-w- c:\windows\system32\drivers\atapi.sys7949AC93
2009-12-11 00:57 . 2009-12-11 00:57 96512 ----a-w- c:\windows\system32\drivers\atapi.sysE2A6CA96
2009-12-11 00:47 . 2009-12-11 00:47 96512 ----a-w- c:\windows\system32\drivers\atapi.sysC4667FFF
2009-12-11 00:36 . 2009-12-11 00:36 96512 ----a-w- c:\windows\system32\drivers\atapi.sysAED42813
2009-12-11 00:26 . 2009-12-11 00:26 96512 ----a-w- c:\windows\system32\drivers\atapi.sys3272F53A
2009-12-11 00:15 . 2009-12-11 00:15 96512 ----a-w- c:\windows\system32\drivers\atapi.sys76E111A5
2009-12-11 00:05 . 2009-12-11 00:05 96512 ----a-w- c:\windows\system32\drivers\atapi.sys24A7F75F
2009-12-10 23:55 . 2009-12-10 23:55 96512 ----a-w- c:\windows\system32\drivers\atapi.sysD89C1844
2009-12-10 23:44 . 2009-12-10 23:44 96512 ----a-w- c:\windows\system32\drivers\atapi.sysCF997D26
2009-12-10 23:34 . 2009-12-10 23:34 96512 ----a-w- c:\windows\system32\drivers\atapi.sys92F2166E
2009-12-10 23:24 . 2009-12-10 23:24 96512 ----a-w- c:\windows\system32\drivers\atapi.sys840CE614
2009-12-10 23:13 . 2009-12-10 23:13 96512 ----a-w- c:\windows\system32\drivers\atapi.sysEF6E6828
2009-12-10 23:03 . 2009-12-10 23:03 96512 ----a-w- c:\windows\system32\drivers\atapi.sys280FB84D
2009-12-10 22:52 . 2009-12-10 22:52 96512 ----a-w- c:\windows\system32\drivers\atapi.sys3CCA9140
2009-12-10 22:43 . 2009-12-10 22:43 96512 ----a-w- c:\windows\system32\drivers\atapi.sys9C189013
2009-12-10 22:32 . 2009-12-10 22:32 96512 ----a-w- c:\windows\system32\drivers\atapi.sysEDC9E411
2009-12-10 22:22 . 2009-12-10 22:22 96512 ----a-w- c:\windows\system32\drivers\atapi.sys9D76384F
2009-12-10 22:11 . 2009-12-10 22:11 96512 ----a-w- c:\windows\system32\drivers\atapi.sysF0187DED
2009-12-10 22:01 . 2009-12-10 22:01 96512 ----a-w- c:\windows\system32\drivers\OLD6A.tmp96DBC135
2009-12-10 22:01 . 2009-12-10 22:01 96512 ----a-w- c:\windows\system32\drivers\OLD66.tmp4D4B0CD3
2009-12-10 22:01 . 2009-12-10 22:01 96512 ----a-w- c:\windows\system32\drivers\OLD62.tmpFC7F3460
2009-12-10 22:01 . 2009-12-10 22:01 96512 ----a-w- c:\windows\system32\drivers\atapi.sys5FC17012
2009-12-10 21:46 . 2009-12-10 21:46 96512 ----a-w- c:\windows\system32\drivers\atapi.sysE8E797D4
2009-12-10 21:36 . 2009-12-10 21:36 96512 ----a-w- c:\windows\system32\drivers\atapi.sysAFE77813
2009-12-10 21:26 . 2009-12-10 21:26 96512 ----a-w- c:\windows\system32\drivers\atapi.sysEAB5E746
2009-12-10 21:15 . 2009-12-10 21:15 96512 ----a-w- c:\windows\system32\drivers\atapi.sys7AC194B4
2009-12-10 21:05 . 2009-12-10 21:05 96512 ----a-w- c:\windows\system32\drivers\atapi.sysB958D4EB
2009-12-10 20:54 . 2009-12-10 20:54 96512 ----a-w- c:\windows\system32\drivers\atapi.sysDD23AEE1
2009-12-10 20:44 . 2009-12-10 20:44 96512 ----a-w- c:\windows\system32\drivers\atapi.sys1A0A2F13
2009-12-10 20:34 . 2009-12-10 20:34 96512 ----a-w- c:\windows\system32\drivers\atapi.sysA7A2125E
2009-12-10 20:23 . 2009-12-10 20:23 96512 ----a-w- c:\windows\system32\drivers\atapi.sys8A4C2388
2009-12-10 20:13 . 2009-12-10 20:13 96512 ----a-w- c:\windows\system32\drivers\atapi.sysFE2B4992
2009-12-10 20:02 . 2009-12-10 20:02 96512 ----a-w- c:\windows\system32\drivers\atapi.sys897B3DB7
2009-12-10 19:52 . 2009-12-10 19:52 96512 ----a-w- c:\windows\system32\drivers\atapi.sys89C0CA56
2009-12-10 19:41 . 2009-12-10 19:41 96512 ----a-w- c:\windows\system32\drivers\atapi.sysD90BEE57
2009-12-10 19:31 . 2009-12-10 19:31 96512 ----a-w- c:\windows\system32\drivers\atapi.sysEB011882
2009-12-10 19:20 . 2009-12-10 19:20 96512 ----a-w- c:\windows\system32\drivers\atapi.sys2E1DB463
2009-12-10 19:09 . 2009-12-10 19:09 96512 ----a-w- c:\windows\system32\drivers\atapi.sysB6028012
2009-12-10 19:00 . 2009-12-10 19:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys39BA71CD
2009-12-10 18:48 . 2009-12-10 18:48 96512 ----a-w- c:\windows\system32\drivers\atapi.sys0388FBDF
2009-12-10 18:37 . 2009-12-10 18:37 96512 ----a-w- c:\windows\system32\drivers\atapi.sys4181D088
2009-12-10 18:27 . 2009-12-10 18:27 96512 ----a-w- c:\windows\system32\drivers\atapi.sys64551CA9
2009-12-10 18:18 . 2009-12-10 18:18 96512 ----a-w- c:\windows\system32\drivers\atapi.sys6333D8DA
2009-12-10 18:08 . 2009-12-10 18:08 96512 ----a-w- c:\windows\system32\drivers\atapi.sys1D485A03
2009-12-10 17:57 . 2009-12-10 17:57 96512 ----a-w- c:\windows\system32\drivers\atapi.sys03B446C9
2009-12-10 17:46 . 2009-12-10 17:46 96512 ----a-w- c:\windows\system32\drivers\atapi.sys2D38C8ED
2009-12-10 17:36 . 2009-12-10 17:36 96512 ----a-w- c:\windows\system32\drivers\atapi.sys2CBB26D9
2009-12-10 17:26 . 2009-12-10 17:26 96512 ----a-w- c:\windows\system32\drivers\atapi.sys285B30EB
2009-12-10 17:15 . 2009-12-10 17:15 96512 ----a-w- c:\windows\system32\drivers\atapi.sys7422064D
2009-12-10 17:04 . 2009-12-10 17:04 96512 ----a-w- c:\windows\system32\drivers\atapi.sys3A4361B2
2009-12-10 16:53 . 2009-12-10 16:53 96512 ----a-w- c:\windows\system32\drivers\atapi.sys1CF226ED
2009-12-10 16:42 . 2009-12-10 16:42 96512 ----a-w- c:\windows\system32\drivers\atapi.sysBCB65B05
2009-12-10 16:32 . 2009-12-10 16:32 96512 ----a-w- c:\windows\system32\drivers\atapi.sys8D0F4757
2009-12-10 16:22 . 2009-12-10 16:22 96512 ----a-w- c:\windows\system32\drivers\atapi.sys9D29101F
2009-12-10 16:11 . 2009-12-10 16:11 96512 ----a-w- c:\windows\system32\drivers\atapi.sys6072D978
2009-12-10 15:58 . 2009-12-10 15:58 96512 ----a-w- c:\windows\system32\drivers\atapi.sysB0CCCB5B
2009-12-10 15:58 . 2009-12-10 15:58 96512 ----a-w- c:\windows\system32\drivers\OLD62.tmpFDAE5014
2009-12-10 15:58 . 2009-12-10 15:58 96512 ----a-w- c:\windows\system32\drivers\OLD66.tmpCF4B6690
2009-12-10 15:58 . 2009-12-10 15:58 96512 ----a-w- c:\windows\system32\drivers\OLD6A.tmp0FE3D46F
2009-12-10 15:50 . 2009-12-10 15:50 96512 ----a-w- c:\windows\system32\drivers\atapi.sys116971F7
2009-12-10 15:38 . 2009-12-10 15:37 96512 ----a-w- c:\windows\system32\drivers\atapi.sys681179E4
2009-12-10 15:26 . 2009-12-10 15:26 96512 ----a-w- c:\windows\system32\drivers\atapi.sys6DBE6E44
2009-12-10 15:16 . 2009-12-10 15:16 96512 ----a-w- c:\windows\system32\drivers\atapi.sys9D1705FD
2009-12-10 15:07 . 2009-12-10 15:07 96512 ----a-w- c:\windows\system32\drivers\atapi.sys1F3EDAA4
2009-12-10 14:55 . 2009-12-10 14:55 96512 ----a-w- c:\windows\system32\drivers\atapi.sysB636F7A7
2009-12-10 14:44 . 2009-12-10 14:44 96512 ----a-w- c:\windows\system32\drivers\atapi.sysADDB5B62
2009-12-10 14:34 . 2009-12-10 14:34 96512 ----a-w- c:\windows\system32\drivers\atapi.sys3E3BC466
2009-12-10 14:23 . 2009-12-10 14:23 96512 ----a-w- c:\windows\system32\drivers\atapi.sysBA0AA43A
2009-12-10 14:15 . 2009-12-10 14:15 96512 ----a-w- c:\windows\system32\drivers\atapi.sys394F43BC
2009-12-10 14:03 . 2009-12-10 14:03 96512 ----a-w- c:\windows\system32\drivers\atapi.sys8311154E
2009-12-10 13:52 . 2009-12-10 13:52 96512 ----a-w- c:\windows\system32\drivers\atapi.sys914DED72
2009-12-10 13:41 . 2009-12-10 13:41 96512 ----a-w- c:\windows\system32\drivers\atapi.sysE4B04F52
2009-12-10 13:30 . 2009-12-10 13:30 96512 ----a-w- c:\windows\system32\drivers\atapi.sysA527750C
2009-12-10 13:22 . 2009-12-10 13:22 96512 ----a-w- c:\windows\system32\drivers\atapi.sysCB7CBEC5
2009-12-10 13:09 . 2009-12-10 13:09 96512 ----a-w- c:\windows\system32\drivers\atapi.sysB3168F5E
2009-12-10 12:58 . 2009-12-10 12:58 96512 ----a-w- c:\windows\system32\drivers\atapi.sys15F69F6A
2009-12-10 12:47 . 2009-12-10 12:47 96512 ----a-w- c:\windows\system32\drivers\atapi.sys29509752
2009-12-10 12:37 . 2009-12-10 12:37 96512 ----a-w- c:\windows\system32\drivers\atapi.sys0609F256
2009-12-10 12:26 . 2009-12-10 12:26 96512 ----a-w- c:\windows\system32\drivers\atapi.sys7406860C
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2007-11-26 1206600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-14 217193]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Billminder.lnk - c:\quickenw\BILLMIND.EXE [2008-10-12 36864]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]
Quicken Startup.lnk - c:\quickenw\QWDLLS.EXE [2008-10-12 36864]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\lxducoms.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Pnp680;SiI 680 ATA Controller;c:\windows\system32\drivers\pnp680.sys [9/26/2008 12:15 PM 71720]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [4/21/2009 5:27 PM 29808]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [12/18/2009 8:48 PM 1858144]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [6/2/2009 6:41 PM 94208]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [10/12/2008 8:58 PM 34916]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [6/7/2009 8:08 AM 1201640]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [6/11/2009 9:15 PM 598856]
R3 Ma730Pt;MA730 Bluetooth VCOM Driver;c:\windows\system32\drivers\ma730Pt.sys [10/30/2009 10:47 AM 103040]
R3 Ma730Vad;MA730 Bluetooth Audio;c:\windows\system32\drivers\Ma730Vad.sys [10/30/2009 10:47 AM 23376]
S0 tclondrv;tclondrv;c:\windows\system32\DRIVERS\tclondrv.sys --> c:\windows\system32\DRIVERS\tclondrv.sys [?]
S1 atcztukz;atcztukz;\??\c:\windows\system32\drivers\atcztukz.sys --> c:\windows\system32\drivers\atcztukz.sys [?]
S1 dtrtwpsg;dtrtwpsg;\??\c:\windows\system32\drivers\dtrtwpsg.sys --> c:\windows\system32\drivers\dtrtwpsg.sys [?]
S1 emqacqme;emqacqme;\??\c:\windows\system32\drivers\emqacqme.sys --> c:\windows\system32\drivers\emqacqme.sys [?]
S1 gdffxhry;gdffxhry;\??\c:\windows\system32\drivers\gdffxhry.sys --> c:\windows\system32\drivers\gdffxhry.sys [?]
S1 lgralcog;lgralcog;\??\c:\windows\system32\drivers\lgralcog.sys --> c:\windows\system32\drivers\lgralcog.sys [?]
S1 lyqahrfs;lyqahrfs;\??\c:\windows\system32\drivers\lyqahrfs.sys --> c:\windows\system32\drivers\lyqahrfs.sys [?]
S1 meryfnhj;meryfnhj;\??\c:\windows\system32\drivers\meryfnhj.sys --> c:\windows\system32\drivers\meryfnhj.sys [?]
S1 msxxfuxr;msxxfuxr;\??\c:\windows\system32\drivers\msxxfuxr.sys --> c:\windows\system32\drivers\msxxfuxr.sys [?]
S1 qgacgtis;qgacgtis;\??\c:\windows\system32\drivers\qgacgtis.sys --> c:\windows\system32\drivers\qgacgtis.sys [?]
S1 qrtqqjcj;qrtqqjcj;\??\c:\windows\system32\drivers\qrtqqjcj.sys --> c:\windows\system32\drivers\qrtqqjcj.sys [?]
S1 qzrujjao;qzrujjao;\??\c:\windows\system32\drivers\qzrujjao.sys --> c:\windows\system32\drivers\qzrujjao.sys [?]
S1 tfvfvhhf;tfvfvhhf;\??\c:\windows\system32\drivers\tfvfvhhf.sys --> c:\windows\system32\drivers\tfvfvhhf.sys [?]
S1 uepuitgs;uepuitgs;\??\c:\windows\system32\drivers\uepuitgs.sys --> c:\windows\system32\drivers\uepuitgs.sys [?]
S1 vrfitocg;vrfitocg;\??\c:\windows\system32\drivers\vrfitocg.sys --> c:\windows\system32\drivers\vrfitocg.sys [?]
S1 vyusnnxs;vyusnnxs;\??\c:\windows\system32\drivers\vyusnnxs.sys --> c:\windows\system32\drivers\vyusnnxs.sys [?]
S1 vzgsemop;vzgsemop;\??\c:\windows\system32\drivers\vzgsemop.sys --> c:\windows\system32\drivers\vzgsemop.sys [?]
S1 xarflgtf;xarflgtf;\??\c:\windows\system32\drivers\xarflgtf.sys --> c:\windows\system32\drivers\xarflgtf.sys [?]
S1 xvtijtht;xvtijtht;\??\c:\windows\system32\drivers\xvtijtht.sys --> c:\windows\system32\drivers\xvtijtht.sys [?]
S1 yvhgfzsa;yvhgfzsa;\??\c:\windows\system32\drivers\yvhgfzsa.sys --> c:\windows\system32\drivers\yvhgfzsa.sys [?]
S1 yxvqjvuk;yxvqjvuk;\??\c:\windows\system32\drivers\yxvqjvuk.sys --> c:\windows\system32\drivers\yxvqjvuk.sys [?]
S3 Ma730c;MA730 Bluetooth Core Driver;c:\windows\system32\drivers\ma730c.sys [10/30/2009 10:47 AM 156128]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mWindow Title =
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
DPF: Microsoft XML Parser for Java
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-26 23:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3560)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-12-26 23:30:49
ComboFix-quarantined-files.txt 2009-12-27 07:30
ComboFix2.txt 2009-12-27 04:22

Pre-Run: 106,343,809,024 bytes free
Post-Run: 106,308,661,248 bytes free

- - End Of File - - 036F952358ED45A841C1C98AD538EF29

#12 MarkP31

MarkP31
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 27 December 2009 - 03:09 AM

ComboFix 09-12-26.02 - Administrator 12/26/2009 23:51:14.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1428 [GMT -8:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Webroot AntiVirus with Spy Sweeper *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}

FILE ::
"c:\documents and settings\All Users\SPLDC.tmp"
"c:\windows\system32\drivers\atapi.sys0388FBDF"
"c:\windows\system32\drivers\atapi.sys03B446C9"
"c:\windows\system32\drivers\atapi.sys0FEE6EBB"
"c:\windows\system32\drivers\atapi.sys116971F7"
"c:\windows\system32\drivers\atapi.sys1A0A2F13"
"c:\windows\system32\drivers\atapi.sys1CA7FA9A"
"c:\windows\system32\drivers\atapi.sys1CF226ED"
"c:\windows\system32\drivers\atapi.sys1D485A03"
"c:\windows\system32\drivers\atapi.sys1F3EDAA4"
"c:\windows\system32\drivers\atapi.sys24A7F75F"
"c:\windows\system32\drivers\atapi.sys280FB84D"
"c:\windows\system32\drivers\atapi.sys285B30EB"
"c:\windows\system32\drivers\atapi.sys2CBB26D9"
"c:\windows\system32\drivers\atapi.sys2D38C8ED"
"c:\windows\system32\drivers\atapi.sys2E1DB463"
"c:\windows\system32\drivers\atapi.sys3272F53A"
"c:\windows\system32\drivers\atapi.sys394F43BC"
"c:\windows\system32\drivers\atapi.sys39BA71CD"
"c:\windows\system32\drivers\atapi.sys3A4361B2"
"c:\windows\system32\drivers\atapi.sys3CCA9140"
"c:\windows\system32\drivers\atapi.sys3E3BC466"
"c:\windows\system32\drivers\atapi.sys4181D088"
"c:\windows\system32\drivers\atapi.sys48A7F418"
"c:\windows\system32\drivers\atapi.sys555802CF"
"c:\windows\system32\drivers\atapi.sys57A9176B"
"c:\windows\system32\drivers\atapi.sys5FC17012"
"c:\windows\system32\drivers\atapi.sys6072D978"
"c:\windows\system32\drivers\atapi.sys62940531"
"c:\windows\system32\drivers\atapi.sys6333D8DA"
"c:\windows\system32\drivers\atapi.sys64551CA9"
"c:\windows\system32\drivers\atapi.sys681179E4"
"c:\windows\system32\drivers\atapi.sys6DBE6E44"
"c:\windows\system32\drivers\atapi.sys7422064D"
"c:\windows\system32\drivers\atapi.sys76E111A5"
"c:\windows\system32\drivers\atapi.sys7949AC93"
"c:\windows\system32\drivers\atapi.sys7968738B"
"c:\windows\system32\drivers\atapi.sys7AC194B4"
"c:\windows\system32\drivers\atapi.sys8311154E"
"c:\windows\system32\drivers\atapi.sys840CE614"
"c:\windows\system32\drivers\atapi.sys897B3DB7"
"c:\windows\system32\drivers\atapi.sys89C0CA56"
"c:\windows\system32\drivers\atapi.sys8A4C2388"
"c:\windows\system32\drivers\atapi.sys8D0F4757"
"c:\windows\system32\drivers\atapi.sys914DED72"
"c:\windows\system32\drivers\atapi.sys92F2166E"
"c:\windows\system32\drivers\atapi.sys9C189013"
"c:\windows\system32\drivers\atapi.sys9D1705FD"
"c:\windows\system32\drivers\atapi.sys9D29101F"
"c:\windows\system32\drivers\atapi.sys9D76384F"
"c:\windows\system32\drivers\atapi.sysA527750C"
"c:\windows\system32\drivers\atapi.sysA7A2125E"
"c:\windows\system32\drivers\atapi.sysADDB5B62"
"c:\windows\system32\drivers\atapi.sysAED42813"
"c:\windows\system32\drivers\atapi.sysAFE77813"
"c:\windows\system32\drivers\atapi.sysB0CCCB5B"
"c:\windows\system32\drivers\atapi.sysB6028012"
"c:\windows\system32\drivers\atapi.sysB636F7A7"
"c:\windows\system32\drivers\atapi.sysB958D4EB"
"c:\windows\system32\drivers\atapi.sysBA0AA43A"
"c:\windows\system32\drivers\atapi.sysBCB65B05"
"c:\windows\system32\drivers\atapi.sysC4667FFF"
"c:\windows\system32\drivers\atapi.sysCB7CBEC5"
"c:\windows\system32\drivers\atapi.sysCF997D26"
"c:\windows\system32\drivers\atapi.sysD89C1844"
"c:\windows\system32\drivers\atapi.sysD90BEE57"
"c:\windows\system32\drivers\atapi.sysDD23AEE1"
"c:\windows\system32\drivers\atapi.sysE2A6CA96"
"c:\windows\system32\drivers\atapi.sysE4B04F52"
"c:\windows\system32\drivers\atapi.sysE8E797D4"
"c:\windows\system32\drivers\atapi.sysEAB5E746"
"c:\windows\system32\drivers\atapi.sysEB011882"
"c:\windows\system32\drivers\atapi.sysED61186E"
"c:\windows\system32\drivers\atapi.sysEDC9E411"
"c:\windows\system32\drivers\atapi.sysEF6E6828"
"c:\windows\system32\drivers\atapi.sysF0187DED"
"c:\windows\system32\drivers\atapi.sysFE2B4992"
"c:\windows\system32\drivers\bhzsdszv.sys"
"c:\windows\system32\drivers\bkadhjnl.sys"
"c:\windows\system32\drivers\brgqfnop.sys"
"c:\windows\system32\drivers\btvznmet.sys"
"c:\windows\system32\drivers\bvvkrfjx.sys"
"c:\windows\system32\drivers\bypkezxm.sys"
"c:\windows\system32\drivers\caftjuom.sys"
"c:\windows\system32\drivers\cgvkheik.sys"
"c:\windows\system32\drivers\cmbvrsjz.sys"
"c:\windows\system32\drivers\cqchfdmi.sys"
"c:\windows\system32\drivers\djcbukfi.sys"
"c:\windows\system32\drivers\dpafkobq.sys"
"c:\windows\system32\drivers\ebzsrgjs.sys"
"c:\windows\system32\drivers\eedhxyov.sys"
"c:\windows\system32\drivers\ekozpqcp.sys"
"c:\windows\system32\drivers\euplzukg.sys"
"c:\windows\system32\drivers\exyqahfq.sys"
"c:\windows\system32\drivers\fdpbgddq.sys"
"c:\windows\system32\drivers\fexcvrqv.sys"
"c:\windows\system32\drivers\fgmrmdek.sys"
"c:\windows\system32\drivers\fqbnafzc.sys"
"c:\windows\system32\drivers\ftrhezfl.sys"
"c:\windows\system32\drivers\fweaeixj.sys"
"c:\windows\system32\drivers\gkvhhbkb.sys"
"c:\windows\system32\drivers\gqraaygd.sys"
"c:\windows\system32\drivers\gyvesrrh.sys"
"c:\windows\system32\drivers\hbtcuzbn.sys"
"c:\windows\system32\drivers\hpyskuhz.sys"
"c:\windows\system32\drivers\idsskwzw.sys"
"c:\windows\system32\drivers\ieswtqck.sys"
"c:\windows\system32\drivers\ipbuboys.sys"
"c:\windows\system32\drivers\itglrrkr.sys"
"c:\windows\system32\drivers\iyipttoz.sys"
"c:\windows\system32\drivers\jcwwjvjn.sys"
"c:\windows\system32\drivers\kjwtyfpw.sys"
"c:\windows\system32\drivers\kmkyzzun.sys"
"c:\windows\system32\drivers\loilujhn.sys"
"c:\windows\system32\drivers\lrqttpix.sys"
"c:\windows\system32\drivers\lvqdzehi.sys"
"c:\windows\system32\drivers\makaiysc.sys"
"c:\windows\system32\drivers\maujtexb.sys"
"c:\windows\system32\drivers\mrhptoxh.sys"
"c:\windows\system32\drivers\nzrefysz.sys"
"c:\windows\system32\drivers\OLD62.tmp"
"c:\windows\system32\drivers\OLD62.tmpFC7F3460"
"c:\windows\system32\drivers\OLD62.tmpFDAE5014"
"c:\windows\system32\drivers\OLD66.tmp"
"c:\windows\system32\drivers\OLD66.tmp4D4B0CD3"
"c:\windows\system32\drivers\OLD66.tmpCF4B6690"
"c:\windows\system32\drivers\OLD6A.tmp"
"c:\windows\system32\drivers\OLD6A.tmp0FE3D46F"
"c:\windows\system32\drivers\OLD6A.tmp96DBC135"
"c:\windows\system32\drivers\orrdvwij.sys"
"c:\windows\system32\drivers\pjpifdut.sys"
"c:\windows\system32\drivers\pkjaogju.sys"
"c:\windows\system32\drivers\qfybbsxz.sys"
"c:\windows\system32\drivers\qtelpklt.sys"
"c:\windows\system32\drivers\rcbigtsu.sys"
"c:\windows\system32\drivers\rstdodak.sys"
"c:\windows\system32\drivers\rtdggxgx.sys"
"c:\windows\system32\drivers\tgfhindz.sys"
"c:\windows\system32\drivers\tosnekpo.sys"
"c:\windows\system32\drivers\tvqfhbjq.sys"
"c:\windows\system32\drivers\uafurbkn.sys"
"c:\windows\system32\drivers\udukgrgc.sys"
"c:\windows\system32\drivers\ufquuvyw.sys"
"c:\windows\system32\drivers\ughrbngr.sys"
"c:\windows\system32\drivers\ulmhwset.sys"
"c:\windows\system32\drivers\uvxuttlz.sys"
"c:\windows\system32\drivers\vcnmqvmj.sys"
"c:\windows\system32\drivers\vepbkgwv.sys"
"c:\windows\system32\drivers\vetcwesl.sys"
"c:\windows\system32\drivers\vvooemvr.sys"
"c:\windows\system32\drivers\vwolzrkj.sys"
"c:\windows\system32\drivers\vxrfkrwy.sys"
"c:\windows\system32\drivers\wnohoesu.sys"
"c:\windows\system32\drivers\xamouqgj.sys"
"c:\windows\system32\drivers\xckryihy.sys"
"c:\windows\system32\drivers\ynjpvpfg.sys"
"c:\windows\system32\drivers\yowwxnbx.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\SPLDC.tmp
c:\windows\system32\drivers\atapi.sys0388FBDF
c:\windows\system32\drivers\atapi.sys03B446C9
c:\windows\system32\drivers\atapi.sys0FEE6EBB
c:\windows\system32\drivers\atapi.sys116971F7
c:\windows\system32\drivers\atapi.sys1A0A2F13
c:\windows\system32\drivers\atapi.sys1CA7FA9A
c:\windows\system32\drivers\atapi.sys1CF226ED
c:\windows\system32\drivers\atapi.sys1D485A03
c:\windows\system32\drivers\atapi.sys1F3EDAA4
c:\windows\system32\drivers\atapi.sys24A7F75F
c:\windows\system32\drivers\atapi.sys280FB84D
c:\windows\system32\drivers\atapi.sys285B30EB
c:\windows\system32\drivers\atapi.sys2CBB26D9
c:\windows\system32\drivers\atapi.sys2D38C8ED
c:\windows\system32\drivers\atapi.sys2E1DB463
c:\windows\system32\drivers\atapi.sys3272F53A
c:\windows\system32\drivers\atapi.sys394F43BC
c:\windows\system32\drivers\atapi.sys39BA71CD
c:\windows\system32\drivers\atapi.sys3A4361B2
c:\windows\system32\drivers\atapi.sys3CCA9140
c:\windows\system32\drivers\atapi.sys3E3BC466
c:\windows\system32\drivers\atapi.sys4181D088
c:\windows\system32\drivers\atapi.sys48A7F418
c:\windows\system32\drivers\atapi.sys555802CF
c:\windows\system32\drivers\atapi.sys57A9176B
c:\windows\system32\drivers\atapi.sys5FC17012
c:\windows\system32\drivers\atapi.sys6072D978
c:\windows\system32\drivers\atapi.sys62940531
c:\windows\system32\drivers\atapi.sys6333D8DA
c:\windows\system32\drivers\atapi.sys64551CA9
c:\windows\system32\drivers\atapi.sys681179E4
c:\windows\system32\drivers\atapi.sys6DBE6E44
c:\windows\system32\drivers\atapi.sys7422064D
c:\windows\system32\drivers\atapi.sys76E111A5
c:\windows\system32\drivers\atapi.sys7949AC93
c:\windows\system32\drivers\atapi.sys7968738B
c:\windows\system32\drivers\atapi.sys7AC194B4
c:\windows\system32\drivers\atapi.sys8311154E
c:\windows\system32\drivers\atapi.sys840CE614
c:\windows\system32\drivers\atapi.sys897B3DB7
c:\windows\system32\drivers\atapi.sys89C0CA56
c:\windows\system32\drivers\atapi.sys8A4C2388
c:\windows\system32\drivers\atapi.sys8D0F4757
c:\windows\system32\drivers\atapi.sys914DED72
c:\windows\system32\drivers\atapi.sys92F2166E
c:\windows\system32\drivers\atapi.sys9C189013
c:\windows\system32\drivers\atapi.sys9D1705FD
c:\windows\system32\drivers\atapi.sys9D29101F
c:\windows\system32\drivers\atapi.sys9D76384F
c:\windows\system32\drivers\atapi.sysA527750C
c:\windows\system32\drivers\atapi.sysA7A2125E
c:\windows\system32\drivers\atapi.sysADDB5B62
c:\windows\system32\drivers\atapi.sysAED42813
c:\windows\system32\drivers\atapi.sysAFE77813
c:\windows\system32\drivers\atapi.sysB0CCCB5B
c:\windows\system32\drivers\atapi.sysB6028012
c:\windows\system32\drivers\atapi.sysB636F7A7
c:\windows\system32\drivers\atapi.sysB958D4EB
c:\windows\system32\drivers\atapi.sysBA0AA43A
c:\windows\system32\drivers\atapi.sysBCB65B05
c:\windows\system32\drivers\atapi.sysC4667FFF
c:\windows\system32\drivers\atapi.sysCB7CBEC5
c:\windows\system32\drivers\atapi.sysCF997D26
c:\windows\system32\drivers\atapi.sysD89C1844
c:\windows\system32\drivers\atapi.sysD90BEE57
c:\windows\system32\drivers\atapi.sysDD23AEE1
c:\windows\system32\drivers\atapi.sysE2A6CA96
c:\windows\system32\drivers\atapi.sysE4B04F52
c:\windows\system32\drivers\atapi.sysE8E797D4
c:\windows\system32\drivers\atapi.sysEAB5E746
c:\windows\system32\drivers\atapi.sysEB011882
c:\windows\system32\drivers\atapi.sysED61186E
c:\windows\system32\drivers\atapi.sysEDC9E411
c:\windows\system32\drivers\atapi.sysEF6E6828
c:\windows\system32\drivers\atapi.sysF0187DED
c:\windows\system32\drivers\atapi.sysFE2B4992
c:\windows\system32\drivers\bhzsdszv.sys
c:\windows\system32\drivers\bkadhjnl.sys
c:\windows\system32\drivers\brgqfnop.sys
c:\windows\system32\drivers\btvznmet.sys
c:\windows\system32\drivers\bvvkrfjx.sys
c:\windows\system32\drivers\bypkezxm.sys
c:\windows\system32\drivers\caftjuom.sys
c:\windows\system32\drivers\cgvkheik.sys
c:\windows\system32\drivers\cmbvrsjz.sys
c:\windows\system32\drivers\cqchfdmi.sys
c:\windows\system32\drivers\djcbukfi.sys
c:\windows\system32\drivers\dpafkobq.sys
c:\windows\system32\drivers\ebzsrgjs.sys
c:\windows\system32\drivers\eedhxyov.sys
c:\windows\system32\drivers\ekozpqcp.sys
c:\windows\system32\drivers\euplzukg.sys
c:\windows\system32\drivers\exyqahfq.sys
c:\windows\system32\drivers\fdpbgddq.sys
c:\windows\system32\drivers\fexcvrqv.sys
c:\windows\system32\drivers\fgmrmdek.sys
c:\windows\system32\drivers\fqbnafzc.sys
c:\windows\system32\drivers\ftrhezfl.sys
c:\windows\system32\drivers\fweaeixj.sys
c:\windows\system32\drivers\gkvhhbkb.sys
c:\windows\system32\drivers\gqraaygd.sys
c:\windows\system32\drivers\gyvesrrh.sys
c:\windows\system32\drivers\hbtcuzbn.sys
c:\windows\system32\drivers\hpyskuhz.sys
c:\windows\system32\drivers\idsskwzw.sys
c:\windows\system32\drivers\ieswtqck.sys
c:\windows\system32\drivers\ipbuboys.sys
c:\windows\system32\drivers\itglrrkr.sys
c:\windows\system32\drivers\iyipttoz.sys
c:\windows\system32\drivers\jcwwjvjn.sys
c:\windows\system32\drivers\kjwtyfpw.sys
c:\windows\system32\drivers\kmkyzzun.sys
c:\windows\system32\drivers\loilujhn.sys
c:\windows\system32\drivers\lrqttpix.sys
c:\windows\system32\drivers\lvqdzehi.sys
c:\windows\system32\drivers\makaiysc.sys
c:\windows\system32\drivers\maujtexb.sys
c:\windows\system32\drivers\mrhptoxh.sys
c:\windows\system32\drivers\nzrefysz.sys
c:\windows\system32\drivers\OLD62.tmp
c:\windows\system32\drivers\OLD62.tmpFC7F3460
c:\windows\system32\drivers\OLD62.tmpFDAE5014
c:\windows\system32\drivers\OLD66.tmp
c:\windows\system32\drivers\OLD66.tmp4D4B0CD3
c:\windows\system32\drivers\OLD66.tmpCF4B6690
c:\windows\system32\drivers\OLD6A.tmp
c:\windows\system32\drivers\OLD6A.tmp0FE3D46F
c:\windows\system32\drivers\OLD6A.tmp96DBC135
c:\windows\system32\drivers\orrdvwij.sys
c:\windows\system32\drivers\pjpifdut.sys
c:\windows\system32\drivers\pkjaogju.sys
c:\windows\system32\drivers\qfybbsxz.sys
c:\windows\system32\drivers\qtelpklt.sys
c:\windows\system32\drivers\rcbigtsu.sys
c:\windows\system32\drivers\rstdodak.sys
c:\windows\system32\drivers\rtdggxgx.sys
c:\windows\system32\drivers\tgfhindz.sys
c:\windows\system32\drivers\tosnekpo.sys
c:\windows\system32\drivers\tvqfhbjq.sys
c:\windows\system32\drivers\uafurbkn.sys
c:\windows\system32\drivers\udukgrgc.sys
c:\windows\system32\drivers\ufquuvyw.sys
c:\windows\system32\drivers\ughrbngr.sys
c:\windows\system32\drivers\ulmhwset.sys
c:\windows\system32\drivers\uvxuttlz.sys
c:\windows\system32\drivers\vcnmqvmj.sys
c:\windows\system32\drivers\vepbkgwv.sys
c:\windows\system32\drivers\vetcwesl.sys
c:\windows\system32\drivers\vvooemvr.sys
c:\windows\system32\drivers\vwolzrkj.sys
c:\windows\system32\drivers\vxrfkrwy.sys
c:\windows\system32\drivers\wnohoesu.sys
c:\windows\system32\drivers\xamouqgj.sys
c:\windows\system32\drivers\xckryihy.sys
c:\windows\system32\drivers\ynjpvpfg.sys
c:\windows\system32\drivers\yowwxnbx.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_atcztukz
-------\Service_dtrtwpsg
-------\Service_emqacqme
-------\Service_gdffxhry
-------\Service_lgralcog
-------\Service_lyqahrfs
-------\Service_meryfnhj
-------\Service_msxxfuxr
-------\Service_qgacgtis
-------\Service_qrtqqjcj
-------\Service_qzrujjao
-------\Service_tclondrv
-------\Service_tfvfvhhf
-------\Service_uepuitgs
-------\Service_vrfitocg
-------\Service_vyusnnxs
-------\Service_vzgsemop
-------\Service_xarflgtf
-------\Service_xvtijtht
-------\Service_yvhgfzsa
-------\Service_yxvqjvuk


((((((((((((((((((((((((( Files Created from 2009-11-27 to 2009-12-27 )))))))))))))))))))))))))))))))
.

2009-12-20 20:05 . 2009-12-20 20:05 -------- d-----w- c:\program files\iPod
2009-12-20 20:05 . 2009-12-20 20:19 -------- d-----w- c:\program files\iTunes
2009-12-20 20:05 . 2009-12-20 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-20 20:00 . 2009-12-20 20:01 -------- d-----w- c:\program files\QuickTime
2009-12-19 19:48 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-19 19:47 . 2009-10-21 05:38 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2009-12-19 19:47 . 2009-10-21 05:38 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2009-12-19 19:47 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
2009-12-19 18:06 . 2004-08-04 12:00 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip
2009-12-19 18:06 . 2004-08-04 12:00 22060 -c----w- c:\windows\system32\dllcache\npds.zip
2009-12-19 18:06 . 2009-07-31 18:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-12-19 18:06 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-12-19 18:05 . 2008-04-14 00:12 123392 ------w- c:\windows\system32\mplay32.exe
2009-12-19 18:05 . 2008-04-14 00:12 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2009-12-19 17:17 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-19 17:16 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-12-19 17:16 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-12-19 17:16 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-12-19 17:16 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-12-19 17:16 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-19 17:16 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-12-19 17:16 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-19 17:16 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-12-19 17:15 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-12-19 17:15 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-19 17:14 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-19 17:14 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-12-19 17:14 . 2008-08-14 10:04 138496 -c----w- c:\windows\system32\dllcache\afd.sys
2009-12-19 17:12 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-12-19 17:12 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-19 17:12 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-19 17:12 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-19 17:12 . 2009-08-04 14:20 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-19 17:11 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-12-19 06:44 . 2009-12-19 06:45 -------- d-----w- c:\program files\zztoy
2009-12-19 04:04 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-19 03:23 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-12-18 20:32 . 2006-02-28 12:00 4677 -c--a-w- c:\windows\system32\dllcache\zeeverm.dll
2009-12-18 20:32 . 2006-02-28 12:00 41029 -c--a-w- c:\windows\system32\dllcache\zcorem.dll
2009-12-18 20:32 . 2006-02-28 12:00 36937 -c--a-w- c:\windows\system32\dllcache\zclientm.exe
2009-12-18 20:32 . 2006-02-28 12:00 29760 -c--a-w- c:\windows\system32\dllcache\znetm.dll
2009-12-18 20:32 . 2006-02-28 12:00 13894 -c--a-w- c:\windows\system32\dllcache\zonelibm.dll
2009-12-18 20:32 . 2006-02-28 12:00 113222 -c--a-w- c:\windows\system32\dllcache\zoneclim.dll
2009-12-18 20:30 . 2006-02-28 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2009-12-18 20:29 . 2006-02-28 12:00 20480 -c--a-w- c:\windows\system32\dllcache\counters.dll
2009-12-18 20:26 . 2006-02-28 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-12-18 20:19 . 2001-08-17 20:13 27165 ----a-w- c:\windows\system32\drivers\fetnd5.sys
2009-12-18 20:17 . 2004-08-04 06:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2009-12-18 20:17 . 2008-04-13 18:40 96512 ------w- c:\windows\system32\drivers\atapi.sys
2009-12-18 20:09 . 2006-02-28 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-12-18 20:09 . 2006-02-28 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-12-18 20:09 . 2006-02-28 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-12-18 20:09 . 2006-02-28 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-12-12 06:35 . 2009-12-12 06:35 -------- d-s---w- c:\windows\system32\config\systemprofile\UserData
2009-12-10 14:03 . 2009-12-10 14:03 30784 ----a-w- c:\windows\system32\drivers\nybdvmqu.sys
2009-12-10 13:52 . 2009-12-10 13:52 30784 ----a-w- c:\windows\system32\drivers\mfowiiat.sys
2009-12-10 13:41 . 2009-12-10 13:41 30784 ----a-w- c:\windows\system32\drivers\efnhvklw.sys
2009-12-10 13:30 . 2009-12-10 13:30 30784 ----a-w- c:\windows\system32\drivers\ugvoceug.sys
2009-12-10 13:22 . 2009-12-10 13:22 30784 ----a-w- c:\windows\system32\drivers\gqagihzb.sys
2009-12-10 13:09 . 2009-12-10 13:09 30784 ----a-w- c:\windows\system32\drivers\sscqvren.sys
2009-12-10 12:58 . 2009-12-10 12:58 30784 ----a-w- c:\windows\system32\drivers\kfsyytzj.sys
2009-12-10 12:47 . 2009-12-10 12:47 30784 ----a-w- c:\windows\system32\drivers\hmeovhgn.sys
2009-12-10 12:37 . 2009-12-10 12:37 30784 ----a-w- c:\windows\system32\drivers\jmogstay.sys
2009-12-10 12:26 . 2009-12-10 12:26 30784 ----a-w- c:\windows\system32\drivers\jhiswqre.sys
2009-12-10 12:15 . 2009-12-10 12:15 30784 ----a-w- c:\windows\system32\drivers\lfvbmggg.sys
2009-12-10 12:05 . 2009-12-10 12:05 30784 ----a-w- c:\windows\system32\drivers\egwjpgel.sys
2009-12-10 11:54 . 2009-12-10 11:54 30784 ----a-w- c:\windows\system32\drivers\uuxioldf.sys
2009-12-10 11:44 . 2009-12-10 11:44 30784 ----a-w- c:\windows\system32\drivers\uylcippk.sys
2009-12-10 11:33 . 2009-12-10 11:33 30784 ----a-w- c:\windows\system32\drivers\yniyalxu.sys
2009-12-10 11:22 . 2009-12-10 11:22 30784 ----a-w- c:\windows\system32\drivers\vqpoqalt.sys
2009-12-10 11:12 . 2009-12-10 11:12 30784 ----a-w- c:\windows\system32\drivers\jatttnxl.sys
2009-12-10 11:01 . 2009-12-10 11:01 30784 ----a-w- c:\windows\system32\drivers\fjfsenjp.sys
2009-12-10 10:50 . 2009-12-10 10:50 30784 ----a-w- c:\windows\system32\drivers\nwqsnwrn.sys
2009-12-10 10:40 . 2009-12-10 10:40 30784 ----a-w- c:\windows\system32\drivers\eqfmiqdm.sys
2009-12-10 10:29 . 2009-12-10 10:29 30784 ----a-w- c:\windows\system32\drivers\zywqrsbl.sys
2009-12-10 10:21 . 2009-12-10 10:21 30784 ----a-w- c:\windows\system32\drivers\xckxipvz.sys
2009-12-10 10:08 . 2009-12-10 10:08 30784 ----a-w- c:\windows\system32\drivers\rqhzghnj.sys
2009-12-10 09:56 . 2009-12-10 09:56 30784 ----a-w- c:\windows\system32\drivers\saxgqqtt.sys
2009-12-10 09:45 . 2009-12-10 09:45 30784 ----a-w- c:\windows\system32\drivers\nlzrfvsf.sys
2009-12-10 09:34 . 2009-12-10 09:34 30784 ----a-w- c:\windows\system32\drivers\rufxzoni.sys
2009-12-10 09:23 . 2009-12-10 09:23 30784 ----a-w- c:\windows\system32\drivers\jmerskpc.sys
2009-12-10 09:12 . 2009-12-10 09:12 30784 ----a-w- c:\windows\system32\drivers\lvnfftsa.sys
2009-12-10 09:01 . 2009-12-10 09:01 30784 ----a-w- c:\windows\system32\drivers\bjpkacpl.sys
2009-12-10 08:50 . 2009-12-10 08:50 30784 ----a-w- c:\windows\system32\drivers\jyjmgmfp.sys
2009-12-10 08:40 . 2009-12-10 08:40 30784 ----a-w- c:\windows\system32\drivers\holtxlwm.sys
2009-12-10 08:29 . 2009-12-10 08:29 30784 ----a-w- c:\windows\system32\drivers\iauagpyd.sys
2009-12-10 08:20 . 2009-12-10 08:20 30784 ----a-w- c:\windows\system32\drivers\tjcwbdza.sys
2009-12-10 08:09 . 2009-12-10 08:09 30784 ----a-w- c:\windows\system32\drivers\zkibwsss.sys
2009-12-10 08:02 . 2009-12-10 08:02 30784 ----a-w- c:\windows\system32\drivers\qavtoymo.sys
2009-12-10 07:49 . 2009-12-10 07:49 30784 ----a-w- c:\windows\system32\drivers\jrwqruuc.sys
2009-12-10 07:38 . 2009-12-10 07:38 30784 ----a-w- c:\windows\system32\drivers\wtojamhj.sys
2009-12-10 07:28 . 2009-12-10 07:28 30784 ----a-w- c:\windows\system32\drivers\dwpsytan.sys
2009-12-10 07:17 . 2009-12-10 07:17 30784 ----a-w- c:\windows\system32\drivers\fkbhzdmc.sys
2009-12-10 07:07 . 2009-12-10 07:07 30784 ----a-w- c:\windows\system32\drivers\gdvqcqem.sys
2009-12-10 06:56 . 2009-12-10 06:56 30784 ----a-w- c:\windows\system32\drivers\svwbqrzk.sys
2009-12-10 06:46 . 2009-12-10 06:46 30784 ----a-w- c:\windows\system32\drivers\xfyzwhhr.sys
2009-12-10 06:44 . 2009-12-10 06:44 30784 ----a-w- c:\windows\system32\drivers\ckjnjkrm.sys
2009-12-10 06:41 . 2009-12-10 06:41 30784 ----a-w- c:\windows\system32\drivers\fcvwleyi.sys
2009-12-10 06:40 . 2009-12-10 06:40 30784 ----a-w- c:\windows\system32\drivers\semrgvbw.sys
2009-12-10 06:39 . 2009-12-10 06:39 30784 ----a-w- c:\windows\system32\drivers\itctbgav.sys
2009-12-10 06:38 . 2009-12-10 06:38 30784 ----a-w- c:\windows\system32\drivers\ommmmqie.sys
2009-12-10 06:27 . 2009-12-10 06:27 30784 ----a-w- c:\windows\system32\drivers\npjpniii.sys
2009-12-10 06:17 . 2009-12-10 06:17 30784 ----a-w- c:\windows\system32\drivers\kvgstrfo.sys
2009-12-10 06:06 . 2009-12-10 06:06 30784 ----a-w- c:\windows\system32\drivers\xmzptyeo.sys
2009-12-10 05:56 . 2009-12-10 05:56 30784 ----a-w- c:\windows\system32\drivers\lcumjijl.sys
2009-12-10 05:46 . 2009-12-10 05:46 30784 ----a-w- c:\windows\system32\drivers\uqjyrtwd.sys
2009-12-10 05:45 . 2009-12-10 05:45 30784 ----a-w- c:\windows\system32\drivers\upterodx.sys
2009-12-09 15:29 . 2009-12-09 15:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-12-09 14:55 . 2009-12-09 14:55 30784 ----a-w- c:\windows\system32\drivers\gzaazwfy.sys
2009-12-09 14:49 . 2009-12-09 14:49 30784 ----a-w- c:\windows\system32\drivers\honjrgzb.sys
2009-12-09 14:46 . 2009-12-09 14:46 30784 ----a-w- c:\windows\system32\drivers\rpticmym.sys
2009-12-09 14:45 . 2009-12-09 14:45 30784 ----a-w- c:\windows\system32\drivers\fdtsajwe.sys
2009-12-09 14:44 . 2009-12-09 14:44 30784 ----a-w- c:\windows\system32\drivers\tpppxqsj.sys
2009-12-06 02:30 . 2009-12-06 02:30 -------- d-----w- c:\program files\Browser Hijack Recover
2009-12-06 00:12 . 2009-12-06 00:19 -------- d-----w- c:\program files\Error Expert
2009-12-05 19:47 . 2009-12-19 17:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2009-12-05 19:46 . 2009-12-05 21:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2009-12-05 17:35 . 2009-12-05 17:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\IsolatedStorage
2009-12-05 17:35 . 2009-12-05 17:35 -------- d-----w- c:\windows\system32\Temp
2009-12-05 17:35 . 2009-12-05 17:35 -------- d-----w- c:\windows\system32\Quarantine
2009-12-05 17:35 . 2009-12-05 17:35 -------- d-----w- c:\windows\system32\CustomActions
2009-12-05 17:35 . 2009-12-05 17:35 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2009-12-05 17:35 . 2009-12-05 17:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
2009-12-05 17:04 . 2009-11-03 04:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-05 17:01 . 2009-12-05 17:01 -------- d-----w- c:\program files\Windows Defender

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-25 21:19 . 2009-04-30 19:29 -------- d-----w- c:\documents and settings\Erica.ROCKIES31\Application Data\Apple Computer
2009-12-25 01:44 . 2008-10-01 11:33 -------- d--h--w- c:\documents and settings\Administrator\Application Data\LimeWire
2009-12-24 07:17 . 2008-10-01 11:30 -------- d-----w- c:\program files\Java
2009-12-24 07:16 . 2009-12-20 19:50 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-24 07:16 . 2009-12-20 19:50 79488 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-20 20:19 . 2008-09-27 19:53 -------- d--h--w- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-12-20 20:05 . 2008-10-19 14:24 -------- d-----w- c:\program files\Common Files\Apple
2009-12-20 19:52 . 2009-12-20 19:52 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-20 19:51 . 2008-10-06 14:03 -------- d-----w- c:\program files\Safari
2009-12-20 19:49 . 2009-12-20 19:49 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-12-19 06:45 . 2009-12-19 06:45 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-18 20:53 . 2009-06-27 02:54 18312 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-12-18 20:38 . 2008-09-26 19:51 18312 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-18 20:25 . 2008-09-26 18:48 23348 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-10 13:09 . 2009-12-10 13:09 96512 ----a-w- c:\windows\system32\drivers\atapi.sysB3168F5E
2009-12-10 12:58 . 2009-12-10 12:58 96512 ----a-w- c:\windows\system32\drivers\atapi.sys15F69F6A
2009-12-10 12:47 . 2009-12-10 12:47 96512 ----a-w- c:\windows\system32\drivers\atapi.sys29509752
2009-12-10 12:37 . 2009-12-10 12:37 96512 ----a-w- c:\windows\system32\drivers\atapi.sys0609F256
2009-12-10 12:26 . 2009-12-10 12:26 96512 ----a-w- c:\windows\system32\drivers\atapi.sys7406860C
2009-12-10 12:15 . 2009-12-10 12:15 96512 ----a-w- c:\windows\system32\drivers\atapi.sys9F4BACD9
2009-12-10 12:05 . 2009-12-10 12:05 96512 ----a-w- c:\windows\system32\drivers\atapi.sysD7A0DE3E
2009-12-10 11:54 . 2009-12-10 11:54 96512 ----a-w- c:\windows\system32\drivers\atapi.sys73E096AD
2009-12-10 11:44 . 2009-12-10 11:44 96512 ----a-w- c:\windows\system32\drivers\atapi.sys3ACED42A
2009-12-10 11:33 . 2009-12-10 11:33 96512 ----a-w- c:\windows\system32\drivers\atapi.sys3605184E
2009-12-10 11:22 . 2009-12-10 11:22 96512 ----a-w- c:\windows\system32\drivers\atapi.sys66910D76
2009-12-10 11:12 . 2009-12-10 11:12 96512 ----a-w- c:\windows\system32\drivers\atapi.sys310516D8
2009-12-10 11:01 . 2009-12-10 11:01 96512 ----a-w- c:\windows\system32\drivers\atapi.sys17407AD7
2009-12-10 10:50 . 2009-12-10 10:50 96512 ----a-w- c:\windows\system32\drivers\atapi.sysFFB981D2
2009-12-10 10:40 . 2009-12-10 10:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sysBF3F24CE
2009-12-10 10:29 . 2009-12-10 10:29 96512 ----a-w- c:\windows\system32\drivers\atapi.sysA2C7947B
2009-12-10 10:21 . 2009-12-10 10:21 96512 ----a-w- c:\windows\system32\drivers\atapi.sys21F4FA02
2009-12-10 10:08 . 2009-12-10 10:08 96512 ----a-w- c:\windows\system32\drivers\atapi.sysD53E454C
2009-12-10 09:56 . 2009-12-10 09:56 96512 ----a-w- c:\windows\system32\drivers\atapi.sys35EEE713
2009-12-10 09:45 . 2009-12-10 09:45 96512 ----a-w- c:\windows\system32\drivers\atapi.sysE31722DE
2009-12-10 09:34 . 2009-12-10 09:34 96512 ----a-w- c:\windows\system32\drivers\atapi.sys295D693C
2009-12-10 09:23 . 2009-12-10 09:23 96512 ----a-w- c:\windows\system32\drivers\atapi.sys8AB704B8
2009-12-10 09:12 . 2009-12-10 09:12 96512 ----a-w- c:\windows\system32\drivers\atapi.sys3CB7D7DC
2009-12-10 09:01 . 2009-12-10 09:01 96512 ----a-w- c:\windows\system32\drivers\atapi.sys62DC51E9
2009-12-10 08:50 . 2009-12-10 08:50 96512 ----a-w- c:\windows\system32\drivers\atapi.sysF8616D3B
2009-12-10 08:40 . 2009-12-10 08:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys68A350E2
2009-12-10 08:29 . 2009-12-10 08:29 96512 ----a-w- c:\windows\system32\drivers\atapi.sys8C887F7A
2009-12-10 08:20 . 2009-12-10 08:19 96512 ----a-w- c:\windows\system32\drivers\atapi.sysEE3F2B4D
2009-12-10 08:09 . 2009-12-10 08:09 96512 ----a-w- c:\windows\system32\drivers\atapi.sysD1B43803
2009-12-10 08:02 . 2009-12-10 08:02 96512 ----a-w- c:\windows\system32\drivers\atapi.sys6417CF80
2009-12-10 07:49 . 2009-12-10 07:49 96512 ----a-w- c:\windows\system32\drivers\atapi.sys249DA68F
2009-12-10 07:38 . 2009-12-10 07:38 96512 ----a-w- c:\windows\system32\drivers\atapi.sys637CD27B
2009-12-10 07:28 . 2009-12-10 07:28 96512 ----a-w- c:\windows\system32\drivers\atapi.sysDBB56AB4
2009-12-10 07:17 . 2009-12-10 07:17 96512 ----a-w- c:\windows\system32\drivers\atapi.sysB15493F8
2009-12-10 07:07 . 2009-12-10 07:07 96512 ----a-w- c:\windows\system32\drivers\atapi.sys3883EEA7
2009-12-10 06:56 . 2009-12-10 06:56 96512 ----a-w- c:\windows\system32\drivers\atapi.sys05D043ED
2009-12-10 06:46 . 2009-12-10 06:46 96512 ----a-w- c:\windows\system32\drivers\atapi.sys8FE594A7
2009-12-10 06:44 . 2009-12-10 06:44 96512 ----a-w- c:\windows\system32\drivers\atapi.sys7F0DC4E7
2009-12-10 06:41 . 2009-12-10 06:41 96512 ----a-w- c:\windows\system32\drivers\atapi.sys7CB3A67D
2009-12-10 06:40 . 2009-12-10 06:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys2DF29414
2009-12-10 06:39 . 2009-12-10 06:39 96512 ----a-w- c:\windows\system32\drivers\atapi.sys0D889A53
2009-12-10 06:38 . 2009-12-10 06:38 96512 ----a-w- c:\windows\system32\drivers\atapi.sysFEC2F9C5
2009-12-10 06:27 . 2009-12-10 06:27 96512 ----a-w- c:\windows\system32\drivers\atapi.sys53C0B60C
2009-12-10 06:17 . 2009-12-10 06:17 96512 ----a-w- c:\windows\system32\drivers\atapi.sys731182B5
2009-12-10 06:06 . 2009-12-10 06:06 96512 ----a-w- c:\windows\system32\drivers\atapi.sys9E855D2D
2009-12-10 05:56 . 2009-12-10 05:56 96512 ----a-w- c:\windows\system32\drivers\atapi.sysDE713294
2009-12-10 05:45 . 2009-12-10 05:45 96512 ----a-w- c:\windows\system32\drivers\atapi.sys32403C88
2009-12-10 05:45 . 2009-12-10 05:45 96512 ----a-w- c:\windows\system32\drivers\OLD62.tmp33B1D606
2009-12-10 05:45 . 2009-12-10 05:45 96512 ----a-w- c:\windows\system32\drivers\OLD6A.tmp1CDDB49D
2009-12-10 05:45 . 2009-12-10 05:45 96512 ----a-w- c:\windows\system32\drivers\OLD66.tmp5D4A4870
2009-12-09 14:55 . 2009-12-09 14:55 96512 ----a-w- c:\windows\system32\drivers\OLD6.tmp09BE780E
2009-12-09 14:55 . 2009-12-09 14:55 96512 ----a-w- c:\windows\system32\drivers\atapi.sys9828723F
2009-12-09 14:45 . 2009-12-09 14:45 96512 ----a-w- c:\windows\system32\drivers\atapi.sys413FF5D5
2009-12-09 14:44 . 2009-12-09 14:44 96512 ----a-w- c:\windows\system32\drivers\atapi.sys040FAA64
2009-12-04 06:08 . 2009-06-07 16:06 164 ----a-w- c:\windows\install.dat
2009-11-21 15:51 . 2006-02-28 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-10 07:04 . 2009-09-12 02:00 -------- d--h--w- c:\documents and settings\Administrator\Application Data\Any Video Converter
2009-11-10 06:53 . 2009-11-10 06:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-11-10 06:53 . 2009-11-10 06:53 -------- d--h--w- c:\documents and settings\Administrator\Application Data\AVS4YOU
2009-11-10 06:52 . 2009-11-10 06:49 -------- d-----w- c:\program files\AVS4YOU
2009-11-10 06:52 . 2009-11-10 06:50 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-11-06 23:19 . 2009-06-07 16:06 1563008 ----a-w- c:\windows\WRSetup.dll
2009-11-06 20:00 . 2009-04-22 01:27 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-11-06 20:00 . 2009-04-22 01:27 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-11-06 20:00 . 2009-04-22 01:27 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2009-11-01 22:24 . 2008-10-01 10:48 -------- d-----w- c:\program files\LimeWire
2009-10-30 23:56 . 2009-10-30 18:51 -------- d-----w- c:\program files\Mobile Action
2009-10-29 05:38 . 2006-02-28 12:00 667136 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2006-02-28 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2006-02-28 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-02-28 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-17 00:07 . 2009-06-03 02:42 40960 ----a-w- c:\windows\system32\lxduvs.dll
2009-10-17 00:06 . 2009-06-03 02:25 651264 ----a-w- c:\windows\system32\lxdupmui.dll
2009-10-17 00:06 . 2009-06-03 02:25 364544 ----a-w- c:\windows\system32\lxduinpa.dll
2009-10-17 00:06 . 2009-06-03 02:25 339968 ----a-w- c:\windows\system32\lxduiesc.dll
2009-10-17 00:06 . 2009-06-03 02:25 860160 ----a-w- c:\windows\system32\lxduusb1.dll
2009-10-17 00:06 . 2009-06-03 02:25 1069056 ----a-w- c:\windows\system32\lxduserv.dll
2009-10-17 00:06 . 2009-06-03 02:25 577536 ----a-w- c:\windows\system32\lxdulmpm.dll
2009-10-17 00:06 . 2009-06-03 02:25 323584 ----a-w- c:\windows\system32\lxduih.exe
2009-10-17 00:06 . 2009-06-03 02:25 684032 ----a-w- c:\windows\system32\lxduhbn3.dll
2009-10-17 00:06 . 2009-06-03 02:25 589824 ----a-w- c:\windows\system32\lxducoms.exe
2009-10-17 00:06 . 2009-06-03 02:25 376832 ----a-w- c:\windows\system32\lxducomm.dll
2009-10-17 00:06 . 2009-06-03 02:25 761856 ----a-w- c:\windows\system32\lxducomc.dll
2009-10-17 00:06 . 2009-06-03 02:25 364544 ----a-w- c:\windows\system32\lxducfg.exe
2009-10-16 23:56 . 2009-06-03 02:25 208896 ----a-w- c:\windows\system32\lxdugrd.dll
2009-10-16 05:32 . 2009-06-03 02:41 409600 ----a-w- c:\windows\system32\lxducoin.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2007-11-26 1206600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-14 217193]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Billminder.lnk - c:\quickenw\BILLMIND.EXE [2008-10-12 36864]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]
Quicken Startup.lnk - c:\quickenw\QWDLLS.EXE [2008-10-12 36864]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\lxducoms.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Pnp680;SiI 680 ATA Controller;c:\windows\system32\drivers\pnp680.sys [9/26/2008 12:15 PM 71720]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [4/21/2009 5:27 PM 29808]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [12/18/2009 8:48 PM 1858144]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [6/2/2009 6:41 PM 94208]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [10/12/2008 8:58 PM 34916]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [6/7/2009 8:08 AM 1201640]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [6/11/2009 9:15 PM 598856]
R3 Ma730Pt;MA730 Bluetooth VCOM Driver;c:\windows\system32\drivers\ma730Pt.sys [10/30/2009 10:47 AM 103040]
R3 Ma730Vad;MA730 Bluetooth Audio;c:\windows\system32\drivers\Ma730Vad.sys [10/30/2009 10:47 AM 23376]
S3 Ma730c;MA730 Bluetooth Core Driver;c:\windows\system32\drivers\ma730c.sys [10/30/2009 10:47 AM 156128]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mWindow Title =
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
DPF: Microsoft XML Parser for Java
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-27 00:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1544)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxducoms.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\SOUNDMAN.EXE
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-12-27 00:06:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-27 08:06
ComboFix2.txt 2009-12-27 07:30
ComboFix3.txt 2009-12-27 04:22

Pre-Run: 106,162,536,448 bytes free
Post-Run: 106,178,101,248 bytes free

- - End Of File - - AEB24CC9476177A102B3C579B7E64A19

#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:18 AM

Posted 27 December 2009 - 04:32 PM

Please run OTL again and post the new log.

unite.jpg


#14 MarkP31

MarkP31
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 27 December 2009 - 06:21 PM

OTL logfile created on: 12/27/2009 3:06:33 PM - Run 3
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 3800 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 98.82 Gb Free Space | 66.30% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 74.46 Gb Free Space | 99.91% Space Free | Partition Type: NTFS
Drive E: | 74.52 Gb Total Space | 41.48 Gb Free Space | 55.66% Space Free | Partition Type: NTFS
Drive F: | 9.32 Gb Total Space | 9.27 Gb Free Space | 99.47% Space Free | Partition Type: NTFS
Drive G: | 3.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 465.65 Gb Total Space | 312.40 Gb Free Space | 67.09% Space Free | Partition Type: FAT32

Computer Name: ROCKIES31
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/20 18:14:04 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2009/12/03 22:26:57 | 01,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/11/06 15:19:58 | 06,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/11/06 12:00:22 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/11/06 12:00:22 | 00,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SSU.exe
PRC - [2009/10/16 16:06:32 | 00,589,824 | ---- | M] ( ) -- C:\WINDOWS\system32\lxducoms.exe
PRC - [2009/10/16 15:53:44 | 00,094,208 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxduserv.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/10/01 16:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 09:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/05/16 11:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/26 13:47:40 | 00,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
PRC - [2007/04/16 14:28:22 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2003/05/14 22:19:50 | 00,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [1999/08/10 10:51:58 | 00,036,864 | ---- | M] (Intuit) -- C:\QUICKENW\QWDLLS.EXE


========== Modules (SafeList) ==========

MOD - [2009/12/20 18:14:04 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/12/03 22:26:57 | 01,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/11/06 12:00:22 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/10/16 16:06:32 | 00,589,824 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxducoms.exe -- (lxdu_device)
SRV - [2009/10/16 15:53:44 | 00,094,208 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe -- (lxduCATSCustConnectService)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/10/01 16:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 09:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/05/16 11:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2007/11/26 13:47:40 | 00,598,856 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2004/10/22 01:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/11/06 12:00:36 | 00,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 12:00:36 | 00,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 12:00:34 | 00,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/08/28 19:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/11/15 10:41:34 | 00,071,720 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pnp680.sys -- (Pnp680)
DRV - [2008/09/24 09:40:22 | 04,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/05/16 11:01:00 | 06,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/11/13 00:47:45 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/01/08 14:06:26 | 00,156,128 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ma730c.sys -- (Ma730c)
DRV - [2006/09/21 11:23:22 | 00,103,040 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ma730Pt.sys -- (Ma730Pt)
DRV - [2006/02/28 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2005/11/22 13:32:14 | 00,023,376 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Ma730Vad.sys -- (Ma730Vad)
DRV - [2005/08/19 16:00:00 | 00,046,080 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/01/27 01:22:00 | 00,088,016 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/05/18 00:55:26 | 00,074,112 | R--- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viamraid.sys -- (viamraid)
DRV - [2004/02/23 19:08:52 | 00,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2001/08/17 12:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS)
DRV - [1999/08/10 10:51:58 | 00,034,916 | ---- | M] (Marimba, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MrtRate.sys -- (mrtRate)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1659004503-1580436667-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1659004503-1580436667-725345543-500\S-1-5-21-1659004503-1580436667-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2009/11/01 14:25:47 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/11/01 14:25:47 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-1659004503-1580436667-725345543-500\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-1659004503-1580436667-725345543-500\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-1659004503-1580436667-725345543-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\system32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\system32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-1659004503-1580436667-725345543-500..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk = C:\QUICKENW\BILLMIND.EXE (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE (Intuit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1659004503-1580436667-725345543-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1659004503-1580436667-725345543-500\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1659004503-1580436667-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1659004503-1580436667-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1659004503-1580436667-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1659004503-1580436667-725345543-500_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1659004503-1580436667-725345543-500_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1222508896687 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1224348571819 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (EM) - File not found
O30 - LSA: Security Packages - (ecurity Packages settings...) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/26 10:11:27 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/12/15 22:02:12 | 00,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/02/25 10:30:42 | 00,000,054 | RHS- | M] () - K:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2008/12/21 08:18:42 | 00,000,000 | ---D | M] - K:\autorun -- [ FAT32 ]
O33 - MountPoints2\{bcc470d6-01ec-11de-ae1a-00508d6bad5e}\Shell\AutoRun\command - "" = K:\WDSetup.exe -- [2008/11/25 11:03:44 | 02,325,721 | ---- | M] (Western Digital Corporation )
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/27 14:59:28 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/12/27 01:03:40 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/12/26 20:06:53 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/12/26 20:01:59 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/12/26 20:01:59 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/12/26 20:01:59 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/12/26 20:01:59 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/12/23 23:17:54 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/12/23 23:17:54 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/12/23 23:17:54 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/12/23 23:17:53 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/12/22 21:58:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/22 21:54:31 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/20 12:05:46 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/12/20 12:05:40 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/12/20 12:05:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/12/20 12:00:05 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/12/19 11:48:06 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009/12/19 11:47:29 | 00,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmfilt.dll
[2009/12/19 11:47:29 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpapi.dll
[2009/12/19 11:47:28 | 00,265,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\http.sys
[2009/12/19 11:24:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/12/19 10:29:29 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/12/19 10:06:25 | 00,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2009/12/19 10:06:08 | 01,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2009/12/19 10:06:08 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2009/12/19 10:06:01 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2009/12/19 10:05:59 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2009/12/19 10:05:49 | 00,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2009/12/19 10:05:25 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2009/12/19 09:17:06 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/12/19 09:15:04 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2009/12/19 09:15:02 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/12/19 09:14:15 | 01,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2009/12/19 09:14:01 | 00,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2009/12/19 09:12:23 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2009/12/19 09:12:20 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/12/19 09:12:10 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/12/19 09:12:07 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/12/19 09:12:06 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2009/12/19 09:11:55 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2009/12/18 22:44:18 | 00,000,000 | ---D | C] -- C:\Program Files\zztoy
[2009/12/18 20:48:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mark\My Documents\a-squared Free
[2009/12/18 20:04:43 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/12/18 12:32:08 | 00,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2009/12/18 12:32:08 | 00,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2009/12/18 12:32:08 | 00,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2009/12/18 12:32:08 | 00,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2009/12/18 12:32:08 | 00,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2009/12/18 12:32:08 | 00,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2009/12/18 12:31:58 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2009/12/18 12:31:52 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2009/12/18 12:31:51 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2009/12/18 12:31:50 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2009/12/18 12:31:50 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2009/12/18 12:31:49 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2009/12/18 12:31:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2009/12/18 12:31:47 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2009/12/18 12:31:47 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2009/12/18 12:31:47 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2009/12/18 12:31:39 | 00,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2009/12/18 12:31:39 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2009/12/18 12:31:37 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2009/12/18 12:31:37 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2009/12/18 12:31:37 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2009/12/18 12:31:37 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2009/12/18 12:31:37 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2009/12/18 12:31:36 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2009/12/18 12:31:36 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2009/12/18 12:31:36 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2009/12/18 12:31:34 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2009/12/18 12:31:33 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2009/12/18 12:31:32 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2009/12/18 12:31:31 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2009/12/18 12:31:31 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2009/12/18 12:31:30 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2009/12/18 12:31:30 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2009/12/18 12:31:29 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2009/12/18 12:31:29 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2009/12/18 12:31:29 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2009/12/18 12:31:28 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2009/12/18 12:31:28 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2009/12/18 12:31:28 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2009/12/18 12:31:28 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2009/12/18 12:31:28 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2009/12/18 12:31:28 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2009/12/18 12:31:28 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2009/12/18 12:31:28 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2009/12/18 12:31:28 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2009/12/18 12:31:27 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2009/12/18 12:31:27 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2009/12/18 12:31:27 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2009/12/18 12:31:27 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2009/12/18 12:31:27 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2009/12/18 12:31:24 | 02,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2009/12/18 12:31:24 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2009/12/18 12:31:24 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2009/12/18 12:31:23 | 00,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2009/12/18 12:31:21 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2009/12/18 12:31:20 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2009/12/18 12:31:18 | 00,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2009/12/18 12:31:18 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/12/18 12:31:18 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/12/18 12:31:18 | 00,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2009/12/18 12:31:18 | 00,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2009/12/18 12:31:15 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2009/12/18 12:31:15 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2009/12/18 12:31:13 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2009/12/18 12:31:13 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2009/12/18 12:31:11 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2009/12/18 12:31:11 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2009/12/18 12:31:11 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2009/12/18 12:31:11 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2009/12/18 12:31:10 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2009/12/18 12:31:10 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2009/12/18 12:31:09 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2009/12/18 12:31:08 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2009/12/18 12:31:08 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2009/12/18 12:31:08 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2009/12/18 12:31:04 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2009/12/18 12:31:03 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2009/12/18 12:31:00 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2009/12/18 12:30:55 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2009/12/18 12:30:55 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2009/12/18 12:30:53 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2009/12/18 12:30:51 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2009/12/18 12:30:49 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2009/12/18 12:30:48 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2009/12/18 12:30:48 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2009/12/18 12:30:47 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2009/12/18 12:30:46 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2009/12/18 12:30:44 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2009/12/18 12:30:43 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2009/12/18 12:30:43 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2009/12/18 12:30:43 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2009/12/18 12:30:43 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2009/12/18 12:30:43 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2009/12/18 12:30:43 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2009/12/18 12:30:43 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2009/12/18 12:30:43 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2009/12/18 12:30:43 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2009/12/18 12:30:42 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2009/12/18 12:30:42 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2009/12/18 12:30:42 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2009/12/18 12:30:42 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2009/12/18 12:30:41 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2009/12/18 12:30:41 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2009/12/18 12:30:41 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2009/12/18 12:30:41 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2009/12/18 12:30:41 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2009/12/18 12:30:41 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2009/12/18 12:30:41 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2009/12/18 12:30:41 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2009/12/18 12:30:41 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2009/12/18 12:30:40 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2009/12/18 12:30:40 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2009/12/18 12:30:40 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2009/12/18 12:30:40 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2009/12/18 12:30:40 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2009/12/18 12:30:40 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2009/12/18 12:30:40 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2009/12/18 12:30:39 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2009/12/18 12:30:39 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2009/12/18 12:30:39 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2009/12/18 12:30:39 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2009/12/18 12:30:39 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2009/12/18 12:30:36 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2009/12/18 12:30:35 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2009/12/18 12:30:35 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2009/12/18 12:30:33 | 00,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2009/12/18 12:30:33 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2009/12/18 12:30:32 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2009/12/18 12:30:32 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2009/12/18 12:30:31 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2009/12/18 12:30:31 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2009/12/18 12:30:31 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2009/12/18 12:30:27 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2009/12/18 12:30:18 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2009/12/18 12:30:17 | 00,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll
[2009/12/18 12:30:16 | 01,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2009/12/18 12:30:16 | 00,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2009/12/18 12:30:16 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2009/12/18 12:30:14 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2009/12/18 12:30:13 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2009/12/18 12:30:11 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2009/12/18 12:30:11 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2009/12/18 12:30:10 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2009/12/18 12:30:09 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2009/12/18 12:30:08 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2009/12/18 12:30:08 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2009/12/18 12:30:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2009/12/18 12:30:07 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2009/12/18 12:30:06 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2009/12/18 12:30:05 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/12/18 12:30:05 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2009/12/18 12:30:05 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2009/12/18 12:30:05 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2009/12/18 12:29:57 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2009/12/18 12:29:57 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2009/12/18 12:29:56 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2009/12/18 12:29:56 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2009/12/18 12:29:55 | 01,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2009/12/18 12:29:55 | 00,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2009/12/18 12:29:54 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2009/12/18 12:29:54 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2009/12/18 12:29:54 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2009/12/18 12:29:53 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2009/12/18 12:29:53 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2009/12/18 12:29:53 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2009/12/18 12:29:52 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2009/12/18 12:29:52 | 00,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2009/12/18 12:29:52 | 00,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2009/12/18 12:29:52 | 00,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2009/12/18 12:29:52 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2009/12/18 12:29:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2009/12/18 12:29:51 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2009/12/18 12:29:51 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2009/12/18 12:29:51 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2009/12/18 12:29:50 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2009/12/18 12:29:50 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/12/18 12:29:49 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2009/12/18 12:29:42 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2009/12/18 12:29:41 | 01,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2009/12/18 12:29:41 | 00,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2009/12/18 12:29:41 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2009/12/18 12:29:41 | 00,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2009/12/18 12:29:40 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2009/12/18 12:29:40 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2009/12/18 12:29:39 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2009/12/18 12:29:28 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2009/12/18 12:29:28 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2009/12/18 12:29:27 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2009/12/18 12:29:19 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2009/12/18 12:29:18 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2009/12/18 12:29:18 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2009/12/18 12:29:14 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2009/12/18 12:29:07 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2009/12/18 12:29:07 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2009/12/18 12:29:06 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2009/12/18 12:29:06 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2009/12/18 12:29:05 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2009/12/18 12:29:05 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2009/12/18 12:29:00 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2009/12/18 12:28:56 | 00,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2009/12/18 12:26:54 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2009/12/18 12:26:42 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2009/12/18 12:24:58 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2009/12/18 12:19:42 | 00,027,165 | ---- | C] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\drivers\fetnd5.sys
[2009/12/18 12:17:05 | 00,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTL8139.sys
[2009/12/18 12:09:49 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2009/12/18 12:09:49 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2009/12/18 12:09:49 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2009/12/18 12:09:49 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2009/12/10 06:03:13 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nybdvmqu.sys
[2009/12/10 05:52:20 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mfowiiat.sys
[2009/12/10 05:41:23 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\efnhvklw.sys
[2009/12/10 05:30:24 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ugvoceug.sys
[2009/12/10 05:22:19 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gqagihzb.sys
[2009/12/10 05:09:22 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sscqvren.sys
[2009/12/10 04:58:25 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kfsyytzj.sys
[2009/12/10 04:47:27 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hmeovhgn.sys
[2009/12/10 04:37:22 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jmogstay.sys
[2009/12/10 04:26:31 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jhiswqre.sys
[2009/12/10 04:15:34 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\lfvbmggg.sys
[2009/12/10 04:05:36 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\egwjpgel.sys
[2009/12/10 03:54:26 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uuxioldf.sys
[2009/12/10 03:44:26 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uylcippk.sys
[2009/12/10 03:33:21 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\yniyalxu.sys
[2009/12/10 03:22:25 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vqpoqalt.sys
[2009/12/10 03:12:10 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jatttnxl.sys
[2009/12/10 03:01:14 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fjfsenjp.sys
[2009/12/10 02:50:16 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwqsnwrn.sys
[2009/12/10 02:40:12 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\eqfmiqdm.sys
[2009/12/10 02:29:08 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\zywqrsbl.sys
[2009/12/10 02:21:46 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xckxipvz.sys
[2009/12/10 02:08:14 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rqhzghnj.sys
[2009/12/10 01:56:39 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\saxgqqtt.sys
[2009/12/10 01:45:34 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nlzrfvsf.sys
[2009/12/10 01:34:38 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rufxzoni.sys
[2009/12/10 01:23:43 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jmerskpc.sys
[2009/12/10 01:12:54 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\lvnfftsa.sys
[2009/12/10 01:01:48 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bjpkacpl.sys
[2009/12/10 00:50:49 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jyjmgmfp.sys
[2009/12/10 00:40:45 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\holtxlwm.sys
[2009/12/10 00:29:56 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\iauagpyd.sys
[2009/12/10 00:20:00 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tjcwbdza.sys
[2009/12/10 00:09:02 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\zkibwsss.sys
[2009/12/10 00:02:02 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\qavtoymo.sys
[2009/12/09 23:49:05 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jrwqruuc.sys
[2009/12/09 23:38:54 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wtojamhj.sys
[2009/12/09 23:28:49 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dwpsytan.sys
[2009/12/09 23:17:51 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fkbhzdmc.sys
[2009/12/09 23:07:50 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gdvqcqem.sys
[2009/12/09 22:56:54 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\svwbqrzk.sys
[2009/12/09 22:46:02 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xfyzwhhr.sys
[2009/12/09 22:44:24 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ckjnjkrm.sys
[2009/12/09 22:41:35 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fcvwleyi.sys
[2009/12/09 22:40:28 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\semrgvbw.sys
[2009/12/09 22:39:24 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\itctbgav.sys
[2009/12/09 22:38:03 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ommmmqie.sys
[2009/12/09 22:27:48 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\npjpniii.sys
[2009/12/09 22:17:03 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kvgstrfo.sys
[2009/12/09 22:06:49 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xmzptyeo.sys
[2009/12/09 21:56:32 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\lcumjijl.sys
[2009/12/09 21:46:04 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uqjyrtwd.sys
[2009/12/09 21:45:44 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\upterodx.sys
[2009/12/09 07:29:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2009/12/09 06:55:52 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gzaazwfy.sys
[2009/12/09 06:49:54 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\honjrgzb.sys
[2009/12/09 06:46:22 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rpticmym.sys
[2009/12/09 06:45:13 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fdtsajwe.sys
[2009/12/09 06:44:14 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tpppxqsj.sys
[2009/12/05 18:30:32 | 00,000,000 | ---D | C] -- C:\Program Files\Browser Hijack Recover
[2009/12/05 16:12:23 | 00,000,000 | ---D | C] -- C:\Program Files\Error Expert
[2009/12/05 12:01:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mark\My Documents\Downloads
[2009/12/05 11:47:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
[2009/12/05 11:46:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2009/12/05 11:44:58 | 00,563,864 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Mark\My Documents\ChromeSetup.exe
[2009/12/05 09:35:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IsolatedStorage
[2009/12/05 09:35:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Temp
[2009/12/05 09:35:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Quarantine
[2009/12/05 09:35:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CustomActions
[2009/12/05 09:35:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2009/12/05 09:22:21 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/05 09:04:01 | 00,195,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2009/12/05 09:01:47 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/12/02 19:03:54 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared Free
[2009/11/29 18:11:00 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\Actecom
[2009/11/29 18:11:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickMediaConverter
[2009/11/29 18:09:06 | 00,000,000 | ---D | C] -- C:\Program Files\QuickMediaConverter
[2009/11/29 18:08:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WDSetup
[2009/11/29 10:30:34 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/11/29 01:15:08 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/11/29 01:14:50 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/29 01:14:46 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/29 01:14:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/29 01:14:45 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/29 01:11:06 | 00,102,800 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/11/28 23:21:56 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/11/28 23:21:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/11/28 22:55:36 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/07/31 02:01:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/06/08 16:41:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/06/02 18:41:57 | 00,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxducoin.dll
[2009/06/02 18:25:42 | 00,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDUhcp.dll
[2009/06/02 18:25:41 | 00,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduinpa.dll
[2009/06/02 18:25:41 | 00,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduiesc.dll
[2009/06/02 18:25:40 | 01,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduserv.dll
[2009/06/02 18:25:40 | 00,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduusb1.dll
[2009/06/02 18:25:39 | 00,651,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdupmui.dll
[2009/06/02 18:25:39 | 00,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdulmpm.dll
[2009/06/02 18:25:37 | 00,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduhbn3.dll
[2009/06/02 18:25:36 | 00,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxducomm.dll
[2009/06/02 18:25:35 | 00,761,856 | ---- | C] ( ) -- C:\WINDOWS\System32\lxducomc.dll
[2009/02/05 10:17:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2008/10/14 05:13:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/09/27 02:03:22 | 00,983,080 | ---- | C] (Microsoft Corporation) -- C:\Program Files\KeyUpdateTool_enu.exe
[2008/09/26 10:11:20 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[4 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/27 14:52:00 | 00,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1580436667-725345543-500UA.job
[2009/12/27 14:28:00 | 00,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\{96681319-0477-435B-8958-126FD4BC3133}_ROCKIES31_MP.job
[2009/12/27 14:05:15 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/12/27 14:02:44 | 00,000,557 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/12/27 14:02:43 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/27 14:02:24 | 00,181,020 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/12/27 14:02:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/27 14:02:09 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/27 14:02:07 | 21,470,12608 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/27 13:19:26 | 10,223,616 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2009/12/27 13:19:26 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2009/12/27 11:52:00 | 00,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1580436667-725345543-500Core.job
[2009/12/27 10:51:12 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/12/27 00:00:51 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/27 00:00:33 | 00,000,027 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/12/26 23:20:37 | 03,867,039 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2009/12/26 20:06:56 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/12/25 21:46:25 | 00,442,026 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/25 21:46:25 | 00,071,674 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/25 21:46:24 | 00,522,488 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/25 21:04:03 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/20 18:14:04 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/12/20 11:51:01 | 00,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/12/19 11:58:40 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/19 11:57:38 | 02,002,920 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2009/12/19 11:27:44 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/12/19 11:24:16 | 00,115,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/19 09:53:31 | 00,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2009/12/18 22:44:24 | 00,000,587 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/18 20:48:59 | 00,000,648 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\a-squared Free.lnk
[2009/12/18 12:53:45 | 00,018,312 | ---- | M] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2009/12/18 12:38:19 | 00,018,312 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/18 12:32:56 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/12/18 12:28:09 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/12/18 12:28:09 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/12/18 12:27:57 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/12/18 12:27:08 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/12/18 12:27:08 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/12/18 12:27:02 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/12/18 12:27:02 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/12/18 12:27:02 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/12/18 12:27:02 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/12/18 12:27:02 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/12/18 12:27:02 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/12/18 12:26:49 | 00,001,505 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/12/18 12:25:08 | 00,023,348 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/12/18 12:23:31 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/12/13 13:37:04 | 03,746,026 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/12/10 06:03:15 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nybdvmqu.sys
[2009/12/10 05:52:22 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mfowiiat.sys
[2009/12/10 05:41:25 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\efnhvklw.sys
[2009/12/10 05:30:26 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ugvoceug.sys
[2009/12/10 05:22:21 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gqagihzb.sys
[2009/12/10 05:09:24 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sscqvren.sys
[2009/12/10 05:09:21 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysB3168F5E
[2009/12/10 04:58:27 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kfsyytzj.sys
[2009/12/10 04:58:24 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys15F69F6A
[2009/12/10 04:47:28 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hmeovhgn.sys
[2009/12/10 04:47:26 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys29509752
[2009/12/10 04:37:23 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jmogstay.sys
[2009/12/10 04:37:21 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys0609F256
[2009/12/10 04:26:33 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jhiswqre.sys
[2009/12/10 04:26:30 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys7406860C
[2009/12/10 04:15:36 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\lfvbmggg.sys
[2009/12/10 04:15:34 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys9F4BACD9
[2009/12/10 04:05:38 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\egwjpgel.sys
[2009/12/10 04:05:35 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysD7A0DE3E
[2009/12/10 03:54:29 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uuxioldf.sys
[2009/12/10 03:54:26 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys73E096AD
[2009/12/10 03:44:28 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uylcippk.sys
[2009/12/10 03:44:25 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys3ACED42A
[2009/12/10 03:33:23 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\yniyalxu.sys
[2009/12/10 03:33:20 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys3605184E
[2009/12/10 03:22:27 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vqpoqalt.sys
[2009/12/10 03:22:24 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys66910D76
[2009/12/10 03:12:13 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jatttnxl.sys
[2009/12/10 03:12:09 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys310516D8
[2009/12/10 03:01:17 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fjfsenjp.sys
[2009/12/10 03:01:14 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys17407AD7
[2009/12/10 02:50:18 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwqsnwrn.sys
[2009/12/10 02:50:15 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysFFB981D2
[2009/12/10 02:40:15 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\eqfmiqdm.sys
[2009/12/10 02:40:12 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysBF3F24CE
[2009/12/10 02:29:10 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\zywqrsbl.sys
[2009/12/10 02:29:07 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysA2C7947B
[2009/12/10 02:21:49 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xckxipvz.sys
[2009/12/10 02:21:46 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys21F4FA02
[2009/12/10 02:08:16 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rqhzghnj.sys
[2009/12/10 02:08:13 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysD53E454C
[2009/12/10 01:56:42 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\saxgqqtt.sys
[2009/12/10 01:56:39 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys35EEE713
[2009/12/10 01:45:35 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nlzrfvsf.sys
[2009/12/10 01:45:33 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysE31722DE
[2009/12/10 01:34:40 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rufxzoni.sys
[2009/12/10 01:34:37 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys295D693C
[2009/12/10 01:23:46 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jmerskpc.sys
[2009/12/10 01:23:43 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys8AB704B8
[2009/12/10 01:12:55 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\lvnfftsa.sys
[2009/12/10 01:12:53 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys3CB7D7DC
[2009/12/10 01:01:50 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bjpkacpl.sys
[2009/12/10 01:01:47 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys62DC51E9
[2009/12/10 00:50:50 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jyjmgmfp.sys
[2009/12/10 00:50:49 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysF8616D3B
[2009/12/10 00:40:46 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\holtxlwm.sys
[2009/12/10 00:40:44 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys68A350E2
[2009/12/10 00:29:58 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\iauagpyd.sys
[2009/12/10 00:29:55 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys8C887F7A
[2009/12/10 00:20:02 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tjcwbdza.sys
[2009/12/10 00:20:00 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysEE3F2B4D
[2009/12/10 00:09:05 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\zkibwsss.sys
[2009/12/10 00:09:02 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysD1B43803
[2009/12/10 00:02:04 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\qavtoymo.sys
[2009/12/10 00:02:01 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys6417CF80
[2009/12/09 23:49:07 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jrwqruuc.sys
[2009/12/09 23:49:04 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys249DA68F
[2009/12/09 23:38:56 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wtojamhj.sys
[2009/12/09 23:38:54 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys637CD27B
[2009/12/09 23:28:51 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dwpsytan.sys
[2009/12/09 23:28:48 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysDBB56AB4
[2009/12/09 23:17:53 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fkbhzdmc.sys
[2009/12/09 23:17:50 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysB15493F8
[2009/12/09 23:07:52 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gdvqcqem.sys
[2009/12/09 23:07:49 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys3883EEA7
[2009/12/09 22:56:56 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\svwbqrzk.sys
[2009/12/09 22:56:53 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys05D043ED
[2009/12/09 22:54:07 | 00,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/12/09 22:46:04 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xfyzwhhr.sys
[2009/12/09 22:46:01 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys8FE594A7
[2009/12/09 22:44:26 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ckjnjkrm.sys
[2009/12/09 22:44:23 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys7F0DC4E7
[2009/12/09 22:41:37 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fcvwleyi.sys
[2009/12/09 22:41:34 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys7CB3A67D
[2009/12/09 22:40:29 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\semrgvbw.sys
[2009/12/09 22:40:27 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys2DF29414
[2009/12/09 22:39:26 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\itctbgav.sys
[2009/12/09 22:39:23 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys0D889A53
[2009/12/09 22:38:06 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ommmmqie.sys
[2009/12/09 22:38:03 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysFEC2F9C5
[2009/12/09 22:27:49 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\npjpniii.sys
[2009/12/09 22:27:47 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys53C0B60C
[2009/12/09 22:17:05 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kvgstrfo.sys
[2009/12/09 22:17:03 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys731182B5
[2009/12/09 22:06:51 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xmzptyeo.sys
[2009/12/09 22:06:48 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys9E855D2D
[2009/12/09 21:56:34 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\lcumjijl.sys
[2009/12/09 21:56:32 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysDE713294
[2009/12/09 21:46:05 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uqjyrtwd.sys
[2009/12/09 21:45:45 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\upterodx.sys
[2009/12/09 21:45:43 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys32403C88
[2009/12/09 06:55:53 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gzaazwfy.sys
[2009/12/09 06:55:52 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys9828723F
[2009/12/09 06:49:55 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\honjrgzb.sys
[2009/12/09 06:46:27 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rpticmym.sys
[2009/12/09 06:45:14 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fdtsajwe.sys
[2009/12/09 06:45:13 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys413FF5D5
[2009/12/09 06:44:16 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tpppxqsj.sys
[2009/12/09 06:44:13 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys040FAA64
[2009/12/08 21:36:43 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/12/08 08:13:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/06 11:16:19 | 00,000,905 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to dds.lnk
[2009/12/05 19:53:57 | 00,000,667 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\IEXPLORE.lnk
[2009/12/05 18:30:38 | 00,000,749 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Browser Hijack Recover(BHR).lnk
[2009/12/05 16:12:27 | 00,000,665 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Error Expert.lnk
[2009/12/05 15:08:56 | 00,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2009/12/05 11:45:05 | 00,563,864 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Mark\My Documents\ChromeSetup.exe
[2009/12/05 09:35:14 | 00,000,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2009/12/03 22:25:01 | 00,001,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus.lnk
[2009/12/03 22:08:26 | 00,000,164 | ---- | M] () -- C:\WINDOWS\install.dat
[2009/12/03 21:04:44 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/12/03 20:28:21 | 00,013,588 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2009/12/03 20:28:16 | 00,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/29 18:11:02 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/11/29 01:11:03 | 00,102,800 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/11/28 23:22:23 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2009/11/28 23:14:21 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\8104297.jun
[4 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/27 00:01:09 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/12/26 23:19:30 | 03,867,039 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2009/12/26 20:06:56 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/12/26 20:06:53 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/12/26 20:01:59 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/12/26 20:01:59 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/12/26 20:01:59 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/12/26 20:01:59 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/12/26 20:01:59 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/20 12:07:24 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/12/19 10:06:41 | 00,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2009/12/19 10:06:41 | 00,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2009/12/19 10:06:41 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2009/12/19 10:06:41 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2009/12/19 10:06:41 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2009/12/19 10:06:41 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2009/12/19 10:06:41 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2009/12/19 10:06:41 | 00,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2009/12/19 10:06:41 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2009/12/19 10:06:41 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2009/12/19 10:06:41 | 00,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2009/12/19 10:06:41 | 00,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2009/12/19 10:06:41 | 00,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2009/12/19 10:06:41 | 00,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2009/12/19 10:06:41 | 00,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2009/12/19 10:06:41 | 00,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2009/12/19 10:06:41 | 00,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2009/12/19 10:06:40 | 00,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2009/12/19 10:06:40 | 00,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2009/12/19 10:06:40 | 00,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2009/12/19 10:06:40 | 00,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2009/12/19 10:06:40 | 00,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2009/12/19 10:06:40 | 00,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2009/12/19 10:06:40 | 00,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2009/12/19 10:06:40 | 00,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2009/12/19 10:06:40 | 00,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2009/12/19 10:06:40 | 00,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2009/12/19 10:06:40 | 00,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2009/12/19 10:06:36 | 00,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2009/12/19 10:06:36 | 00,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2009/12/19 10:06:36 | 00,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2009/12/19 10:06:32 | 00,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2009/12/19 10:06:32 | 00,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2009/12/19 10:06:32 | 00,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2009/12/19 10:06:32 | 00,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2009/12/19 10:06:32 | 00,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2009/12/19 10:06:32 | 00,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2009/12/19 10:06:31 | 00,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2009/12/19 10:06:31 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2009/12/19 10:06:31 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2009/12/19 10:06:31 | 00,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2009/12/19 10:06:26 | 00,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2009/12/19 10:06:24 | 00,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2009/12/19 10:06:21 | 00,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2009/12/19 10:06:20 | 00,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2009/12/19 10:06:17 | 00,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2009/12/19 10:06:17 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2009/12/19 10:06:17 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2009/12/19 10:06:17 | 00,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2009/12/19 10:06:17 | 00,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2009/12/19 10:06:17 | 00,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2009/12/19 10:06:17 | 00,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2009/12/19 10:06:17 | 00,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2009/12/19 10:06:17 | 00,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2009/12/19 10:06:17 | 00,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2009/12/19 10:06:17 | 00,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2009/12/19 10:06:17 | 00,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2009/12/19 10:06:17 | 00,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2009/12/19 10:06:17 | 00,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2009/12/19 10:06:17 | 00,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2009/12/19 10:06:17 | 00,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2009/12/19 10:06:13 | 00,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2009/12/19 10:06:11 | 00,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2009/12/19 10:06:11 | 00,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2009/12/19 10:05:59 | 00,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
[2009/12/19 10:05:59 | 00,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2009/12/19 10:05:59 | 00,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2009/12/19 10:05:59 | 00,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2009/12/19 10:05:59 | 00,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
[2009/12/19 10:05:55 | 00,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2009/12/19 10:05:30 | 00,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2009/12/19 10:05:20 | 00,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2009/12/19 10:05:20 | 00,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2009/12/19 10:05:20 | 00,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2009/12/19 10:05:20 | 00,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2009/12/19 10:05:20 | 00,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2009/12/19 10:05:19 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2009/12/19 10:05:19 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2009/12/19 10:05:19 | 00,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2009/12/19 10:05:19 | 00,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2009/12/19 10:05:19 | 00,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2009/12/19 10:05:16 | 00,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2009/12/18 20:48:59 | 00,000,648 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\a-squared Free.lnk
[2009/12/18 12:31:11 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2009/12/18 12:31:11 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2009/12/18 12:30:45 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2009/12/18 12:30:44 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/12/18 12:30:35 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009/12/18 12:30:32 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009/12/18 12:30:14 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2009/12/18 12:29:53 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/12/18 12:29:49 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009/12/18 12:29:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2009/12/18 12:29:48 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009/12/18 12:29:48 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2009/12/18 12:29:48 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2009/12/18 12:29:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009/12/18 12:29:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009/12/18 12:29:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2009/12/18 12:29:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2009/12/18 12:29:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2009/12/18 12:29:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2009/12/18 12:29:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2009/12/18 12:29:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2009/12/18 12:29:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2009/12/18 12:29:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2009/12/18 12:29:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2009/12/18 12:29:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2009/12/18 12:29:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2009/12/18 12:29:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2009/12/18 12:29:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2009/12/18 12:29:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2009/12/18 12:29:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2009/12/18 12:29:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2009/12/18 12:29:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2009/12/18 12:29:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2009/12/18 12:29:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2009/12/18 12:29:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2009/12/18 12:29:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2009/12/18 12:29:45 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2009/12/18 12:29:45 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2009/12/18 12:29:45 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2009/12/18 12:29:45 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2009/12/18 12:29:45 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2009/12/18 12:29:45 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2009/12/18 12:29:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2009/12/18 12:29:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2009/12/18 12:29:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2009/12/18 12:29:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2009/12/18 12:29:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2009/12/18 12:29:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2009/12/18 12:29:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2009/12/18 12:29:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2009/12/18 12:29:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2009/12/18 12:29:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2009/12/18 12:29:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2009/12/18 12:29:43 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2009/12/18 12:29:43 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2009/12/18 12:29:43 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2009/12/18 12:29:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009/12/18 12:29:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009/12/18 12:29:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009/12/18 12:29:42 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2009/12/18 12:29:41 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2009/12/18 12:27:08 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/12/18 12:27:02 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/12/18 12:27:02 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/12/18 12:27:02 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/12/18 12:27:02 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/12/18 12:27:02 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/12/18 12:20:43 | 00,186,407 | ---- | C] () -- C:\WINDOWS\System32\nvapps.nvb
[2009/12/18 12:09:12 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/12/18 12:09:12 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/12/18 12:09:12 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009/12/18 12:09:12 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/12/18 12:09:12 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/12/18 12:09:11 | 01,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2009/12/18 12:09:11 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/12/10 05:09:21 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysB3168F5E
[2009/12/10 04:58:24 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys15F69F6A
[2009/12/10 04:47:26 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys29509752
[2009/12/10 04:37:21 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys0609F256
[2009/12/10 04:26:29 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys7406860C
[2009/12/10 04:15:34 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys9F4BACD9
[2009/12/10 04:05:35 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysD7A0DE3E
[2009/12/10 03:54:25 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys73E096AD
[2009/12/10 03:44:25 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys3ACED42A
[2009/12/10 03:33:20 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys3605184E
[2009/12/10 03:22:24 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys66910D76
[2009/12/10 03:12:09 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys310516D8
[2009/12/10 03:01:13 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys17407AD7
[2009/12/10 02:50:15 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysFFB981D2
[2009/12/10 02:40:11 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysBF3F24CE
[2009/12/10 02:29:07 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysA2C7947B
[2009/12/10 02:21:46 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys21F4FA02
[2009/12/10 02:08:13 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysD53E454C
[2009/12/10 01:56:38 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys35EEE713
[2009/12/10 01:45:33 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysE31722DE
[2009/12/10 01:34:37 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys295D693C
[2009/12/10 01:23:42 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys8AB704B8
[2009/12/10 01:12:53 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys3CB7D7DC
[2009/12/10 01:01:47 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys62DC51E9
[2009/12/10 00:50:48 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysF8616D3B
[2009/12/10 00:40:44 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys68A350E2
[2009/12/10 00:29:55 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys8C887F7A
[2009/12/10 00:19:59 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysEE3F2B4D
[2009/12/10 00:09:01 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysD1B43803
[2009/12/10 00:02:01 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys6417CF80
[2009/12/09 23:49:04 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys249DA68F
[2009/12/09 23:38:53 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys637CD27B
[2009/12/09 23:28:48 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysDBB56AB4
[2009/12/09 23:17:50 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysB15493F8
[2009/12/09 23:07:49 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys3883EEA7
[2009/12/09 22:56:53 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys05D043ED
[2009/12/09 22:46:01 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys8FE594A7
[2009/12/09 22:44:23 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys7F0DC4E7
[2009/12/09 22:41:34 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys7CB3A67D
[2009/12/09 22:40:27 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys2DF29414
[2009/12/09 22:39:23 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys0D889A53
[2009/12/09 22:38:03 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysFEC2F9C5
[2009/12/09 22:27:47 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys53C0B60C
[2009/12/09 22:17:02 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys731182B5
[2009/12/09 22:06:48 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys9E855D2D
[2009/12/09 21:56:32 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysDE713294
[2009/12/09 21:45:43 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys32403C88
[2009/12/09 06:55:52 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys9828723F
[2009/12/09 06:45:13 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys413FF5D5
[2009/12/09 06:44:13 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys040FAA64
[2009/12/08 21:35:17 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/12/06 11:16:19 | 00,000,905 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to dds.lnk
[2009/12/05 19:53:57 | 00,000,667 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\IEXPLORE.lnk
[2009/12/05 18:30:38 | 00,000,749 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Browser Hijack Recover(BHR).lnk
[2009/12/05 11:57:28 | 00,002,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2009/12/05 11:47:23 | 00,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1580436667-725345543-500UA.job
[2009/12/05 11:47:22 | 00,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1580436667-725345543-500Core.job
[2009/12/05 09:35:14 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2009/12/03 22:25:00 | 00,001,669 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus.lnk
[2009/12/03 20:28:15 | 00,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2009/12/03 20:06:53 | 21,470,12608 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/29 18:11:02 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/11/29 01:14:56 | 00,000,587 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/28 23:22:23 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2009/11/28 23:14:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\8104297.jun
[2009/11/06 12:00:28 | 00,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/10/30 15:56:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI
[2009/10/30 15:35:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PhoneBkExe.INI
[2009/10/30 15:33:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2009/06/02 18:42:05 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxduvs.dll
[2009/06/02 18:40:43 | 01,036,288 | ---- | C] () -- C:\WINDOWS\System32\lxdudrs.dll
[2009/06/02 18:40:43 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxducaps.dll
[2009/06/02 18:40:43 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxducnv4.dll
[2009/06/02 18:39:47 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxduoem.dll
[2009/06/02 18:39:47 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDUPMON.DLL
[2009/06/02 18:39:47 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXDUFXPU.DLL
[2009/06/02 18:27:31 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdurwrd.ini
[2009/06/02 18:25:42 | 00,389,120 | ---- | C] () -- C:\WINDOWS\System32\LXDUinst.dll
[2009/06/02 18:25:37 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdugrd.dll
[2009/02/06 06:47:47 | 00,002,108 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\rx_audio.Cache
[2009/02/06 06:10:20 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\rx_image.Cache
[2009/02/04 09:30:18 | 00,000,304 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/12/28 19:38:56 | 00,000,209 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/10/20 10:25:58 | 00,000,068 | ---- | C] () -- C:\WINDOWS\QWCF.INI
[2008/10/13 11:13:43 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2008/10/13 11:13:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2008/10/13 11:13:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2008/10/12 23:34:58 | 00,000,028 | ---- | C] () -- C:\WINDOWS\qfnonl.ini
[2008/10/12 20:59:00 | 00,000,967 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/10/12 20:58:57 | 00,000,675 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2008/10/06 09:15:28 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/27 10:41:52 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/26 22:36:59 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008/09/26 22:35:12 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/05/16 11:01:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 11:01:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 11:01:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/08/30 04:29:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/11/30 02:10:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2003/10/01 23:00:00 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/01 23:00:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/07/28 06:19:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2003/07/28 06:19:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006/02/28 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 10:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\sp2qfe\netlogon.dll
[2009/02/06 10:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll
[2006/02/28 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006/02/28 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: VIAMRAID.SYS >
[2004/05/18 00:55:26 | 00,074,112 | R--- | M] (VIA Technologies inc,.ltd) MD5=F199939205DCCC7836AE5AB8B5DD5E83 -- C:\WINDOWS\system32\drivers\viamraid.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 898 bytes -> C:\WINDOWS\System32\drivers\gzaazwfy.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\zywqrsbl.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\zkibwsss.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\yniyalxu.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\xmzptyeo.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\xfyzwhhr.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\xckxipvz.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\wtojamhj.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\vqpoqalt.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\uylcippk.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\uuxioldf.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\ugvoceug.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\tpppxqsj.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\tjcwbdza.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\svwbqrzk.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\sscqvren.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\semrgvbw.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\saxgqqtt.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\rufxzoni.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\rqhzghnj.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\qavtoymo.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\ommmmqie.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\nybdvmqu.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\nwqsnwrn.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\npjpniii.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\nlzrfvsf.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\mfowiiat.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\lvnfftsa.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\lfvbmggg.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\lcumjijl.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\kvgstrfo.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\kfsyytzj.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\jyjmgmfp.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\jrwqruuc.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\jmogstay.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\jmerskpc.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\jhiswqre.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\jatttnxl.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\itctbgav.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\iauagpyd.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\holtxlwm.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\hmeovhgn.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\gqagihzb.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\gdvqcqem.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\fkbhzdmc.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\fjfsenjp.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\fdtsajwe.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\fcvwleyi.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\eqfmiqdm.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\egwjpgel.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\efnhvklw.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\dwpsytan.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\ckjnjkrm.sys:changelist
@Alternate Data Stream - 586 bytes -> C:\WINDOWS\System32\drivers\bjpkacpl.sys:changelist
@Alternate Data Stream - 408 bytes -> C:\WINDOWS\System32\drivers\uqjyrtwd.sys:changelist
@Alternate Data Stream - 408 bytes -> C:\WINDOWS\System32\drivers\rpticmym.sys:changelist
@Alternate Data Stream - 376 bytes -> C:\WINDOWS\System32\drivers\honjrgzb.sys:changelist
@Alternate Data Stream - 1540 bytes -> C:\WINDOWS\System32\drivers\upterodx.sys:changelist
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B174FAE
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2947BEA
< End of report >

#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:18 AM

Posted 27 December 2009 - 06:38 PM

Can you tell me if you know what the following folder is for.

C:\Program Files\zztoy

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
    O30 - LSA: Security Packages - (EM) - File not found
    O30 - LSA: Security Packages - (ecurity Packages settings...) - File not found
    [2009/12/10 06:03:13 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nybdvmqu.sys
    [2009/12/10 05:52:20 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mfowiiat.sys
    [2009/12/10 05:41:23 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\efnhvklw.sys
    [2009/12/10 05:30:24 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ugvoceug.sys
    [2009/12/10 05:22:19 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gqagihzb.sys
    [2009/12/10 05:09:22 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sscqvren.sys
    [2009/12/10 04:58:25 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kfsyytzj.sys
    [2009/12/10 04:47:27 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hmeovhgn.sys
    [2009/12/10 04:37:22 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jmogstay.sys
    [2009/12/10 04:26:31 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jhiswqre.sys
    [2009/12/10 04:15:34 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\lfvbmggg.sys
    [2009/12/10 04:05:36 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\egwjpgel.sys
    [2009/12/10 03:54:26 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uuxioldf.sys
    [2009/12/10 03:44:26 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uylcippk.sys
    [2009/12/10 03:33:21 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\yniyalxu.sys
    [2009/12/10 03:22:25 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vqpoqalt.sys
    [2009/12/10 03:12:10 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jatttnxl.sys
    [2009/12/10 03:01:14 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fjfsenjp.sys
    [2009/12/10 02:50:16 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwqsnwrn.sys
    [2009/12/10 02:40:12 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\eqfmiqdm.sys
    [2009/12/10 02:29:08 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\zywqrsbl.sys
    [2009/12/10 02:21:46 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xckxipvz.sys
    [2009/12/10 02:08:14 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rqhzghnj.sys
    [2009/12/10 01:56:39 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\saxgqqtt.sys
    [2009/12/10 01:45:34 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nlzrfvsf.sys
    [2009/12/10 01:34:38 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rufxzoni.sys
    [2009/12/10 01:23:43 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jmerskpc.sys
    [2009/12/10 01:12:54 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\lvnfftsa.sys
    [2009/12/10 01:01:48 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bjpkacpl.sys
    [2009/12/10 00:50:49 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jyjmgmfp.sys
    [2009/12/10 00:40:45 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\holtxlwm.sys
    [2009/12/10 00:29:56 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\iauagpyd.sys
    [2009/12/10 00:20:00 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tjcwbdza.sys
    [2009/12/10 00:09:02 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\zkibwsss.sys
    [2009/12/10 00:02:02 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\qavtoymo.sys
    [2009/12/09 23:49:05 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jrwqruuc.sys
    [2009/12/09 23:38:54 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wtojamhj.sys
    [2009/12/09 23:28:49 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dwpsytan.sys
    [2009/12/09 23:17:51 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fkbhzdmc.sys
    [2009/12/09 23:07:50 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gdvqcqem.sys
    [2009/12/09 22:56:54 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\svwbqrzk.sys
    [2009/12/09 22:46:02 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xfyzwhhr.sys
    [2009/12/09 22:44:24 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ckjnjkrm.sys
    [2009/12/09 22:41:35 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fcvwleyi.sys
    [2009/12/09 22:40:28 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\semrgvbw.sys
    [2009/12/09 22:39:24 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\itctbgav.sys
    [2009/12/09 22:38:03 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ommmmqie.sys
    [2009/12/09 22:27:48 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\npjpniii.sys
    [2009/12/09 22:17:03 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kvgstrfo.sys
    [2009/12/09 22:06:49 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xmzptyeo.sys
    [2009/12/09 21:56:32 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\lcumjijl.sys
    [2009/12/09 21:46:04 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uqjyrtwd.sys
    [2009/12/09 21:45:44 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\upterodx.sys
    [2009/12/09 06:55:52 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gzaazwfy.sys
    [2009/12/09 06:49:54 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\honjrgzb.sys
    [2009/12/09 06:46:22 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rpticmym.sys
    [2009/12/09 06:45:13 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fdtsajwe.sys
    [2009/12/09 06:44:14 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tpppxqsj.sys
    [2009/12/10 05:09:21 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysB3168F5E
    [2009/12/10 04:58:24 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys15F69F6A
    [2009/12/10 04:47:26 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys29509752
    [2009/12/10 04:37:21 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys0609F256
    [2009/12/10 04:26:29 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys7406860C
    [2009/12/10 04:15:34 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys9F4BACD9
    [2009/12/10 04:05:35 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysD7A0DE3E
    [2009/12/10 03:54:25 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys73E096AD
    [2009/12/10 03:44:25 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys3ACED42A
    [2009/12/10 03:33:20 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys3605184E
    [2009/12/10 03:22:24 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys66910D76
    [2009/12/10 03:12:09 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys310516D8
    [2009/12/10 03:01:13 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys17407AD7
    [2009/12/10 02:50:15 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysFFB981D2
    [2009/12/10 02:40:11 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysBF3F24CE
    [2009/12/10 02:29:07 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysA2C7947B
    [2009/12/10 02:21:46 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys21F4FA02
    [2009/12/10 02:08:13 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysD53E454C
    [2009/12/10 01:56:38 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys35EEE713
    [2009/12/10 01:45:33 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysE31722DE
    [2009/12/10 01:34:37 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys295D693C
    [2009/12/10 01:23:42 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys8AB704B8
    [2009/12/10 01:12:53 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys3CB7D7DC
    [2009/12/10 01:01:47 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys62DC51E9
    [2009/12/10 00:50:48 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysF8616D3B
    [2009/12/10 00:40:44 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys68A350E2
    [2009/12/10 00:29:55 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys8C887F7A
    [2009/12/10 00:19:59 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysEE3F2B4D
    [2009/12/10 00:09:01 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysD1B43803
    [2009/12/10 00:02:01 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys6417CF80
    [2009/12/09 23:49:04 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys249DA68F
    [2009/12/09 23:38:53 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys637CD27B
    [2009/12/09 23:28:48 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysDBB56AB4
    [2009/12/09 23:17:50 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysB15493F8
    [2009/12/09 23:07:49 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys3883EEA7
    [2009/12/09 22:56:53 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys05D043ED
    [2009/12/09 22:46:01 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys8FE594A7
    [2009/12/09 22:44:23 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys7F0DC4E7
    [2009/12/09 22:41:34 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys7CB3A67D
    [2009/12/09 22:40:27 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys2DF29414
    [2009/12/09 22:39:23 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys0D889A53
    [2009/12/09 22:38:03 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysFEC2F9C5
    [2009/12/09 22:27:47 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys53C0B60C
    [2009/12/09 22:17:02 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys731182B5
    [2009/12/09 22:06:48 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys9E855D2D
    [2009/12/09 21:56:32 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysDE713294
    [2009/12/09 21:45:43 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys32403C88
    [2009/12/09 06:55:52 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys9828723F
    [2009/12/09 06:45:13 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys413FF5D5
    [2009/12/09 06:44:13 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys040FAA64
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users