Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please analyze my logs


  • This topic is locked This topic is locked
9 replies to this topic

#1 Crowbar

Crowbar

  • Security Colleague
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:40 PM

Posted 22 December 2009 - 03:46 PM

Story:
Boss got his computer infected. I attempted a cleanup and believe it was effective. I defer to the experts, as I am but an hack at this, although I have had some success fighting the bad guys. Computer was crashing constantly, so I formatted the drive and loaded a backup from before the problems got really bad.
The BSOD's (stop 0x7b) we were getting were coming from master boot record issues, this is why I re-formatted, fixmbr was of no help.
I did the cleanup with malwarebytes and superantispyware after the backup was restored. But I ramble.... Oh yea, I did install spywareblaster on this machine today, to help keep him out of more trouble.

We would like to know if we killed the devil in this machine, help is appreciated in advance.

dds log -

DDS (Ver_09-12-01.01) - NTFSx86
Run by fayiz at 15:30:06.01 on Tue 12/22/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.384 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Fayiz Old_3\WFXMOD32.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wfxsnt40.exe
C:\FAYIZO~2\WFXSWTCH.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\System32\igfxtray.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Fayiz Old_3\WFXCTL32.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\TEMP\RootRepeal.exe
C:\TEMP\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.earthlink.net/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat

8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [WinFaxAppPortStarter] wfxsnt40.exe
mRun: [WFXSwtch] c:\fayizo~2\WFXSWTCH.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [PDF4 Registry Controller] "c:\fayiz old_3\program files\\RegistryController.exe"
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [Opware15] "c:\program files\scansoft\omnipage15.0\Opware15.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
dRunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\contro~1.lnk - c:\fayiz old_3\WFXCTL32.EXE
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open with ScanSoft PDF Converter 4.0 - c:\fayiz old_3\program files\cnvres_eng.dll /100
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\fayiz old_3\program files\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} -

hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} - hxxp://cetek01/connectcomputer/nshelp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {3821FB52-12AA-4637-B169-7A21FE976E8F} = 192.168.55.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: WinFax PRO IShellExecuteHook: {a213b520-c6c2-11d0-af9d-008029e1027e} - c:\fayiz old_3\WfxSeh32.Dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\fayiz~1.cet\applic~1\mozilla\firefox\profiles\63cryl9s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-10 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-2-12 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-18 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-18 285392]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2003-3-31 14336]

=============== Created Last 30 ================

2009-12-22 20:19:58 0 ----a-w- c:\temp\settings.dat
2009-12-22 20:19:48 472064 ----a-w- c:\temp\RootRepeal.exe
2009-12-22 19:42:21 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-12-22 19:42:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-22 19:39:15 0 d-----w- c:\program files\javara
2009-12-22 19:38:46 71798 ----a-w- c:\temp\JavaRa.zip
2009-12-22 19:14:26 0 d-----w- c:\program files\SpywareBlaster
2009-12-22 19:13:47 3012768 ----a-w- c:\temp\spywareblaster.exe
2009-12-22 14:46:05 293376 ----a-w- c:\temp\gmer.exe
2009-12-22 14:44:23 0 d-----w- c:\temp\logs for bleeping computer
2009-12-21 19:50:42 0 d-sha-r- C:\cmdcons
2009-12-21 17:32:58 316640 ----a-w- c:\windows\WMSysPr9.prx
2009-12-21 17:00:59 67866 ------w- c:\windows\system32\drivers\netwlan5.img
2009-12-21 17:00:59 64352 ------w- c:\windows\system32\drivers\ativmc20.cod
2009-12-21 17:00:59 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2009-12-21 17:00:59 129045 ------w- c:\windows\system32\drivers\cxthsfs2.cty
2009-12-21 17:00:59 11868 ------w- c:\windows\system32\drivers\mdmxsdk.sys
2009-12-21 17:00:58 2897920 ----a-w- c:\windows\system32\xpsp2res.dll
2009-12-21 17:00:58 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-12-21 17:00:36 19569 ----a-w- c:\windows\002571_.tmp
2009-12-21 17:00:14 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-12-21 16:49:20 8192 ----a-w- c:\windows\REGLOCS.OLD
2009-12-21 16:47:59 57398 -c--a-w- c:\windows\system32\dllcache\imjpdadm.exe
2009-12-21 16:46:18 488 ---ha-r- c:\windows\system32\WindowsLogon.manifest
2009-12-21 16:46:18 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2009-12-21 16:46:14 749 ---ha-r- c:\windows\WindowsShell.Manifest
2009-12-21 16:46:14 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2009-12-21 16:46:14 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2009-12-21 16:46:14 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2009-12-21 16:46:14 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2009-12-21 16:46:14 749 ---ha-r- c:\windows\system32\cdplayer.exe.manifest
2009-12-21 16:43:59 625664 ----a-w- c:\windows\system32\catsrvut.dll
2009-12-21 11:37:23 261 ----a-w- c:\windows\system32\$winnt$.inf
2009-12-16 18:27:31 77312 ----a-w- c:\windows\MBR.exe
2009-12-16 16:08:32 116224 -c----w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-12-16 16:08:31 27648 -c----w- c:\windows\system32\dllcache\xrxftplt.exe
2009-12-16 16:08:31 23040 -c----w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-12-16 16:08:31 18944 -c----w- c:\windows\system32\dllcache\xrxscnui.dll
2009-12-16 16:08:30 4608 -c----w- c:\windows\system32\dllcache\xrxflnch.exe
2009-12-16 16:08:15 99865 -c----w- c:\windows\system32\dllcache\xlog.exe
2009-12-16 16:08:15 28288 -c----w- c:\windows\system32\dllcache\xjis.nls
2009-12-16 16:08:14 16970 -c----w- c:\windows\system32\dllcache\xem336n5.sys
2009-12-16 16:08:13 19455 -c----w- c:\windows\system32\dllcache\wvchntxx.sys
2009-12-16 16:08:10 12063 -c----w- c:\windows\system32\dllcache\wsiintxx.sys
2009-12-16 16:08:09 8192 -c----w- c:\windows\system32\dllcache\wshirda.dll
2009-12-16 16:06:59 82944 -c----w- c:\windows\system32\dllcache\tp4mon.exe
2009-12-16 16:05:59 32768 -c----w- c:\windows\system32\dllcache\sisnic.sys
2009-12-16 16:04:59 83748 -c----w- c:\windows\system32\dllcache\prcp.nls
2009-12-16 15:59:54 9344 -c----w- c:\windows\system32\dllcache\ntapm.sys
2009-12-16 15:58:58 6528 -c----w- c:\windows\system32\dllcache\miniqic.sys
2009-12-16 15:58:55 320384 -c----w- c:\windows\system32\dllcache\mgaum.sys
2009-12-16 15:58:54 235648 -c----w- c:\windows\system32\dllcache\mgaud.dll
2009-12-16 15:58:53 26112 -c----w- c:\windows\system32\dllcache\memstpci.sys
2009-12-16 15:58:52 8320 -c----w- c:\windows\system32\dllcache\memcard.sys
2009-12-16 15:58:52 47616 -c----w- c:\windows\system32\dllcache\memgrp.dll
2009-12-16 15:58:51 164586 -c----w- c:\windows\system32\dllcache\mdgndis5.sys
2009-12-16 15:58:49 7424 -c----w- c:\windows\system32\dllcache\mammoth.sys
2009-12-16 15:55:58 90200 -c----w- c:\windows\system32\dllcache\io8ports.dll
2009-12-16 15:54:59 82304 -c----w- c:\windows\system32\dllcache\grclass.sys
2009-12-16 15:53:59 28062 -c----w- c:\windows\system32\dllcache\dp83820.sys
2009-12-16 15:52:59 20736 -c----w- c:\windows\system32\dllcache\cmbp0wdm.sys
2009-12-16 15:51:59 54271 -c----w- c:\windows\system32\dllcache\bcm42xx5.sys
2009-12-16 15:47:58 101888 -c----w- c:\windows\system32\dllcache\adpu160m.sys
2009-12-15 17:37:48 0 d-----w- c:\program files\GMER
2009-12-15 16:42:10 284915 ------w- c:\temp\gmer.zip
2009-12-15 16:41:23 524288 ------w- c:\temp\dds.scr
2009-12-14 16:49:08 98816 ----a-w- c:\windows\sed.exe
2009-12-14 16:49:08 261632 ----a-w- c:\windows\PEV.exe
2009-12-14 16:49:08 161792 ----a-w- c:\windows\SWREG.exe
2009-12-09 22:24:53 3252 ------w- c:\windows\system32\wbem\Outlook_01ca791e6dc239d8.mof
2009-12-01 18:33:41 0 d-----w- c:\program files\atf cleaner

==================== Find3M ====================

2009-12-21 16:44:47 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-03 21:14:06 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13:56 19160 ------w- c:\windows\system32\drivers\mbam.sys
2009-11-18 15:02:56 333192 ------w- c:\windows\system32\drivers\avgldx86.sys
2009-11-18 15:02:49 12464 ------w- c:\windows\system32\avgrsstx.dll
2009-11-18 15:02:40 360584 ------w- c:\windows\system32\drivers\avgtdix.sys
2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:45:38 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-19 18:06:40 223232 ------w- c:\windows\system32\wksprt.exe
2009-10-19 18:06:38 46080 ------w- c:\windows\system32\TSWbPrxy.exe
2009-10-19 18:06:38 36864 ------w- c:\windows\system32\tsgqec.dll
2009-10-19 18:06:38 12800 ------w- c:\windows\system32\wksprtPS.dll
2009-10-19 18:06:38 1033728 ----a-w- c:\windows\system32\mstsc.exe
2009-10-19 18:06:36 2689024 ----a-w- c:\windows\system32\mstscax.dll
2009-10-19 18:06:34 44544 ------w- c:\windows\system32\MsRdpWebAccess.dll
2009-10-19 18:06:34 130560 ------w- c:\windows\system32\aaclient.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-09 21:23:10 1107456 ------w- c:\windows\system32\WsmSvc.dll
2009-10-09 21:23:08 178176 ------w- c:\windows\system32\wevtfwd.dll
2009-10-09 21:22:58 368640 ------w- c:\windows\system32\WsmRes.dll
2009-10-09 21:22:56 69632 ------w- c:\windows\system32\winrs.exe
2009-10-09 21:22:52 42496 ------w- c:\windows\system32\pwrshplugin.dll
2009-10-09 19:56:20 209408 ------w- c:\windows\system32\WsmWmiPl.dll
2009-10-09 19:56:18 14848 ------w- c:\windows\system32\wsmprovhost.exe
2009-10-09 19:56:16 22528 ------w- c:\windows\system32\winrshost.exe
2009-10-09 19:56:14 25088 ------w- c:\windows\system32\winrmprov.dll
2009-10-09 19:56:10 12288 ------w- c:\windows\system32\wsmplpxy.dll
2009-10-09 19:56:08 2048 ------w- c:\windows\system32\winrsmgr.dll
2009-10-09 19:56:06 233984 ------w- c:\windows\system32\winrscmd.dll
2009-10-09 19:56:04 225280 ------w- c:\windows\system32\wsmanhttpconfig.exe
2009-10-09 19:56:04 12288 ------w- c:\windows\system32\winrssrv.dll
2009-10-09 19:56:02 139776 ------w- c:\windows\system32\WsmAuto.dll
2009-10-08 18:57:02 611328 ------w- c:\windows\system32\uiautomationcore.dll
2009-10-08 18:57:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 18:56:56 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2005-12-01 06:59:05 554167 -c----w- c:\program files\WFXUNIST.ISU
2003-12-20 20:21:36 65536 -c----w- c:\windows\inf\i386\StbXpExt.dll
2003-12-19 01:11:48 49152 -c----w- c:\windows\inf\i386\DriverPnPInstall.exe
2003-12-19 00:21:00 13824 -c----w- c:\windows\inf\i386\Stbxpins.dll
2003-12-14 07:04:16 57344 -c----w- c:\windows\inf\i386\StbxpC9x.exe
2003-12-14 07:02:06 57344 -c----w- c:\windows\inf\i386\StbxpCfg.exe
2003-12-14 06:07:08 155648 -c----w- c:\windows\inf\i386\Stbxp200.dll
2003-12-14 06:05:04 20480 -c----w- c:\windows\inf\i386\Stbxpint.dll
2003-12-14 06:01:12 61440 -c----w- c:\windows\inf\i386\Stbxpdrv.dll
2002-01-05 08:37:26 344064 -c----w- c:\windows\inf\i386\msvcr70.dll
2001-09-10 18:35:12 15905 -c----w- c:\program files\README.TXT
2001-09-08 10:03:38 98304 -c----w- c:\program files\WFXUHOOK.EXE
2001-09-06 17:32:00 1130314 -c----r- c:\program files\WINFAX.HLP
2001-09-04 18:09:48 2996 -c----r- c:\program files\WFCVR32.CNT
2001-09-04 18:08:30 1276 -c----r- c:\program files\WFQVW32.CNT
2001-09-04 18:07:20 3415 -c----r- c:\program files\WFVW32.CNT
2001-08-30 13:06:38 3216 -c----r- c:\program files\WINFAX.CNT
2001-08-29 15:41:02 409 -c----r- c:\program files\CUnInstl.iss
2001-08-21 20:21:14 401760 -c----w- c:\program files\WINTDIST.EXE
2001-08-08 16:04:32 486 -c----w- c:\program files\SETUP.INF
2001-08-08 16:02:08 761 -c----w- c:\program files\ABOUT.CFG
2001-08-08 15:21:31 86016 -c----r- c:\program files\WFABTEXT.DLL
2001-08-08 14:36:56 18340 -c----r- c:\program files\SUPPORT.HLP
2001-08-08 14:29:54 1129 -c----r- c:\program files\SUPPORT.cnt
2001-08-08 10:46:56 28636 -c----r- c:\program files\WFXPACT4.HLP
2001-08-08 10:46:56 24893 -c----r- c:\program files\WFXPGM4S.HLP
2001-08-08 10:46:56 23888 -c----r- c:\program files\WFXPORG3.HLP
2001-08-08 10:46:56 20539 -c----r- c:\program files\WFXHAL.HLP
2001-08-08 10:46:56 15814 -c----r- c:\program files\symdiag.hlp
2001-08-07 17:57:52 9357 -c----w- c:\program files\license.txt
2001-08-02 00:34:20 90112 -c----w- c:\program files\WTNUHOOK.EXE
2001-08-02 00:19:12 248 -c----w- c:\program files\REGDATA.PRD
2001-07-26 12:24:38 1486106 -c----w- c:\program files\LUSETUP.EXE
2001-07-25 23:56:22 14264 -c----w- c:\program files\ABOUT.BMP
2001-07-16 22:42:00 55224 -c----w- c:\program files\LOGO.BMP
2001-07-16 22:42:00 166580 -c----w- c:\program files\SPLASH.BMP
2000-09-29 04:49:20 31228 -c----w- c:\program files\WFXCTL32.TLB
2000-09-29 04:46:32 2532 -c----w- c:\program files\WFXIPSRV.TLB
2000-09-29 04:39:18 45056 -c----w- c:\program files\WPPHOST.WPI
2000-09-29 04:38:44 3384 -c----w- c:\program files\CAPICHKR.TLB
2000-09-28 17:58:28 248 -c----w- c:\program files\PROREG.PRD
2000-09-20 16:25:12 745 -c----w- c:\program files\PROABOUT.CFG
2000-09-18 22:12:10 235 -c----w- c:\program files\PROSETUP.INF
2000-02-10 20:55:08 243680 -c----w- c:\program files\WFQVW32.HLP
2000-02-09 22:05:54 15533 -c----w- c:\program files\CAPIINFO.DB
2000-02-09 20:38:42 6049 -c----w- c:\program files\WFXTIPS.TXT
2000-02-07 18:32:46 11893 -c----w- c:\program files\PROSUPPT.HLP
2000-02-07 18:20:34 80214 -c----w- c:\program files\WFVW32.HLP
2000-02-07 18:20:08 80235 -c----w- c:\program files\WFCVR32.HLP
2000-02-05 14:55:08 59340 -c----w- c:\program files\OutgoingType.rpt
2000-02-05 14:53:18 58959 -c----w- c:\program files\OutgoingRecipient.rpt
2000-02-05 14:52:04 58805 -c----w- c:\program files\OutgoingDate.rpt
2000-02-05 14:51:14 58958 -c----w- c:\program files\OutgoingCompany.rpt
2000-02-05 14:51:10 58836 -c----w- c:\program files\OutgoingDialedNumb.rpt
2000-02-01 20:01:06 4710 -c----w- c:\program files\DRAGDROP.ICO
2000-01-26 22:00:02 967 -c----w- c:\program files\WFXDEL.PIF
2000-01-26 01:07:16 2130 -c----w- c:\program files\SEWELCOM.TXT
2000-01-24 13:25:00 166580 -c----w- c:\program files\PROSPLSH.BMP
2000-01-23 19:55:38 9 -c----w- c:\program files\rpt.rpt
2000-01-17 17:48:00 48303 -c----w- c:\program files\IncomingType.rpt
2000-01-17 17:38:34 48352 -c----w- c:\program files\IncomingMbox.rpt

============= FINISH: 15:30:26.28 ===============

root repeal log - ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/22 15:20
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA8A07000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A3C000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA794D000 Size: 49152 File Visible: No Signed: -
Status: -

Name: uphcleanhlp.sys
Image Path: C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
Address: 0xA88AF000 Size: 8960 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\$avg\$chjw\7feddf07-8a3d-4b8f-b6aa-09e8447c60bc
Status: Size mismatch (API: 1824140, Raw: 1723400)

Path: c:\$avg\$chjw\80e029be-a33c-469a-b8c0-322b3e3e0aef
Status: Size mismatch (API: 2396624, Raw: 2329464)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Cookies\fayiz@bleepingcomputer[1].txt
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Cookies\fayiz@www.bleepingcomputer[2].txt
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Cookies\fayiz@intellitxt[1].txt
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Cookies\fayiz@intellitxt[3].txt
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Cookies\fayiz@www.bleepingcomputer[3].txt
Status: Visible to the Windows API, but not on disk.

Path: c:\documents and settings\fayiz.cetek-5x8j0qp22\local settings\temp\~df9b97.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\fayiz.cetek-5x8j0qp22\local settings\temp\~dfc2d4.tmp
Status: Allocation size mismatch (API: 262144, Raw: 16384)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\4YTZ3ETG\pingCASHXKL6.js
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\4YTZ3ETG\ping[10].js
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\4YTZ3ETG\ping[11].js
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\4YTZ3ETG\but_visurl[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\4YTZ3ETG\dds-attach-file[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\4YTZ3ETG\5-sm[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\4YTZ3ETG\topic41975[1].html
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\4YTZ3ETG\topic41987[2].html
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\4YTZ3ETG\adsCA3FRHOP.htm
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\4YTZ3ETG\adsCATE6IKW.htm
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\4YTZ3ETG\adsCAVZ21U2.htm
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\4YTZ3ETG\bt_close_off[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\4YTZ3ETG\al[1].asp
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\4YTZ3ETG\firewall[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\4YTZ3ETG\json[1].aspx
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\4YTZ3ETG\livesearch_source[1].htm
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\4YTZ3ETG\shadow_b[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\4YTZ3ETG\vundo[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\4YTZ3ETG\2-sm[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\4YTZ3ETG\4-sm[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\4YTZ3ETG\rbot[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\56C9I04U\icon2[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\56C9I04U\rr-savedesktop[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\56C9I04U\run-confirm[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\56C9I04U\topics;kw=;tile=1;sz=300x250,336x280;ord=6012058493227441[1]
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\56C9I04U\topics_bottom;kw=;tile=2;sz=300x250,336x280;ord=2735235011426871[1]
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\56C9I04U\av-3[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\56C9I04U\beaconCA7M4TKF.js
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\56C9I04U\beacon[10].js
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\56C9I04U\beacon[11].js
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\56C9I04U\7-sm[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\56C9I04U\forum22[2].htm
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\56C9I04U\adsCACNQ4BV.htm
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\56C9I04U\adsCAX2LUIR.htm
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\56C9I04U\bkg_search[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\56C9I04U\3-sm[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\56C9I04U\download-rootrepeal[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\56C9I04U\topics_bottom;kw=;tile=2;sz=300x250,336x280;ord=6012058493227441[1]
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\56C9I04U\al[4].asp
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\56C9I04U\livesearch_script[1].js
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\56C9I04U\shadow_tl[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\56C9I04U\8_1261513362,115da916960d7a8,ce_mobile_blackberry,;;kw=;tile=2;ord1=353001;sz=300x250,336x280;contx=ce_mobile_blackberry;btg=;ord=2735235011426871[1]
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\56C9I04U\index[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\56C9I04U\dds-attach[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\56C9I04U\dds-information[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\56C9I04U\dds-log[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\56C9I04U\front[1].asp
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\56C9I04U\searching[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\OLWAPQ1Y\0_1261513285,115da916960d7a8,ce_mobile_blackberry,;;kw=;tile=2;ord1=886972;sz=300x250,336x280;contx=ce_mobile_blackberry;btg=;ord=4800157445899008[1]
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\OLWAPQ1Y\icon[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\OLWAPQ1Y\dds-savebox[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\OLWAPQ1Y\59_1261513326,115da916960d7a8,ce_mobile_blackberry,;;kw=;tile=1;ord1=21490;sz=300x250,336x280;contx=ce_mobile_blackberry;btg=;ord=6012058493227441[1]
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\OLWAPQ1Y\save-desktop[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\OLWAPQ1Y\al[7].asp
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\OLWAPQ1Y\4_1261513361,115da916960d7a8,ce_mobile_blackberry,;;kw=;tile=1;ord1=284408;sz=300x250,336x280;contx=ce_mobile_blackberry;btg=;ord=2735235011426871[1]
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\OLWAPQ1Y\topic34773[1].htm
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\OLWAPQ1Y\topic41975[1].htm
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\OLWAPQ1Y\sh_305x200[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\OLWAPQ1Y\topic-message[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\OLWAPQ1Y\spacer[2].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\OLWAPQ1Y\spacer[3].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\OLWAPQ1Y\arrow_down[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\OLWAPQ1Y\adsCAB7IUZ8.htm
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\OLWAPQ1Y\p[3].txt
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\OLWAPQ1Y\choose-file[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\OLWAPQ1Y\bkg_navglare[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\OLWAPQ1Y\6_1261513327,115da916960d7a8,ce_mobile_blackberry,;;kw=;tile=2;ord1=971865;sz=300x250,336x280;contx=ce_mobile_blackberry;btg=;ord=6012058493227441[1]
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\OLWAPQ1Y\9-sm[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\TDN8MAAA\1-sm[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\TDN8MAAA\bt_what_off[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\TDN8MAAA\adsCA5XS9M1.htm
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\TDN8MAAA\dalert[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\TDN8MAAA\dds-savedesktop[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\TDN8MAAA\rootrepeal-icon[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\TDN8MAAA\rootrepeal-report[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\TDN8MAAA\rootrepeal[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\TDN8MAAA\al[3].asp
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\TDN8MAAA\topics_bottom;kw=;tile=2;sz=300x250,336x280;ord=4800157445899008[1]
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\TDN8MAAA\ping[9].js
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\TDN8MAAA\ifr[1].htm
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\TDN8MAAA\6-sm[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\TDN8MAAA\adsCALC8HR0.htm
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\TDN8MAAA\adsCAZ75VJY.htm
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\TDN8MAAA\topic34773[1].html
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\TDN8MAAA\topic34773[2].html
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\TDN8MAAA\topic41975[1].html
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\TDN8MAAA\scan[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\TDN8MAAA\logo_va[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\TDN8MAAA\ping[10].js
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\TDN8MAAA\shadow_l[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\TDN8MAAA\shadow_t[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Temporary Internet Files\Content.IE5\TDN8MAAA\8-sm[1].gif
Status: Could not get file information (Error 0xc0000008)

SSDT
-------------------
#: 263 Function Name: NtUnloadKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\uphcleanhlp.sys" at address 0xa88af6d0

==EOF==

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:40 AM

Posted 04 January 2010 - 11:46 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Crowbar

Crowbar
  • Topic Starter

  • Security Colleague
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:40 PM

Posted 04 January 2010 - 12:47 PM

Thank you for getting to me, I have been waiting patiently. I see that there are many more problems than people to solve them.

As I said in the original post, computer had a boot sector virus, and was causing the computer to go BSOD on me. I restored the backup from the day before and scanned with malware bytes, superantispyware, and combo fix. I know you guys here don't like us to use combofix, but I make daily backups, so if there were an issue caused by combofix, I would just reload the backup. I am a very firm believer in lots of verified backups!

I did have an issue with the computer name - I horked it up when I reloaded the backup, and had to rename it to join it back to the network, but otherwise I have done no other attempts at cleaning any malware.
Here are the requested log files:
OTR.TXT
OTL logfile created on: 1/4/2010 11:56:21 AM - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 293.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 153.38 Gb Total Space | 119.61 Gb Free Space | 77.98% Space Free | Partition Type: NTFS
Drive D: | 153.38 Gb Total Space | 153.19 Gb Free Space | 99.88% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 9.23 Gb Free Space | 3.96% Space Free | Partition Type: NTFS
Drive G: | 435.68 Gb Total Space | 277.37 Gb Free Space | 63.66% Space Free | Partition Type: NTFS
Drive H: | 435.68 Gb Total Space | 277.37 Gb Free Space | 63.66% Space Free | Partition Type: NTFS
Drive I: | 435.68 Gb Total Space | 277.37 Gb Free Space | 63.66% Space Free | Partition Type: NTFS
Drive J: | 435.68 Gb Total Space | 277.37 Gb Free Space | 63.66% Space Free | Partition Type: NTFS

Computer Name: FAX
Current User Name: Fayiz
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/04 11:55:04 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Desktop\OTL.exe
PRC - [2010/01/01 09:40:59 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/12/22 14:42:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/12/22 14:42:10 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/12/12 08:11:00 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/12/12 08:10:59 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/11/18 10:02:47 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/18 10:02:45 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/18 10:02:39 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/06/10 14:56:31 | 01,406,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2008/04/14 04:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/07 07:38:26 | 00,868,352 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\PaprPort.exe
PRC - [2006/02/07 06:35:20 | 00,180,224 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\ppscanmg.exe
PRC - [2006/02/07 06:33:56 | 00,188,416 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\ssindexr.exe
PRC - [2006/02/07 06:33:44 | 00,036,864 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2006/02/07 06:33:42 | 00,090,112 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\ppocrmg.exe
PRC - [2006/02/07 06:31:06 | 00,102,400 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pplinks.exe
PRC - [2006/02/07 06:27:28 | 00,180,224 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\ppprint.exe
PRC - [2006/02/03 03:23:04 | 00,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPage15.0\OpWare15.exe
PRC - [2005/04/27 13:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2004/09/24 05:06:46 | 02,559,488 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2004/09/23 06:27:18 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/08/04 16:41:00 | 00,526,224 | ---- | M] (Mozilla, Netscape) -- C:\Program Files\Netscape\Netscape\Netscp.exe
PRC - [2004/06/05 22:45:36 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2004/06/05 22:41:34 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2003/03/31 07:00:00 | 00,114,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\calc.exe
PRC - [2001/09/10 15:03:56 | 00,027,648 | ---- | M] () -- C:\Fayiz Old_3\WFXSWTCH.exe
PRC - [2001/09/10 15:03:55 | 00,549,376 | R--- | M] () -- C:\Fayiz Old_3\WFXCTL32.EXE
PRC - [2001/09/10 15:03:55 | 00,541,184 | R--- | M] (Symantec Corporation) -- C:\Fayiz Old_3\WFXMOD32.EXE
PRC - [2001/09/10 15:03:55 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WFXSNT40.EXE
PRC - [2001/09/10 15:03:53 | 00,839,680 | R--- | M] (Symantec Corporation) -- C:\Fayiz Old_3\FAXMNG32.EXE
PRC - [2000/09/28 23:58:42 | 00,129,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\WFXSVC.EXE


========== Modules (SafeList) ==========

MOD - [2010/01/04 11:55:04 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Desktop\OTL.exe
MOD - [2006/02/03 03:23:12 | 00,135,168 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPage15.0\OpHook15.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/22 14:42:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/18 10:02:39 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/01/26 15:46:54 | 00,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2007/04/03 17:09:35 | 00,136,952 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2007/03/26 10:23:34 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/04/27 13:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/05/02 15:00:36 | 00,032,768 | ---- | M] (Acesoft) [On_Demand | Stopped] -- C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe -- (Autocomplete)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2000/09/28 23:58:42 | 00,129,536 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\WINDOWS\system32\WFXSVC.EXE -- (wfxsvc)


========== Driver Services (SafeList) ==========

DRV - [2009/11/18 10:02:59 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/11/18 10:02:56 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/18 10:02:40 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/09/15 11:42:48 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/15 11:42:46 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/15 11:42:44 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/06/10 15:04:26 | 00,031,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\point32.sys -- (Point32)
DRV - [2008/04/13 22:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 22:06:06 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/09/27 16:53:22 | 00,036,560 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/11/30 16:56:23 | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2005/04/07 16:18:34 | 00,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2004/12/17 17:14:44 | 00,013,952 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2004/09/24 05:14:40 | 02,276,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/06/06 22:43:52 | 00,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel ®
DRV - [2004/06/05 23:09:10 | 00,730,653 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2004/03/17 15:10:40 | 00,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/02/10 01:49:14 | 00,154,112 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2003/03/31 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2003/03/31 07:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2002/12/23 09:36:44 | 00,607,232 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MA111nd5.sys -- (WLAN_USB)
DRV - [2001/04/19 19:27:44 | 00,016,292 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\NETGEAR\MA111 Configuration Utility\PCANDIS5.SYS -- (PCANDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3969987740-3737111307-4009118071-1148\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-3969987740-3737111307-4009118071-1148\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-3969987740-3737111307-4009118071-1148\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/
IE - HKU\S-1-5-21-3969987740-3737111307-4009118071-1148\S-1-5-21-3969987740-3737111307-4009118071-1148\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/21 13:12:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/28 09:39:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/28 09:39:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.02\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2009/12/28 09:39:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.02\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2009/12/28 09:39:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2009/12/28 09:39:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2009/12/28 09:39:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.1.2.0\Extensions\\Components: C:\Fayiz Old_3\Program Files\Netscape Browser\Components [2009/12/28 09:39:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.1.2.0\Extensions\\Plugins: C:\Fayiz Old_3\Program Files\Netscape Browser\Plugins [2009/12/28 09:39:21 | 00,000,000 | ---D | M]

[2009/12/21 12:38:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Application Data\Mozilla\Firefox\Profiles\63cryl9s.default\extensions
[2009/12/21 12:38:18 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Application Data\Mozilla\Firefox\Profiles\63cryl9s.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/21 12:38:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Application Data\Mozilla\Firefox\Profiles\63cryl9s.default\extensions\staged-xpis
[2009/12/22 14:42:24 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/21 13:13:43 | 00,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/12/21 13:13:43 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com
[2009/12/21 13:13:45 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2006/12/12 22:12:30 | 00,066,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2006/12/12 22:12:31 | 00,054,352 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2006/12/12 22:12:32 | 00,034,928 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2006/12/12 22:12:33 | 00,046,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2006/12/12 22:12:34 | 00,172,120 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2008/12/16 00:53:30 | 00,155,648 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll
[2006/01/02 11:15:46 | 01,312,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3969987740-3737111307-4009118071-1148\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3969987740-3737111307-4009118071-1148\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3969987740-3737111307-4009118071-1148\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Opware15] C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PDF4 Registry Controller] C:\Fayiz Old_3\Program Files\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WFXSwtch] c:\Fayiz Old_3\WFXSWTCH.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinFaxAppPortStarter] C:\WINDOWS\System32\WFXSNT40.EXE (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [TSClientAXDisabler] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [TSClientMSIUninstaller] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [TSClientAXDisabler] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [TSClientMSIUninstaller] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Controller.LNK = C:\Fayiz Old_3\WFXCTL32.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3969987740-3737111307-4009118071-1148\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3969987740-3737111307-4009118071-1148\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3969987740-3737111307-4009118071-1148\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3969987740-3737111307-4009118071-1148\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3969987740-3737111307-4009118071-1148_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - C:\Fayiz Old_3\Program Files\cnvres_eng.dll ()
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Fayiz Old_3\Program Files\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Fayiz Old_3\Program Files\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 84 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 84 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 84 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 84 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3969987740-3737111307-4009118071-1148\..Trusted Domains: 82 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} http://cetek01/connectcomputer/nshelp.dll (NSHelp Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Create & Print ActiveX Plug-in)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.168.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Cetek.local
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - c:\Fayiz Old_3\WFXSEH32.DLL (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/21 11:47:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/11/30 17:16:04 | 00,002,063 | ---- | M] () - C:\AutoSetup.log -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/04 11:54:58 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Desktop\OTL.exe
[2009/12/30 09:39:17 | 00,000,000 | ---D | C] -- C:\Program Files\GraphiCode
[2009/12/22 14:42:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/12/22 14:42:21 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/12/22 14:42:21 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/12/22 14:42:21 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/12/22 14:41:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Application Data\Sun
[2009/12/22 14:39:15 | 00,000,000 | ---D | C] -- C:\Program Files\javara
[2009/12/22 14:35:53 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/12/22 14:14:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2009/12/22 14:14:26 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/12/22 09:40:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NOS
[2009/12/21 15:07:47 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/12/21 14:59:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/12/21 14:50:42 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/12/21 12:02:27 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2009/12/21 12:02:27 | 00,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2009/12/21 12:02:27 | 00,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2009/12/21 12:02:23 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2009/12/21 12:02:22 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2009/12/21 12:02:22 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2009/12/21 12:02:21 | 00,848,384 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ir41_32.ax
[2009/12/21 12:02:21 | 00,755,200 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ir50_32.dll
[2009/12/21 12:02:21 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2009/12/21 12:02:21 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2009/12/21 12:02:21 | 00,338,432 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ir41_qcx.dll
[2009/12/21 12:02:21 | 00,200,192 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ir50_qc.dll
[2009/12/21 12:02:21 | 00,199,680 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iac25_32.ax
[2009/12/21 12:02:21 | 00,183,808 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ir50_qcx.dll
[2009/12/21 12:02:21 | 00,154,624 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ivfsrc.ax
[2009/12/21 12:02:21 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2009/12/21 12:02:21 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2009/12/21 12:02:21 | 00,120,320 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ir41_qc.dll
[2009/12/21 12:02:21 | 00,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2009/12/21 12:02:21 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2009/12/21 12:02:21 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2009/12/21 12:02:21 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2009/12/21 12:02:21 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2009/12/21 12:02:21 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2009/12/21 12:02:20 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2009/12/21 12:02:20 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2009/12/21 12:02:20 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2009/12/21 12:02:20 | 00,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2009/12/21 12:02:20 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2009/12/21 12:02:20 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
[2009/12/21 12:00:59 | 00,144,384 | ---- | C] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\hdaudbus.sys
[2009/12/21 12:00:59 | 00,011,868 | ---- | C] (Conexant) -- C:\WINDOWS\System32\drivers\mdmxsdk.sys
[2009/12/21 12:00:58 | 02,897,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp2res.dll
[2009/12/21 12:00:36 | 00,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/12/21 12:00:14 | 00,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2009/12/21 11:48:31 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2009/12/21 11:48:31 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2009/12/21 11:48:31 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2009/12/21 11:48:30 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2009/12/21 11:48:30 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2009/12/21 11:48:30 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2009/12/21 11:48:29 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2009/12/21 11:48:29 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2009/12/21 11:48:28 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2009/12/21 11:48:27 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2009/12/21 11:48:26 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2009/12/21 11:48:26 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2009/12/21 11:48:26 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2009/12/21 11:48:25 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2009/12/21 11:48:25 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2009/12/21 11:48:24 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2009/12/21 11:48:24 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2009/12/21 11:48:23 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2009/12/21 11:48:23 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2009/12/21 11:48:23 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpapi.dll
[2009/12/21 11:48:23 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2009/12/21 11:48:23 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2009/12/21 11:48:22 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2009/12/21 11:48:22 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2009/12/21 11:48:22 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2009/12/21 11:48:22 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2009/12/21 11:48:22 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2009/12/21 11:48:22 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2009/12/21 11:48:22 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2009/12/21 11:48:22 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2009/12/21 11:48:22 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2009/12/21 11:48:22 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2009/12/21 11:48:22 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2009/12/21 11:48:22 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2009/12/21 11:48:22 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2009/12/21 11:48:21 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2009/12/21 11:48:21 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2009/12/21 11:48:20 | 00,205,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seo.dll
[2009/12/21 11:48:20 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2009/12/21 11:48:20 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2009/12/21 11:48:19 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/12/21 11:48:19 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/12/21 11:48:19 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_rwnh.dll
[2009/12/21 11:48:18 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2009/12/21 11:48:18 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2009/12/21 11:48:17 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2009/12/21 11:48:17 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2009/12/21 11:48:16 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2009/12/21 11:48:16 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2009/12/21 11:48:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2009/12/21 11:48:15 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2009/12/21 11:48:15 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2009/12/21 11:48:14 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2009/12/21 11:48:14 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2009/12/21 11:48:13 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2009/12/21 11:48:13 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2009/12/21 11:48:12 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2009/12/21 11:48:10 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2009/12/21 11:48:10 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2009/12/21 11:48:07 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2009/12/21 11:48:07 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2009/12/21 11:48:07 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2009/12/21 11:48:06 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2009/12/21 11:48:06 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2009/12/21 11:48:05 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2009/12/21 11:48:05 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2009/12/21 11:48:05 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2009/12/21 11:48:05 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2009/12/21 11:48:04 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2009/12/21 11:48:04 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2009/12/21 11:48:04 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2009/12/21 11:48:04 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2009/12/21 11:48:04 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2009/12/21 11:48:04 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2009/12/21 11:48:04 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2009/12/21 11:48:04 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2009/12/21 11:48:04 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2009/12/21 11:48:03 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2009/12/21 11:48:03 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2009/12/21 11:48:03 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2009/12/21 11:48:03 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2009/12/21 11:48:03 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2009/12/21 11:48:03 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2009/12/21 11:48:03 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2009/12/21 11:48:03 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2009/12/21 11:48:03 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2009/12/21 11:48:03 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2009/12/21 11:48:02 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2009/12/21 11:48:02 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2009/12/21 11:48:02 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2009/12/21 11:48:02 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2009/12/21 11:48:02 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2009/12/21 11:48:02 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2009/12/21 11:48:02 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2009/12/21 11:48:02 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2009/12/21 11:48:02 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2009/12/21 11:48:01 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2009/12/21 11:48:01 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2009/12/21 11:48:01 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2009/12/21 11:48:01 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2009/12/21 11:48:00 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2009/12/21 11:48:00 | 00,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2009/12/21 11:48:00 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2009/12/21 11:47:59 | 00,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2009/12/21 11:47:59 | 00,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2009/12/21 11:47:58 | 00,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2009/12/21 11:47:58 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2009/12/21 11:47:58 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2009/12/21 11:47:57 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2009/12/21 11:47:57 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2009/12/21 11:47:57 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2009/12/21 11:47:57 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2009/12/21 11:47:54 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2009/12/21 11:47:46 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2009/12/21 11:47:45 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2009/12/21 11:47:43 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2009/12/21 11:47:43 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2009/12/21 11:47:42 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2009/12/21 11:47:42 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2009/12/21 11:47:41 | 00,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
[2009/12/21 11:47:41 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/12/21 11:47:41 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2009/12/21 11:47:41 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2009/12/21 11:47:41 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2009/12/21 11:47:38 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2009/12/21 11:47:37 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2009/12/21 11:47:37 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2009/12/21 11:47:37 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2009/12/21 11:47:36 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2009/12/21 11:47:35 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2009/12/21 11:47:35 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2009/12/21 11:47:35 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2009/12/21 11:47:35 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2009/12/21 11:47:35 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2009/12/21 11:47:34 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/12/21 11:47:34 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2009/12/21 11:47:34 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2009/12/21 11:47:33 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2009/12/21 11:47:33 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2009/12/21 11:47:33 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2009/12/21 11:47:33 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2009/12/21 11:47:32 | 00,312,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqueue.dll
[2009/12/21 11:47:32 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2009/12/21 11:47:32 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2009/12/21 11:47:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2009/12/21 11:47:31 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2009/12/21 11:47:29 | 02,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpsnap.dll
[2009/12/21 11:47:29 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2009/12/21 11:47:28 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpadm.dll
[2009/12/21 11:47:26 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2009/12/21 11:47:26 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2009/12/21 11:47:25 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2009/12/21 11:47:25 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2009/12/21 11:47:25 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2009/12/21 11:47:25 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2009/12/21 11:47:22 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2009/12/21 11:47:03 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2009/12/21 11:45:14 | 00,520,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpvis.dll
[2009/12/21 11:45:14 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2009/12/21 11:45:13 | 00,319,542 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmres.dll
[2009/12/21 11:45:13 | 00,163,897 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmutil.dll
[2009/12/21 11:45:13 | 00,110,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmfilt.dll
[2009/12/21 11:44:27 | 00,347,136 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2009/12/21 11:44:27 | 00,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2009/12/21 11:44:15 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2009/12/21 11:44:14 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2009/12/21 11:44:01 | 02,689,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2009/12/21 11:44:01 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstsc.exe
[2009/12/21 11:44:00 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2009/12/21 11:44:00 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscupgrd.exe
[2009/12/21 11:44:00 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2009/12/21 11:43:59 | 01,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2009/12/21 11:43:59 | 00,625,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2009/12/16 11:08:32 | 00,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2009/12/16 11:08:31 | 00,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2009/12/16 11:08:30 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xrxflnch.exe
[2009/12/16 11:08:15 | 00,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2009/12/16 11:08:14 | 00,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2009/12/16 11:08:13 | 00,019,455 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wvchntxx.sys
[2009/12/16 11:08:10 | 00,012,063 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wsiintxx.sys
[2009/12/16 11:08:09 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2009/12/16 11:07:54 | 00,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiacpi.sys
[2009/12/16 11:07:52 | 00,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2009/12/16 11:07:51 | 00,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2009/12/16 11:07:48 | 00,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2009/12/16 11:07:46 | 00,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2009/12/16 11:07:46 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiamsmud.dll
[2009/12/16 11:07:43 | 00,701,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\wdhaalba.sys
[2009/12/16 11:07:42 | 00,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2009/12/16 11:07:42 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wceusbsh.sys
[2009/12/16 11:07:42 | 00,023,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wch7xxnt.sys
[2009/12/16 11:07:40 | 00,033,599 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv04nt.sys
[2009/12/16 11:07:39 | 00,019,551 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv02nt.sys
[2009/12/16 11:07:38 | 00,029,311 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv01nt.sys
[2009/12/16 11:07:35 | 00,012,127 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv02nt.sys
[2009/12/16 11:07:35 | 00,011,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv05nt.sys
[2009/12/16 11:07:34 | 00,012,415 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv01nt.sys
[2009/12/16 11:07:33 | 00,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2009/12/16 11:07:33 | 00,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2009/12/16 11:07:32 | 00,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2009/12/16 11:07:30 | 00,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2009/12/16 11:07:29 | 00,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2009/12/16 11:07:28 | 00,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2009/12/16 11:07:28 | 00,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2009/12/16 11:07:27 | 00,024,576 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\viairda.sys
[2009/12/16 11:07:26 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viaide.sys
[2009/12/16 11:07:25 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2009/12/16 11:07:23 | 00,687,999 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrwdxjs.sys
[2009/12/16 11:07:22 | 00,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2009/12/16 11:07:21 | 00,113,762 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrpda.sys
[2009/12/16 11:07:21 | 00,007,556 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usroslba.sys
[2009/12/16 11:07:20 | 00,224,802 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usr1807a.sys
[2009/12/16 11:07:19 | 00,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2009/12/16 11:07:19 | 00,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2009/12/16 11:07:19 | 00,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2009/12/16 11:07:17 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2009/12/16 11:07:17 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2009/12/16 11:07:16 | 00,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbohci.sys
[2009/12/16 11:07:14 | 00,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2009/12/16 11:07:13 | 00,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2009/12/16 11:07:10 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxud32.dll
[2009/12/16 11:07:10 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu40.dll
[2009/12/16 11:07:10 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu22.dll
[2009/12/16 11:07:09 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu12.dll
[2009/12/16 11:07:09 | 00,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2009/12/16 11:07:09 | 00,022,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxpcls.sys
[2009/12/16 11:07:08 | 00,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2009/12/16 11:07:08 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxp60.dll
[2009/12/16 11:07:08 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxcam.dll
[2009/12/16 11:07:07 | 00,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2009/12/16 11:07:07 | 00,036,736 | ---- | C] (Promise Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ultra.sys
[2009/12/16 11:07:05 | 00,011,520 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\twotrack.sys
[2009/12/16 11:07:03 | 00,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2009/12/16 11:07:02 | 00,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2009/12/16 11:07:02 | 00,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2009/12/16 11:07:02 | 00,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2009/12/16 11:07:02 | 00,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2009/12/16 11:07:01 | 00,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2009/12/16 11:07:00 | 00,042,496 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4res.dll
[2009/12/16 11:07:00 | 00,034,375 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\tpro4.sys
[2009/12/16 11:06:59 | 00,082,944 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4mon.exe
[2009/12/16 11:06:58 | 00,031,744 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4.dll
[2009/12/16 11:06:57 | 00,230,912 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd03.sys
[2009/12/16 11:06:57 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\toside.sys
[2009/12/16 11:06:56 | 00,241,664 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd02.sys
[2009/12/16 11:06:56 | 00,028,232 | ---- | C] (TOSHIBA Corporation) -- C:\WINDOWS\System32\dllcache\tos4mo.sys
[2009/12/16 11:06:54 | 00,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2009/12/16 11:06:52 | 00,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2009/12/16 11:06:52 | 00,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2009/12/16 11:06:51 | 00,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2009/12/16 11:06:49 | 00,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2009/12/16 11:06:49 | 00,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2009/12/16 11:06:47 | 00,030,464 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tbatm155.sys
[2009/12/16 11:06:45 | 00,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2009/12/16 11:06:45 | 00,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tandqic.sys
[2009/12/16 11:06:44 | 00,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2009/12/16 11:06:41 | 00,032,640 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\symc8xx.sys
[2009/12/16 11:06:41 | 00,030,688 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_u3.sys
[2009/12/16 11:06:41 | 00,016,256 | ---- | C] (Symbios Logic Inc.) -- C:\WINDOWS\System32\dllcache\symc810.sys
[2009/12/16 11:06:40 | 00,094,293 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sxports.dll
[2009/12/16 11:06:40 | 00,028,384 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_hi.sys
[2009/12/16 11:06:39 | 00,103,936 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sx.sys
[2009/12/16 11:06:39 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpidflt.dll
[2009/12/16 11:06:39 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpdflt2.dll
[2009/12/16 11:06:39 | 00,003,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swusbflt.sys
[2009/12/16 11:06:38 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_wheel.dll
[2009/12/16 11:06:38 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_effct.dll
[2009/12/16 11:06:36 | 00,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2009/12/16 11:06:36 | 00,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2009/12/16 11:06:36 | 00,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2009/12/16 11:06:35 | 00,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2009/12/16 11:06:32 | 00,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2009/12/16 11:06:31 | 00,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusd.dll
[2009/12/16 11:06:28 | 00,024,660 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxupchk.dll
[2009/12/16 11:06:26 | 00,106,584 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spdports.dll
[2009/12/16 11:06:26 | 00,061,824 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\speed.sys
[2009/12/16 11:06:25 | 00,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2009/12/16 11:06:25 | 00,007,552 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypvu1.sys
[2009/12/16 11:06:24 | 00,114,688 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.dll
[2009/12/16 11:06:24 | 00,037,040 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.sys
[2009/12/16 11:06:24 | 00,020,752 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonync.sys
[2009/12/16 11:06:23 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonymc.sys
[2009/12/16 11:06:23 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonyait.sys
[2009/12/16 11:06:22 | 00,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snyaitmc.sys
[2009/12/16 11:06:13 | 00,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2009/12/16 11:06:12 | 00,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2009/12/16 11:06:11 | 00,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2009/12/16 11:06:11 | 00,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2009/12/16 11:06:11 | 00,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2009/12/16 11:06:10 | 00,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbhc.sys
[2009/12/16 11:06:09 | 00,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys
[2009/12/16 11:06:09 | 00,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys
[2009/12/16 11:06:08 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb3w.dll
[2009/12/16 11:06:08 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb0w.dll
[2009/12/16 11:06:08 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma0w.dll
[2009/12/16 11:06:06 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm91w.dll
[2009/12/16 11:06:02 | 00,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2009/12/16 11:06:01 | 00,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2009/12/16 11:06:01 | 00,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2009/12/16 11:06:00 | 00,157,696 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv256.dll
[2009/12/16 11:06:00 | 00,050,432 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv.sys
[2009/12/16 11:05:59 | 00,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2009/12/16 11:05:58 | 00,238,592 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrv.dll
[2009/12/16 11:05:58 | 00,104,064 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrp.sys
[2009/12/16 11:05:57 | 00,252,032 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300iv.dll
[2009/12/16 11:05:57 | 00,150,144 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306v.dll
[2009/12/16 11:05:57 | 00,101,760 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300ip.sys
[2009/12/16 11:05:57 | 00,068,608 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306p.sys
[2009/12/16 11:05:52 | 00,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2009/12/16 11:05:51 | 00,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2009/12/16 11:05:51 | 00,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2009/12/16 11:05:51 | 00,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2009/12/16 11:05:50 | 00,036,480 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sfmanm.sys
[2009/12/16 11:05:48 | 00,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sermouse.sys
[2009/12/16 11:05:48 | 00,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2009/12/16 11:05:45 | 00,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seaddsmc.sys
[2009/12/16 11:05:44 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiprnt.sys
[2009/12/16 11:05:44 | 00,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
[2009/12/16 11:05:40 | 00,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2009/12/16 11:05:40 | 00,016,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scmstcs.sys
[2009/12/16 11:05:39 | 00,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2009/12/16 11:05:38 | 00,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2009/12/16 11:05:37 | 00,495,616 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sblfx.dll
[2009/12/16 11:05:37 | 00,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys
[2009/12/16 11:05:35 | 00,245,632 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmx.dll
[2009/12/16 11:05:35 | 00,075,392 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmxm.sys
[2009/12/16 11:05:34 | 00,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2009/12/16 11:05:34 | 00,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2009/12/16 11:05:34 | 00,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2009/12/16 11:05:33 | 00,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2009/12/16 11:05:33 | 00,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2009/12/16 11:05:33 | 00,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2009/12/16 11:05:33 | 00,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2009/12/16 11:05:32 | 00,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2009/12/16 11:05:32 | 00,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2009/12/16 11:05:32 | 00,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.sys
[2009/12/16 11:05:31 | 00,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2009/12/16 11:05:30 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2009/12/16 11:05:29 | 00,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2009/12/16 11:05:28 | 00,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2009/12/16 11:05:26 | 00,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2009/12/16 11:05:26 | 00,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2009/12/16 11:05:25 | 00,030,720 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rthwcls.sys
[2009/12/16 11:05:23 | 00,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2009/12/16 11:05:22 | 00,003,840 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rpfun.sys
[2009/12/16 11:05:20 | 00,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2009/12/16 11:05:20 | 00,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2009/12/16 11:05:19 | 00,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2009/12/16 11:05:12 | 00,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasirda.sys
[2009/12/16 11:05:11 | 00,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2009/12/16 11:05:10 | 00,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2009/12/16 11:05:10 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qvusd.dll
[2009/12/16 11:05:10 | 00,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qv2kux.sys
[2009/12/16 11:05:07 | 00,049,024 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1280.sys
[2009/12/16 11:05:07 | 00,045,312 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql12160.sys
[2009/12/16 11:05:07 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql1240.sys
[2009/12/16 11:05:07 | 00,033,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql10wnt.sys
[2009/12/16 11:05:06 | 00,040,320 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1080.sys
[2009/12/16 11:05:05 | 00,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys
[2009/12/16 11:05:04 | 00,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2009/12/16 11:05:03 | 00,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2009/12/16 11:05:03 | 00,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2009/12/16 11:05:02 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll
[2009/12/16 11:05:02 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusb.dll
[2009/12/16 11:05:01 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\psisload.dll
[2009/12/16 11:05:01 | 00,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2009/12/16 11:04:58 | 00,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa.sys
[2009/12/16 11:04:58 | 00,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys
[2009/12/16 11:04:58 | 00,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
[2009/12/16 11:04:56 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pnrmc.sys
[2009/12/16 11:04:53 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phvfwext.dll
[2009/12/16 11:04:53 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phildec.sys
[2009/12/16 11:04:53 | 00,019,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philtune.sys
[2009/12/16 11:04:52 | 00,173,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam2.sys
[2009/12/16 11:04:52 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phdsext.ax
[2009/12/16 11:04:52 | 00,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.sys
[2009/12/16 11:04:52 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.dll
[2009/12/16 11:04:51 | 00,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll
[2009/12/16 11:04:50 | 00,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll
[2009/12/16 11:04:50 | 00,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys
[2009/12/16 11:04:49 | 00,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys
[2009/12/16 11:04:48 | 00,027,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2.sys
[2009/12/16 11:04:48 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2hib.sys
[2009/12/16 11:04:47 | 00,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2009/12/16 11:04:47 | 00,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2009/12/16 11:04:46 | 00,035,328 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntpci5.sys
[2009/12/16 11:04:46 | 00,030,282 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5hl.sys
[2009/12/16 11:04:46 | 00,029,769 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5m.sys
[2009/12/16 11:04:45 | 00,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2009/12/16 11:04:45 | 00,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2009/12/16 11:04:44 | 00,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2009/12/16 11:04:41 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2.dll
[2009/12/16 11:04:41 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2rc.dll
[2009/12/16 11:04:41 | 00,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovsound2.sys
[2009/12/16 11:04:40 | 00,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodek2.sys
[2009/12/16 11:04:40 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcoms.exe
[2009/12/16 11:04:40 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcomc.dll
[2009/12/16 11:04:39 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodec2.dll
[2009/12/16 11:04:39 | 00,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcam2.sys
[2009/12/16 11:04:39 | 00,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovce.sys
[2009/12/16 11:04:39 | 00,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcd.sys
[2009/12/16 11:04:38 | 00,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2009/12/16 11:04:38 | 00,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2009/12/16 11:04:38 | 00,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2009/12/16 11:04:38 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovca.sys
[2009/12/16 11:04:37 | 00,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2009/12/16 11:04:34 | 00,061,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ohci1394.sys
[2009/12/16 11:04:30 | 00,198,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.sys
[2009/12/16 11:04:30 | 00,123,776 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.dll
[2009/12/16 11:04:26 | 00,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2009/12/16 10:59:54 | 00,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntapm.sys
[2009/12/16 10:59:54 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsmmc.sys
[2009/12/16 10:59:52 | 00,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\nscirda.sys
[2009/12/16 10:59:50 | 00,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2009/12/16 10:59:49 | 00,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2009/12/16 10:59:48 | 00,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2009/12/16 10:59:47 | 00,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2009/12/16 10:59:44 | 00,065,278 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\netflx3.sys
[2009/12/16 10:59:43 | 00,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2009/12/16 10:59:42 | 00,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2009/12/16 10:59:42 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ne2000.sys
[2009/12/16 10:59:40 | 00,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2009/12/16 10:59:39 | 00,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2009/12/16 10:59:39 | 00,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2009/12/16 10:59:39 | 00,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2009/12/16 10:59:38 | 00,128,000 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n100325.sys
[2009/12/16 10:59:38 | 00,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2009/12/16 10:59:38 | 00,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2009/12/16 10:59:37 | 00,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2009/12/16 10:59:37 | 00,052,255 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n1000nt5.sys
[2009/12/16 10:59:37 | 00,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2009/12/16 10:59:36 | 00,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2009/12/16 10:59:36 | 00,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2009/12/16 10:59:36 | 00,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2009/12/16 10:59:35 | 00,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2009/12/16 10:59:26 | 00,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstape.sys
[2009/12/16 10:59:24 | 00,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msriffwv.sys
[2009/12/16 10:59:20 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msmpu401.sys
[2009/12/16 10:59:18 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msircomm.sys
[2009/12/16 10:59:12 | 00,035,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgame.sys
[2009/12/16 10:59:12 | 00,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfsio.sys
[2009/12/16 10:59:08 | 00,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2009/12/16 10:59:02 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2009/12/16 10:59:01 | 00,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys
[2009/12/16 10:58:58 | 00,006,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\miniqic.sys
[2009/12/16 10:58:55 | 00,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaum.sys
[2009/12/16 10:58:54 | 00,235,648 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaud.dll
[2009/12/16 10:58:53 | 00,026,112 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\memstpci.sys
[2009/12/16 10:58:52 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memgrp.dll
[2009/12/16 10:58:52 | 00,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memcard.sys
[2009/12/16 10:58:51 | 00,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2009/12/16 10:58:49 | 00,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mammoth.sys
[2009/12/16 10:56:40 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3092dc.dll
[2009/12/16 10:56:40 | 00,048,768 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\maestro.sys
[2009/12/16 10:56:39 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3091dc.dll
[2009/12/16 10:56:39 | 00,022,848 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwusbhid.sys
[2009/12/16 10:56:38 | 00,020,864 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwadihid.sys
[2009/12/16 10:56:37 | 00,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2009/12/16 10:56:37 | 00,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2009/12/16 10:56:36 | 00,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ltotape.sys
[2009/12/16 10:56:35 | 00,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2009/12/16 10:56:35 | 00,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2009/12/16 10:56:35 | 00,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2009/12/16 10:56:34 | 00,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2009/12/16 10:56:33 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\loop.sys
[2009/12/16 10:56:31 | 00,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2009/12/16 10:56:30 | 00,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2009/12/16 10:56:30 | 00,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2009/12/16 10:56:29 | 00,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2009/12/16 10:56:28 | 00,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2009/12/16 10:56:27 | 00,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2009/12/16 10:56:27 | 00,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2009/12/16 10:56:26 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kousd.dll
[2009/12/16 10:56:23 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2009/12/16 10:56:22 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2009/12/16 10:56:13 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2009/12/16 10:56:05 | 00,026,624 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\dllcache\irstusb.sys
[2009/12/16 10:56:05 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irsir.sys
[2009/12/16 10:56:04 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2009/12/16 10:56:03 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2009/12/16 10:56:03 | 00,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2009/12/16 10:56:02 | 00,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys
[2009/12/16 10:55:58 | 00,090,200 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8ports.dll
[2009/12/16 10:55:58 | 00,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2009/12/16 10:55:57 | 00,038,784 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8.sys
[2009/12/16 10:55:56 | 00,013,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inport.sys
[2009/12/16 10:55:56 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\intelide.sys
[2009/12/16 10:55:55 | 00,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ini910u.sys
[2009/12/16 10:55:39 | 00,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2009/12/16 10:55:39 | 00,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5usb.sys
[2009/12/16 10:55:38 | 00,154,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4usb.sys
[2009/12/16 10:55:38 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4ext.dll
[2009/12/16 10:55:38 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5com.dll
[2009/12/16 10:55:38 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5ext.dll
[2009/12/16 10:55:37 | 00,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3.sys
[2009/12/16 10:55:37 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4com.dll
[2009/12/16 10:55:37 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3ext.dll
[2009/12/16 10:55:36 | 00,109,085 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtrp.sys
[2009/12/16 10:55:36 | 00,100,936 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtok.sys
[2009/12/16 10:55:36 | 00,038,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ibmvcap.sys
[2009/12/16 10:55:36 | 00,009,216 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmsgnet.dll
[2009/12/16 10:55:35 | 00,028,700 | ---- | C] (IBM Corp.) -- C:\WINDOWS\System32\dllcache\ibmexmp.sys
[2009/12/16 10:55:33 | 00,702,845 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\i81xdnt5.dll
[2009/12/16 10:55:33 | 00,161,020 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\i81xnt5.sys
[2009/12/16 10:55:32 | 00,353,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740dnt5.dll
[2009/12/16 10:55:32 | 00,058,592 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740nt5.sys
[2009/12/16 10:55:31 | 00,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omp.sys
[2009/12/16 10:55:30 | 00,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2009/12/16 10:55:18 | 00,488,383 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_v124.sys
[2009/12/16 10:55:17 | 00,073,279 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_spkp.sys
[2009/12/16 10:55:17 | 00,050,751 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_tone.sys
[2009/12/16 10:55:17 | 00,044,863 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_soar.sys
[2009/12/16 10:55:16 | 00,542,879 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_msft.sys
[2009/12/16 10:55:16 | 00,391,199 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_k56k.sys
[2009/12/16 10:55:16 | 00,057,471 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_samp.sys
[2009/12/16 10:55:15 | 00,289,887 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fall.sys
[2009/12/16 10:55:15 | 00,199,711 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_faxx.sys
[2009/12/16 10:55:15 | 00,115,807 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fsks.sys
[2009/12/16 10:55:15 | 00,009,759 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_inst.dll
[2009/12/16 10:55:14 | 00,150,239 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_amos.sys
[2009/12/16 10:55:14 | 00,067,167 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_bsc2.sys
[2009/12/16 10:55:13 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hr1w.dll
[2009/12/16 10:55:13 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpsjmcro.dll
[2009/12/16 10:55:13 | 00,005,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpt4qic.sys
[2009/12/16 10:55:12 | 00,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpojwia.dll
[2009/12/16 10:55:12 | 00,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2009/12/16 10:55:12 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgtmcro.dll
[2009/12/16 10:55:12 | 00,025,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpn.sys
[2009/12/16 10:55:11 | 00,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2009/12/16 10:55:11 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt42tk.dll
[2009/12/16 10:55:10 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt33tk.dll
[2009/12/16 10:55:09 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt21tk.dll
[2009/12/16 10:55:09 | 00,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpdigwia.dll
[2009/12/16 10:55:06 | 00,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidswvd.sys
[2009/12/16 10:55:05 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2009/12/16 10:55:05 | 00,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidgame.sys
[2009/12/16 10:55:04 | 00,020,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2009/12/16 10:55:02 | 00,907,456 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hcf_msft.sys
[2009/12/16 10:55:00 | 00,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2009/12/16 10:54:59 | 00,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2009/12/16 10:54:58 | 00,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2009/12/16 10:54:56 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2009/12/16 10:54:55 | 00,322,432 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400m.sys
[2009/12/16 10:54:55 | 00,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2009/12/16 10:54:54 | 01,733,120 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400d.dll
[2009/12/16 10:54:54 | 00,470,144 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200d.dll
[2009/12/16 10:54:54 | 00,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200m.sys
[2009/12/16 10:54:53 | 00,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2009/12/16 10:54:48 | 00,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2009/12/16 10:54:48 | 00,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2009/12/16 10:54:48 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fuusd.dll
[2009/12/16 10:54:44 | 00,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2009/12/16 10:54:43 | 00,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2009/12/16 10:54:43 | 00,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2009/12/16 10:54:42 | 00,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2009/12/16 10:54:41 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fnfilter.dll
[2009/12/16 10:54:39 | 00,027,165 | ---- | C] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\dllcache\fetnd5.sys
[2009/12/16 10:54:38 | 00,022,090 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\fem556n5.sys
[2009/12/16 10:54:34 | 00,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2009/12/16 10:54:34 | 00,016,074 | ---- | C] (NETGEAR Corp.) -- C:\WINDOWS\System32\dllcache\fa312nd5.sys
[2009/12/16 10:54:33 | 00,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2009/12/16 10:54:33 | 00,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2009/12/16 10:54:31 | 00,016,998 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ex10.sys
[2009/12/16 10:54:31 | 00,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exabyte2.sys
[2009/12/16 10:54:27 | 00,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunib.dll
[2009/12/16 10:54:27 | 00,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuni.dll
[2009/12/16 10:54:27 | 00,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimg.dll
[2009/12/16 10:54:26 | 00,137,088 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\essm2e.sys
[2009/12/16 10:54:26 | 00,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucm.dll
[2009/12/16 10:54:25 | 00,063,360 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ess.sys
[2009/12/16 10:54:24 | 00,347,550 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56tpi.sys
[2009/12/16 10:54:23 | 00,595,647 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56cvmp.sys
[2009/12/16 10:54:23 | 00,594,238 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56hpi.sys
[2009/12/16 10:54:23 | 00,174,464 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es198x.sys
[2009/12/16 10:54:22 | 00,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2009/12/16 10:54:22 | 00,040,704 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1371mp.sys
[2009/12/16 10:54:22 | 00,037,120 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1370mp.sys
[2009/12/16 10:54:21 | 00,061,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnloop.exe
[2009/12/16 10:54:21 | 00,053,248 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqndiag.exe
[2009/12/16 10:54:21 | 00,051,200 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnlogr.exe
[2009/12/16 10:54:20 | 00,629,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqn.sys
[2009/12/16 10:54:20 | 00,114,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epstw2k.sys
[2009/12/16 10:54:20 | 00,018,503 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\epro4.sys
[2009/12/16 10:54:19 | 00,283,904 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\emu10k1m.sys
[2009/12/16 10:54:19 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epcfw2k.sys
[2009/12/16 10:54:19 | 00,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\enum1394.sys
[2009/12/16 10:54:18 | 00,019,996 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\em556n4.sys
[2009/12/16 10:54:17 | 00,171,520 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el99xn51.sys
[2009/12/16 10:54:17 | 00,025,159 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\elnk3.sys
[2009/12/16 10:54:17 | 00,007,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\elmsmc.sys
[2009/12/16 10:54:16 | 00,455,199 | ---- | C] (3Com Corporation.) -- C:\WINDOWS\System32\dllcache\el985n51.sys
[2009/12/16 10:54:16 | 00,153,631 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xnd5.sys
[2009/12/16 10:54:16 | 00,070,174 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el98xn5.sys
[2009/12/16 10:54:15 | 00,241,206 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656se5.sys
[2009/12/16 10:54:15 | 00,066,591 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xbc5.sys
[2009/12/16 10:54:14 | 00,634,134 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656ct5.sys
[2009/12/16 10:54:14 | 00,077,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656nd5.sys
[2009/12/16 10:54:13 | 00,069,692 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el575nd5.sys
[2009/12/16 10:54:13 | 00,069,194 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656cd5.sys
[2009/12/16 10:54:13 | 00,026,141 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el589nd5.sys
[2009/12/16 10:54:12 | 00,055,999 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el556nd5.sys
[2009/12/16 10:54:12 | 00,044,103 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el515.sys
[2009/12/16 10:54:12 | 00,024,653 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el574nd4.sys
[2009/12/16 10:54:09 | 00,019,594 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100isa4.sys
[2009/12/16 10:54:08 | 00,050,719 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e1000nt5.sys
[2009/12/16 10:54:03 | 00,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2009/12/16 10:54:03 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2009/12/16 10:54:01 | 00,020,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpti2o.sys
[2009/12/16 10:53:59 | 00,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2009/12/16 10:53:59 | 00,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4usb.sys
[2009/12/16 10:53:58 | 00,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2009/12/16 10:53:58 | 00,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4prt.sys
[2009/12/16 10:53:58 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4scan.sys
[2009/12/16 10:53:53 | 00,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2009/12/16 10:53:53 | 00,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys
[2009/12/16 10:53:52 | 00,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2009/12/16 10:53:52 | 00,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2009/12/16 10:53:51 | 00,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2009/12/16 10:53:50 | 00,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2009/12/16 10:53:50 | 00,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2009/12/16 10:53:49 | 00,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2009/12/16 10:53:48 | 00,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2009/12/16 10:53:47 | 00,614,429 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiview.exe
[2009/12/16 10:53:46 | 00,110,621 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.dll
[2009/12/16 10:53:46 | 00,042,432 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.sys
[2009/12/16 10:53:45 | 00,102,484 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiinf.dll
[2009/12/16 10:53:45 | 00,041,046 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.dll
[2009/12/16 10:53:45 | 00,021,606 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.sys
[2009/12/16 10:53:44 | 00,229,462 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifwrk.dll
[2009/12/16 10:53:44 | 00,159,828 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digihlc.dll
[2009/12/16 10:53:44 | 00,090,525 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifep5.sys
[2009/12/16 10:53:43 | 00,131,156 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidbp.dll
[2009/12/16 10:53:43 | 00,103,044 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidxb.sys
[2009/12/16 10:53:43 | 00,037,735 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.sys
[2009/12/16 10:53:42 | 00,065,622 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.dll
[2009/12/16 10:53:40 | 00,419,357 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgconfig.dll
[2009/12/16 10:53:40 | 00,029,531 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\dgapci.sys
[2009/12/16 10:53:38 | 00,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2009/12/16 10:53:37 | 00,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2009/12/16 10:53:37 | 00,024,064 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devldr32.exe
[2009/12/16 10:53:36 | 00,256,512 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devcon32.dll
[2009/12/16 10:53:35 | 00,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2009/12/16 10:53:35 | 00,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddsmc.sys
[2009/12/16 10:53:33 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc260usd.dll
[2009/12/16 10:53:33 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc240usd.dll
[2009/12/16 10:53:32 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210usd.dll
[2009/12/16 10:53:32 | 00,063,208 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\dllcache\dc21x4.sys
[2009/12/16 10:53:32 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210_32.dll
[2009/12/16 10:53:29 | 00,179,584 | ---- | C] (Mylex Corporation) -- C:\WINDOWS\System32\dllcache\dac2w2k.sys
[2009/12/16 10:53:29 | 00,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dac960nt.sys
[2009/12/16 10:53:27 | 00,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\d100ib5.sys
[2009/12/16 10:53:27 | 00,049,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzport.sys
[2009/12/16 10:53:27 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzports.dll
[2009/12/16 10:53:26 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyport.sys
[2009/12/16 10:53:26 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyycoins.dll
[2009/12/16 10:53:26 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyports.dll
[2009/12/16 10:53:26 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzcoins.dll
[2009/12/16 10:53:25 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclom-y.sys
[2009/12/16 10:53:23 | 00,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclad-z.sys
[2009/12/16 10:53:21 | 00,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2009/12/16 10:53:20 | 00,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2009/12/16 10:53:20 | 00,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2009/12/16 10:53:18 | 00,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2009/12/16 10:53:18 | 00,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2009/12/16 10:53:17 | 00,004,096 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctwdm32.dll
[2009/12/16 10:53:17 | 00,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2009/12/16 10:53:17 | 00,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2009/12/16 10:53:16 | 00,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2009/12/16 10:53:16 | 00,096,256 | ---- | C] (Copyright © Creative Technology Ltd. 1994-2001) -- C:\WINDOWS\System32\dllcache\ctlsb16.sys
[2009/12/16 10:53:15 | 00,006,912 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctlfacem.sys
[2009/12/16 10:53:15 | 00,003,712 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctljystk.sys
[2009/12/16 10:53:14 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csamsp.dll
[2009/12/16 10:53:13 | 00,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2009/12/16 10:53:13 | 00,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2009/12/16 10:53:13 | 00,042,112 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\crtaud.sys
[2009/12/16 10:53:12 | 00,021,533 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\cpqndis5.sys
[2009/12/16 10:53:12 | 00,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cpqarray.sys
[2009/12/16 10:53:05 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2009/12/16 10:53:04 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnusd.dll
[2009/12/16 10:53:04 | 00,039,936 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\cnxt1803.sys
[2009/12/16 10:53:02 | 00,006,656 | ---- | C] (CMD Technology, Inc.) -- C:\WINDOWS\System32\dllcache\cmdide.sys
[2009/12/16 10:52:59 | 00,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2009/12/16 10:52:58 | 00,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmbatt.sys
[2009/12/16 10:52:53 | 00,248,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546xm.sys
[2009/12/16 10:52:52 | 00,170,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546x.dll
[2009/12/16 10:52:52 | 00,111,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl5465.dll
[2009/12/16 10:52:51 | 00,091,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.dll
[2009/12/16 10:52:51 | 00,045,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.sys
[2009/12/16 10:52:49 | 00,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2009/12/16 10:52:49 | 00,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\dllcache\cinemclc.sys
[2009/12/16 10:52:45 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2009/12/16 10:52:44 | 00,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2009/12/16 10:52:43 | 00,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2009/12/16 10:52:42 | 00,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2009/12/16 10:52:42 | 00,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2009/12/16 10:52:42 | 00,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2009/12/16 10:52:40 | 00,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2009/12/16 10:52:40 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cd20xrnt.sys
[2009/12/16 10:52:39 | 00,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2009/12/16 10:52:39 | 00,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2009/12/16 10:52:39 | 00,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2009/12/16 10:52:38 | 00,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2009/12/16 10:52:37 | 00,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2009/12/16 10:52:36 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2009/12/16 10:52:35 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.ax
[2009/12/16 10:52:35 | 00,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.dll
[2009/12/16 10:52:35 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.ax
[2009/12/16 10:52:34 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv21.sys
[2009/12/16 10:52:34 | 00,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv30.sys
[2009/12/16 10:52:34 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.dll
[2009/12/16 10:52:34 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.ax
[2009/12/16 10:52:33 | 00,314,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdro21.sys
[2009/12/16 10:52:15 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2009/12/16 10:52:12 | 00,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2009/12/16 10:52:12 | 00,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2009/12/16 10:52:12 | 00,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2009/12/16 10:52:12 | 00,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2009/12/16 10:52:11 | 00,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2009/12/16 10:52:11 | 00,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2009/12/16 10:52:11 | 00,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2009/12/16 10:52:10 | 00,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2009/12/16 10:52:08 | 00,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2009/12/16 10:52:08 | 00,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2009/12/16 10:52:07 | 00,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2009/12/16 10:52:07 | 00,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2009/12/16 10:52:07 | 00,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2009/12/16 10:52:06 | 00,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2009/12/16 10:52:06 | 00,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2009/12/16 10:52:05 | 00,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2009/12/16 10:52:05 | 00,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2009/12/16 10:52:04 | 00,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2009/12/16 10:52:04 | 00,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2009/12/16 10:52:01 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2009/12/16 10:52:00 | 00,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2009/12/16 10:51:59 | 00,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2009/12/16 10:51:59 | 00,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2009/12/16 10:51:58 | 00,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
[2009/12/16 10:51:57 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2009/12/16 10:51:56 | 00,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2009/12/16 10:51:56 | 00,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2009/12/16 10:51:54 | 00,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2009/12/16 10:51:53 | 00,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2009/12/16 10:51:53 | 00,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2009/12/16 10:51:53 | 00,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2009/12/16 10:51:52 | 00,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2009/12/16 10:51:52 | 00,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2009/12/16 10:51:50 | 00,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2009/12/16 10:51:50 | 00,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2009/12/16 10:51:49 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2009/12/16 10:51:40 | 00,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2009/12/16 10:51:40 | 00,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2009/12/16 10:51:37 | 00,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2009/12/16 10:51:37 | 00,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2009/12/16 10:51:36 | 00,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2009/12/16 10:51:36 | 00,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2009/12/16 10:51:36 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2009/12/16 10:51:35 | 00,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2009/12/16 10:51:35 | 00,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2009/12/16 10:51:31 | 00,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2009/12/16 10:51:31 | 00,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2009/12/16 10:51:28 | 00,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2009/12/16 10:51:27 | 00,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2009/12/16 10:51:27 | 00,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2009/12/16 10:51:27 | 00,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2009/12/16 10:51:23 | 00,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2009/12/16 10:51:22 | 00,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2009/12/16 10:51:22 | 00,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2009/12/16 10:51:22 | 00,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2009/12/16 10:51:21 | 00,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2009/12/16 10:51:21 | 00,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2009/12/16 10:51:21 | 00,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2009/12/16 10:51:20 | 00,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2009/12/16 10:51:20 | 00,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2009/12/16 10:51:19 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2009/12/16 10:51:15 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2009/12/16 10:47:58 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2009/12/16 10:47:57 | 00,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2009/12/16 10:47:55 | 00,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2009/12/16 10:47:55 | 00,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2009/12/16 10:47:54 | 00,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2009/12/16 10:47:54 | 00,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2009/12/16 10:47:54 | 00,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2009/12/16 10:47:53 | 00,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2009/12/16 10:47:51 | 00,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2009/12/16 10:47:50 | 00,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2009/12/16 10:47:50 | 00,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2009/12/16 10:47:49 | 00,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2009/12/16 10:47:48 | 00,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2009/12/16 10:47:48 | 00,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2009/12/16 10:47:48 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2009/12/16 10:47:47 | 00,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2009/12/16 10:47:47 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2009/12/16 10:47:46 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2009/12/16 10:47:45 | 00,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2009/12/16 10:47:45 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2009/12/16 10:47:44 | 00,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2009/12/16 10:47:43 | 00,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2009/12/16 10:47:43 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2009/12/16 10:47:41 | 00,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2009/12/16 10:47:05 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2009/12/15 12:37:48 | 00,000,000 | ---D | C] -- C:\Program Files\GMER
[2009/12/14 11:49:08 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/12/14 11:49:08 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/12/14 11:49:08 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/12/14 11:49:08 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/12/14 11:48:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/14 11:46:39 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/14 10:28:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\My Documents\My Received Files
[2005/12/01 01:58:32 | 00,086,016 | R--- | C] (Symantec Corporation) -- C:\Program Files\WFABTEXT.DLL
[2005/12/01 01:58:31 | 00,545,280 | ---- | C] (Symantec Corporation) -- C:\Program Files\DCCRES32.DLL
[2005/12/01 01:57:50 | 00,665,088 | ---- | C] (Symantec Corp.) -- C:\Program Files\WFXPACT4.DLL
[2005/12/01 01:57:50 | 00,514,560 | ---- | C] (Symantec Corporation - Delrina Group) -- C:\Program Files\WFXPOSQL.DLL
[2005/12/01 01:57:50 | 00,452,608 | ---- | C] (Symantec Corp.) -- C:\Program Files\WFXPGM4S.DLL
[2005/12/01 01:57:50 | 00,446,464 | ---- | C] (Symantec Corp.) -- C:\Program Files\WFXPORG3.DLL
[2005/12/01 01:57:50 | 00,309,760 | ---- | C] (Symantec Corporation) -- C:\Program Files\WFXPWAB.DLL
[2005/12/01 01:57:49 | 00,178,176 | ---- | C] (Symantec Corporation) -- C:\Program Files\WFXOCR32.DLL
[2005/12/01 01:57:48 | 00,970,752 | ---- | C] (Xerox Corp.) -- C:\Program Files\ICRSRV32.EXE
[2005/12/01 01:57:48 | 00,329,216 | ---- | C] (NetCentric Corporation) -- C:\Program Files\WFXIFNET.DLL
[2005/12/01 01:57:48 | 00,316,928 | ---- | C] (Creative System Design GmbH) -- C:\Program Files\ITRACE32.EXE
[2005/12/01 01:57:48 | 00,304,128 | ---- | C] (Concord Technologies, Inc.) -- C:\Program Files\CHAPIT32.DLL
[2005/12/01 01:57:48 | 00,150,016 | ---- | C] (Xerox Corp.) -- C:\Program Files\ICR32.DLL
[2005/12/01 01:57:48 | 00,144,896 | ---- | C] (Concord Technologies, Inc.) -- C:\Program Files\CHAPIZ32.DLL
[2005/12/01 01:57:48 | 00,023,040 | ---- | C] (Concord Technologies, Inc.) -- C:\Program Files\CTIUMDLG.DLL
[2005/12/01 01:57:48 | 00,007,168 | ---- | C] (Concord Technologies, Inc.) -- C:\Program Files\SRVIFCTI.DLL
[2005/12/01 01:57:47 | 00,541,184 | R--- | C] (Symantec Corporation) -- C:\Program Files\WFXMOD32.EXE
[2005/12/01 01:57:47 | 00,401,760 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WINTDIST.EXE
[2005/12/01 01:57:47 | 00,390,656 | ---- | C] (Symantec Corporation) -- C:\Program Files\WFXIFISC.DLL
[2005/12/01 01:57:47 | 00,388,096 | ---- | C] (Symantec Corporation) -- C:\Program Files\WFXIFWPP.DLL
[2005/12/01 01:57:47 | 00,271,360 | ---- | C] (Symantec Corporation) -- C:\Program Files\WFXEXT.DLL
[2005/12/01 01:57:47 | 00,203,776 | ---- | C] (Creative System Design GmbH) -- C:\Program Files\ISDNTB32.DLL
[2005/12/01 01:57:47 | 00,096,768 | ---- | C] (Symantec Corporation) -- C:\Program Files\WFXIFMOD.DLL
[2005/12/01 01:57:47 | 00,061,440 | ---- | C] (Symantec Corporation) -- C:\Program Files\WFXTWAIN.DLL
[2005/12/01 01:57:47 | 00,045,056 | ---- | C] (Symantec Corporation) -- C:\Program Files\WPPHOST.WPI
[2005/12/01 01:57:47 | 00,022,528 | ---- | C] (Symantec Corporation) -- C:\Program Files\CAPICHKR.DLL
[2005/12/01 01:57:47 | 00,005,600 | ---- | C] (Symantec Corporation) -- C:\Program Files\WFXTWN16.DLL
[2005/12/01 01:57:46 | 01,486,106 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\LUSETUP.EXE
[2005/12/01 01:57:46 | 00,010,752 | ---- | C] (Symantec Corporation) -- C:\Program Files\WFCVR32.EXE
[2005/12/01 01:57:44 | 00,425,472 | R--- | C] (Symantec Corporation) -- C:\Program Files\WFXINST.DLL
[2005/12/01 01:57:44 | 00,271,872 | R--- | C] (Symantec Corporation) -- C:\Program Files\INSTUTIL.DLL
[2005/12/01 01:57:44 | 00,269,824 | ---- | C] (Symantec Corporation) -- C:\Program Files\FAXUTIL.DLL
[2005/12/01 01:57:44 | 00,227,840 | R--- | C] (Symantec Corporation) -- C:\Program Files\UNINSTAL.DLL
[2005/12/01 01:57:44 | 00,197,632 | ---- | C] (Symantec Corporation) -- C:\Program Files\WFXCTRL.DLL
[2005/12/01 01:57:44 | 00,181,760 | ---- | C] (Symantec Corporation) -- C:\Program Files\DCCFAXVW.DLL
[2005/12/01 01:57:44 | 00,128,000 | R--- | C] (Symantec Corporation) -- C:\Program Files\UNINSTUB.DLL
[2005/12/01 01:57:44 | 00,096,768 | R--- | C] (Lotus Development Corporation) -- C:\Program Files\ORGAPI32.GS
[2005/12/01 01:57:44 | 00,084,992 | ---- | C] (Symantec Corporation) -- C:\Program Files\TWPINST.DLL
[2005/12/01 01:57:44 | 00,065,536 | ---- | C] (Symantec Corporation) -- C:\Program Files\EDITREG.EXE
[2005/12/01 01:57:44 | 00,059,392 | R--- | C] (Lotus Development Corporation) -- C:\Program Files\ORGAPI32.DLL
[2005/12/01 01:57:44 | 00,040,448 | R--- | C] (Symantec Corporation) -- C:\Program Files\WTNSETUP.EXE
[2005/12/01 01:57:44 | 00,018,192 | ---- | C] (Microsoft Corporation) -- C:\Program Files\PSAPI.DLL
[2005/12/01 01:57:44 | 00,017,408 | ---- | C] (Symantec Corporation) -- C:\Program Files\WTNINST.DLL
[2005/12/01 01:57:44 | 00,007,168 | ---- | C] (Symantec Corporation) -- C:\Program Files\UNINSHEL.EXE
[2005/12/01 01:57:43 | 01,294,336 | R--- | C] (Symantec Corporation) -- C:\Program Files\WFXVW32C.DLL
[2005/12/01 01:57:43 | 01,167,872 | R--- | C] (Symantec Corporation) -- C:\Program Files\WFXRES32.DLL
[2005/12/01 01:57:43 | 00,839,680 | R--- | C] (Symantec Corporation) -- C:\Program Files\FAXMNG32.EXE
[2005/12/01 01:57:43 | 00,343,040 | ---- | C] (Symantec Corporation) -- C:\Program Files\WFXUT32I.DLL
[2005/12/01 01:57:43 | 00,270,848 | ---- | C] (Symantec Corporation) -- C:\Program Files\WFXIIF32.DLL
[2005/12/01 01:57:43 | 00,173,568 | ---- | C] (Symantec Corporation) -- C:\Program Files\CMPOSFAX.EXE
[2005/12/01 01:57:43 | 00,101,888 | ---- | C] (Symantec Corporation) -- C:\Program Files\WFXUTILU.DLL
[2005/12/01 01:57:42 | 02,090,496 | R--- | C] (Symantec Corporation) -- C:\Program Files\WFXUT32C.DLL
[2005/12/01 01:57:42 | 00,913,920 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LEAD51N.DLL
[2005/12/01 01:57:42 | 00,104,960 | ---- | C] (Symantec Corporation) -- C:\Program Files\RTFCTL32.DLL
[2005/12/01 01:57:42 | 00,073,216 | ---- | C] (Symantec Corporation) -- C:\Program Files\SCTRL.DLL
[2005/12/01 01:57:42 | 00,049,152 | ---- | C] (Symantec Corporation) -- C:\Program Files\WFCATREG.DLL
[2005/12/01 01:57:42 | 00,043,008 | R--- | C] (Symantec Corporation) -- C:\Program Files\SETUPDCC.EXE
[2005/12/01 01:57:42 | 00,028,672 | ---- | C] (Symantec Corp.) -- C:\Program Files\WFORADIN.DLL
[2005/12/01 01:57:42 | 00,028,672 | ---- | C] (Symantec Corp.) -- C:\Program Files\WFOLADIN.DLL
[2005/12/01 01:57:42 | 00,023,552 | ---- | C] (Symantec Corporation) -- C:\Program Files\WFVW32.EXE
[2005/12/01 01:57:42 | 00,013,824 | ---- | C] (Delrina (Canada) Corporation) -- C:\Program Files\WFXSEH32.EXE
[2005/12/01 01:57:42 | 00,011,264 | ---- | C] (Symantec Corporation) -- C:\Program Files\WFOLINTR.DLL
[2005/12/01 01:57:41 | 00,211,968 | ---- | C] (Symantec Corporation) -- C:\Program Files\FVFXS.DLL
[2005/12/01 01:57:41 | 00,049,664 | ---- | C] (Symantec Corporation) -- C:\Program Files\DCCRSRVS.EXE
[2005/12/01 01:57:41 | 00,018,944 | ---- | C] (Symantec Corporation) -- C:\Program Files\DTIIMAGE.DLL
[2005/12/01 01:57:40 | 00,123,904 | ---- | C] (Microsoft Corporation) -- C:\Program Files\CCDIST.EXE
[2005/12/01 01:57:39 | 00,582,656 | ---- | C] (Symantec Corporation) -- C:\Program Files\DCCUTILC.DLL
[2005/12/01 01:57:39 | 00,545,792 | R--- | C] (Symantec Corporation) -- C:\Program Files\DCCUTILI.DLL
[2005/12/01 01:57:39 | 00,268,288 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Program Files\P2bxbse.dll
[2005/12/01 01:57:39 | 00,183,296 | ---- | C] (Symantec Corporation) -- C:\Program Files\CVPWIZ.DLL
[2005/12/01 01:57:35 | 00,102,912 | R--- | C] (Symantec Corporation) -- C:\Program Files\ISUTIL.DLL
[2005/12/01 01:57:35 | 00,052,224 | ---- | C] (Symantec) -- C:\Program Files\LANGCHKA.DLL
[2005/12/01 01:57:35 | 00,038,400 | ---- | C] (Symantec Corporation) -- C:\Program Files\WFXSEH32.DLL
[2005/11/30 23:33:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2005/11/30 23:33:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/11/30 23:12:19 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/11/30 23:12:19 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2003/06/19 11:05:04 | 00,431,888 | --S- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\riched20.dll
[45 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/04 11:55:21 | 06,029,312 | -H-- | M] () -- C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\NTUSER.DAT
[2010/01/04 11:55:04 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Desktop\OTL.exe
[2010/01/04 09:22:10 | 47,395,145 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/01/04 03:39:41 | 00,000,852 | ---- | M] () -- C:\WINDOWS\tasks\backup-1.job
[2010/01/03 10:56:31 | 00,000,599 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/02 09:21:58 | 00,128,265 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/01 03:40:49 | 00,000,852 | ---- | M] () -- C:\WINDOWS\tasks\backup-5.job
[2009/12/31 03:42:25 | 00,000,852 | ---- | M] () -- C:\WINDOWS\tasks\backup-4.job
[2009/12/30 16:26:54 | 00,013,844 | RHS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\ntuser.pol
[2009/12/30 15:02:04 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/30 15:01:56 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\ntuser.ini
[2009/12/30 14:51:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/30 14:51:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/30 09:39:24 | 00,001,998 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\GC-Prevue 17.4.2.lnk
[2009/12/30 03:46:37 | 00,000,852 | ---- | M] () -- C:\WINDOWS\tasks\backup-3.job
[2009/12/29 15:16:47 | 00,051,026 | ---- | M] () -- C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Desktop\OS TUBE.pdf
[2009/12/29 03:39:55 | 00,000,852 | ---- | M] () -- C:\WINDOWS\tasks\backup-2.job
[2009/12/22 14:55:57 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/12/22 14:55:57 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/22 14:42:09 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/12/22 14:42:09 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/12/22 14:42:09 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/12/22 14:42:09 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/12/22 14:42:09 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/12/22 14:14:29 | 00,000,690 | ---- | M] () -- C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Desktop\SpywareBlaster.lnk
[2009/12/21 15:08:19 | 04,277,336 | -H-- | M] () -- C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Application Data\IconCache.db
[2009/12/21 13:42:41 | 00,515,210 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/21 13:42:41 | 00,436,932 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/21 13:42:41 | 00,069,032 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/21 13:39:22 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2009/12/21 13:37:55 | 00,298,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/21 12:33:24 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/12/21 12:32:52 | 00,004,757 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/21 12:03:08 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/12/21 11:50:19 | 00,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2009/12/21 11:49:20 | 00,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2009/12/21 11:48:39 | 00,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/12/21 11:47:08 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/12/21 11:47:08 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/12/21 11:47:08 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/12/21 11:47:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2009/12/21 11:47:08 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/12/21 11:47:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/12/21 11:47:06 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/12/21 11:47:06 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/12/21 11:47:05 | 00,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2009/12/21 11:47:03 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/12/21 11:46:18 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/12/21 11:46:18 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/12/21 11:46:14 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/12/21 11:46:14 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/12/21 11:46:14 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/12/21 11:46:14 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/12/21 11:46:14 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/12/21 11:46:14 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/12/21 11:44:47 | 00,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/12/21 11:44:46 | 00,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2009/12/21 11:44:46 | 00,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2009/12/10 17:01:45 | 00,071,724 | ---- | M] () -- C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\My Documents\F205593.pdf
[2009/12/09 22:54:07 | 00,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/12/07 18:04:12 | 00,084,074 | ---- | M] () -- C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Desktop\G D page 1.pdf
[45 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/30 09:39:24 | 00,001,998 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\GC-Prevue 17.4.2.lnk
[2009/12/29 15:16:47 | 00,051,026 | ---- | C] () -- C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Desktop\OS TUBE.pdf
[2009/12/22 14:14:29 | 00,000,690 | ---- | C] () -- C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Desktop\SpywareBlaster.lnk
[2009/12/21 12:32:58 | 00,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2009/12/21 12:02:28 | 00,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2009/12/21 12:02:28 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2009/12/21 12:02:28 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2009/12/21 12:02:28 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2009/12/21 12:02:28 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2009/12/21 12:02:28 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2009/12/21 12:02:28 | 00,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2009/12/21 12:02:28 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2009/12/21 12:02:28 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2009/12/21 12:02:28 | 00,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2009/12/21 12:02:28 | 00,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2009/12/21 12:02:28 | 00,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2009/12/21 12:02:28 | 00,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2009/12/21 12:02:28 | 00,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2009/12/21 12:02:28 | 00,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2009/12/21 12:02:27 | 00,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2009/12/21 12:02:27 | 00,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2009/12/21 12:02:27 | 00,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2009/12/21 12:02:27 | 00,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2009/12/21 12:02:27 | 00,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2009/12/21 12:02:27 | 00,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
[2009/12/21 12:02:27 | 00,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2009/12/21 12:02:27 | 00,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2009/12/21 12:02:27 | 00,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2009/12/21 12:02:27 | 00,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2009/12/21 12:02:27 | 00,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2009/12/21 12:02:27 | 00,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2009/12/21 12:02:27 | 00,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2009/12/21 12:02:27 | 00,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2009/12/21 12:02:27 | 00,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2009/12/21 12:02:27 | 00,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2009/12/21 12:02:27 | 00,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2009/12/21 12:02:27 | 00,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2009/12/21 12:02:27 | 00,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2009/12/21 12:02:27 | 00,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2009/12/21 12:02:27 | 00,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2009/12/21 12:02:27 | 00,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2009/12/21 12:02:27 | 00,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2009/12/21 12:02:27 | 00,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2009/12/21 12:02:27 | 00,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2009/12/21 12:02:27 | 00,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2009/12/21 12:02:27 | 00,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2009/12/21 12:02:27 | 00,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2009/12/21 12:02:27 | 00,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2009/12/21 12:02:27 | 00,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2009/12/21 12:02:27 | 00,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2009/12/21 12:02:27 | 00,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2009/12/21 12:02:27 | 00,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2009/12/21 12:02:27 | 00,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
[2009/12/21 12:02:27 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2009/12/21 12:02:27 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2009/12/21 12:02:27 | 00,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2009/12/21 12:02:27 | 00,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2009/12/21 12:02:27 | 00,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2009/12/21 12:02:27 | 00,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2009/12/21 12:02:27 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2009/12/21 12:02:27 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2009/12/21 12:02:27 | 00,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2009/12/21 12:02:27 | 00,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2009/12/21 12:02:27 | 00,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2009/12/21 12:02:27 | 00,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2009/12/21 12:02:27 | 00,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2009/12/21 12:02:27 | 00,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2009/12/21 12:02:27 | 00,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2009/12/21 12:02:27 | 00,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2009/12/21 12:02:27 | 00,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2009/12/21 12:02:27 | 00,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2009/12/21 12:02:27 | 00,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2009/12/21 12:02:27 | 00,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2009/12/21 12:02:27 | 00,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2009/12/21 12:02:27 | 00,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2009/12/21 12:02:26 | 00,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2009/12/21 12:02:26 | 00,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2009/12/21 12:02:26 | 00,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2009/12/21 12:02:26 | 00,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2009/12/21 12:02:26 | 00,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2009/12/21 12:02:26 | 00,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2009/12/21 12:02:26 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2009/12/21 12:02:26 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2009/12/21 12:02:26 | 00,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2009/12/21 12:02:26 | 00,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2009/12/21 12:02:26 | 00,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2009/12/21 12:00:59 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2009/12/21 12:00:59 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2009/12/21 12:00:59 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2009/12/21 11:49:20 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2009/12/21 11:48:39 | 00,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/12/21 11:48:05 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/12/21 11:47:58 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009/12/21 11:47:49 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2009/12/21 11:47:45 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2009/12/21 11:47:08 | 00,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/12/21 11:47:08 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/12/21 11:47:08 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/12/21 11:47:08 | 00,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2009/12/21 11:47:08 | 00,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2009/12/21 11:47:06 | 00,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml
[2009/12/21 11:47:06 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/12/21 11:47:06 | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/12/21 11:47:05 | 00,299,552 | ---- | C] () -- C:\WINDOWS\WMSysPrx.prx
[2009/12/21 11:46:18 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/12/21 11:46:18 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/12/21 11:46:14 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/12/21 11:46:14 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/12/21 11:46:14 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/12/21 11:46:14 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/12/21 11:46:14 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/12/21 11:46:14 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/12/21 11:45:34 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2009/12/21 11:45:34 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2009/12/21 11:44:47 | 00,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/12/21 11:44:22 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2009/12/21 11:44:22 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2009/12/21 11:44:22 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2009/12/21 11:44:22 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2009/12/21 11:44:21 | 00,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2009/12/21 11:44:21 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2009/12/21 11:44:21 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2009/12/21 11:44:21 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2009/12/21 11:44:21 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2009/12/21 11:44:21 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2009/12/21 11:44:21 | 00,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2009/12/21 11:44:21 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2009/12/21 11:44:21 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2009/12/21 11:44:20 | 00,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2009/12/21 11:44:20 | 00,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2009/12/21 11:44:20 | 00,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2009/12/21 11:44:20 | 00,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2009/12/21 11:44:20 | 00,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2009/12/21 11:44:20 | 00,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2009/12/21 11:44:18 | 00,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2009/12/21 11:44:18 | 00,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2009/12/21 11:44:17 | 00,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2009/12/21 11:44:08 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2009/12/21 06:39:06 | 00,004,757 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/12/21 06:38:45 | 00,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2009/12/21 06:38:40 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/12/21 06:38:40 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/12/21 06:38:40 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/12/21 06:38:40 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009/12/21 06:38:40 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/12/21 06:38:40 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/12/21 06:38:11 | 00,298,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/21 06:37:23 | 00,000,281 | RHS- | C] () -- C:\boot.ini
[2009/12/21 06:37:23 | 00,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/12/16 13:27:31 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/12/16 11:08:31 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2009/12/16 11:08:31 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2009/12/16 11:08:15 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2009/12/16 11:04:59 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2009/12/16 11:04:58 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2009/12/16 10:56:26 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2009/12/16 10:55:11 | 00,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2009/12/16 10:55:11 | 00,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2009/12/16 10:55:10 | 00,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2009/12/16 10:55:10 | 00,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2009/12/16 10:55:09 | 00,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2009/12/16 10:53:51 | 00,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2009/12/16 10:53:51 | 00,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2009/12/16 10:53:51 | 00,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2009/12/16 10:52:30 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009/12/16 10:52:30 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2009/12/16 10:52:29 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009/12/16 10:52:29 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2009/12/16 10:52:29 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2009/12/16 10:52:29 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009/12/16 10:52:28 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009/12/16 10:52:27 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2009/12/16 10:52:27 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2009/12/16 10:52:27 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2009/12/16 10:52:27 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2009/12/16 10:52:27 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2009/12/16 10:52:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2009/12/16 10:52:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2009/12/16 10:52:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2009/12/16 10:52:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2009/12/16 10:52:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2009/12/16 10:52:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2009/12/16 10:52:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2009/12/16 10:52:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2009/12/16 10:52:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2009/12/16 10:52:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2009/12/16 10:52:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2009/12/16 10:52:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2009/12/16 10:52:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2009/12/16 10:52:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2009/12/16 10:52:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2009/12/16 10:52:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2009/12/16 10:52:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2009/12/16 10:52:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2009/12/16 10:52:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2009/12/16 10:52:22 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2009/12/16 10:52:22 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2009/12/16 10:52:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2009/12/16 10:52:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2009/12/16 10:52:21 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2009/12/16 10:52:21 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2009/12/16 10:52:21 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2009/12/16 10:52:21 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2009/12/16 10:52:20 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2009/12/16 10:52:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2009/12/16 10:52:19 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2009/12/16 10:52:19 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2009/12/16 10:52:19 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2009/12/16 10:52:19 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2009/12/16 10:52:19 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2009/12/16 10:52:18 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2009/12/16 10:52:18 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2009/12/16 10:52:18 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2009/12/16 10:52:18 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2009/12/16 10:52:18 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2009/12/16 10:52:17 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2009/12/16 10:52:17 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009/12/16 10:52:16 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2009/12/16 10:52:16 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2009/12/16 10:52:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009/12/16 10:52:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009/12/16 10:52:15 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2009/12/16 10:52:04 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2009/12/16 10:52:01 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2009/12/16 10:51:42 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2009/12/16 10:51:42 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2009/12/16 10:51:42 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2009/12/16 10:51:41 | 00,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2009/12/16 10:51:41 | 00,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2009/12/16 10:51:41 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2009/12/16 10:51:40 | 00,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2009/12/16 10:51:40 | 00,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2009/12/16 10:51:39 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2009/12/16 10:51:34 | 00,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2009/12/14 13:29:51 | 00,000,585 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Controller.LNK
[2009/12/14 11:50:27 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/12/14 11:50:23 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/12/14 11:49:08 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/12/14 11:49:08 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/12/14 11:49:08 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/12/14 11:49:08 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/10 17:01:45 | 00,071,724 | ---- | C] () -- C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\My Documents\F205593.pdf
[2009/12/07 18:04:12 | 00,084,074 | ---- | C] () -- C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Desktop\G D page 1.pdf
[2009/01/27 12:55:35 | 00,000,028 | ---- | C] () -- C:\WINDOWS\VOLOV EReg.ini
[2009/01/26 15:46:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2007/03/01 07:44:16 | 00,000,083 | ---- | C] () -- C:\WINDOWS\gbsaver.ini
[2006/10/31 13:20:33 | 00,000,233 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2006/10/18 10:20:01 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2006/05/04 05:49:03 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/02 14:57:06 | 00,000,033 | ---- | C] () -- C:\WINDOWS\BiMonitor.ini
[2006/03/02 14:57:02 | 00,028,696 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2006/02/22 18:15:12 | 00,000,111 | ---- | C] () -- C:\WINDOWS\IMAGER32.INI
[2006/02/22 16:29:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WTNSETUP.INI
[2006/02/22 16:22:55 | 00,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL
[2006/02/22 16:22:54 | 00,000,250 | ---- | C] () -- C:\WINDOWS\WINFAX.INI
[2006/02/22 16:22:53 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2005/12/28 09:02:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SCI.INI
[2005/12/23 14:12:22 | 00,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
[2005/12/02 13:17:45 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/01 15:26:08 | 00,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2005/12/01 01:58:32 | 00,001,129 | R--- | C] () -- C:\Program Files\SUPPORT.cnt
[2005/12/01 01:58:31 | 00,000,409 | R--- | C] () -- C:\Program Files\CUnInstl.iss
[2005/12/01 01:58:27 | 00,027,648 | R--- | C] () -- C:\Program Files\WFXSWTCH.exe
[2005/12/01 01:57:54 | 00,098,304 | ---- | C] () -- C:\Program Files\WFXUHOOK.EXE
[2005/12/01 01:57:54 | 00,090,112 | ---- | C] () -- C:\Program Files\WTNUHOOK.EXE
[2005/12/01 01:57:50 | 00,177,152 | R--- | C] () -- C:\Program Files\WFSUPGR.DLL
[2005/12/01 01:57:50 | 00,028,636 | R--- | C] () -- C:\Program Files\WFXPACT4.HLP
[2005/12/01 01:57:50 | 00,024,893 | R--- | C] () -- C:\Program Files\WFXPGM4S.HLP
[2005/12/01 01:57:50 | 00,023,888 | R--- | C] () -- C:\Program Files\WFXPORG3.HLP
[2005/12/01 01:57:50 | 00,004,809 | ---- | C] () -- C:\Program Files\PAGER.INF
[2005/12/01 01:57:48 | 00,527,664 | ---- | C] () -- C:\Program Files\ENGLISH.LC
[2005/12/01 01:57:48 | 00,497,152 | ---- | C] () -- C:\Program Files\CAPICOMP.DLL
[2005/12/01 01:57:48 | 00,206,848 | ---- | C] () -- C:\Program Files\NCWIZARD.DLL
[2005/12/01 01:57:48 | 00,189,952 | ---- | C] () -- C:\Program Files\CCTRCDMP.EXE
[2005/12/01 01:57:48 | 00,000,227 | ---- | C] () -- C:\Program Files\CTISENDB.FXJ
[2005/12/01 01:57:48 | 00,000,087 | ---- | C] () -- C:\Program Files\NetCentric.inf
[2005/12/01 01:57:47 | 00,180,983 | ---- | C] () -- C:\Program Files\UKENG.SPL
[2005/12/01 01:57:47 | 00,178,610 | ---- | C] () -- C:\Program Files\USENG.SPL
[2005/12/01 01:57:47 | 00,165,376 | ---- | C] () -- C:\Program Files\ELSAMLO.DLL
[2005/12/01 01:57:47 | 00,156,672 | ---- | C] () -- C:\Program Files\KAPTIX.DLL
[2005/12/01 01:57:47 | 00,156,160 | ---- | C] () -- C:\Program Files\USRMOD.DLL
[2005/12/01 01:57:47 | 00,127,488 | ---- | C] () -- C:\Program Files\WFXPING.EXE
[2005/12/01 01:57:47 | 00,081,408 | ---- | C] () -- C:\Program Files\wfxftco.dll
[2005/12/01 01:57:47 | 00,027,648 | ---- | C] () -- C:\Program Files\hostutil.exe
[2005/12/01 01:57:47 | 00,015,533 | ---- | C] () -- C:\Program Files\CAPIINFO.DB
[2005/12/01 01:57:47 | 00,003,384 | ---- | C] () -- C:\Program Files\CAPICHKR.TLB
[2005/12/01 01:57:47 | 00,001,181 | ---- | C] () -- C:\Program Files\WFXEXT.ECF
[2005/12/01 01:57:46 | 00,082,160 | ---- | C] () -- C:\Program Files\WFCVR32.REP
[2005/12/01 01:57:46 | 00,082,114 | ---- | C] () -- C:\Program Files\WFCVR32.RUL
[2005/12/01 01:57:46 | 00,080,235 | ---- | C] () -- C:\Program Files\WFCVR32.HLP
[2005/12/01 01:57:46 | 00,002,996 | R--- | C] () -- C:\Program Files\WFCVR32.CNT
[2005/12/01 01:57:44 | 01,130,314 | R--- | C] () -- C:\Program Files\WINFAX.HLP
[2005/12/01 01:57:44 | 00,422,400 | ---- | C] () -- C:\Program Files\symdiag.exe
[2005/12/01 01:57:44 | 00,295,424 | ---- | C] () -- C:\Program Files\WFXIPSRV.DLL
[2005/12/01 01:57:44 | 00,144,384 | ---- | C] () -- C:\Program Files\WFXSNDLOG.DLL
[2005/12/01 01:57:44 | 00,142,100 | ---- | C] () -- C:\Program Files\WFXCOVER.DAT
[2005/12/01 01:57:44 | 00,075,264 | ---- | C] () -- C:\Program Files\MINIVIEW.EXE
[2005/12/01 01:57:44 | 00,038,400 | ---- | C] () -- C:\Program Files\MIGRATE.EXE
[2005/12/01 01:57:44 | 00,015,872 | ---- | C] () -- C:\Program Files\REPORTING.EXE
[2005/12/01 01:57:44 | 00,015,814 | R--- | C] () -- C:\Program Files\symdiag.hlp
[2005/12/01 01:57:44 | 00,007,901 | ---- | C] () -- C:\Program Files\CCARDS.REG
[2005/12/01 01:57:44 | 00,007,699 | ---- | C] () -- C:\Program Files\WFXCTL32.REG
[2005/12/01 01:57:44 | 00,004,948 | ---- | C] () -- C:\Program Files\CPLAPP.REG
[2005/12/01 01:57:44 | 00,003,888 | ---- | C] () -- C:\Program Files\PRNDRVI.EXE
[2005/12/01 01:57:44 | 00,003,216 | R--- | C] () -- C:\Program Files\WINFAX.CNT
[2005/12/01 01:57:44 | 00,002,532 | ---- | C] () -- C:\Program Files\WFXIPSRV.TLB
[2005/12/01 01:57:44 | 00,002,401 | ---- | C] () -- C:\Program Files\REUTIL.CFG
[2005/12/01 01:57:44 | 00,001,421 | ---- | C] () -- C:\Program Files\OEMSETUP.INF
[2005/12/01 01:57:44 | 00,001,078 | ---- | C] () -- C:\Program Files\FAXMNG32.ICO
[2005/12/01 01:57:44 | 00,000,967 | ---- | C] () -- C:\Program Files\WFXDEL.PIF
[2005/12/01 01:57:44 | 00,000,917 | ---- | C] () -- C:\Program Files\UNIDRV.INF
[2005/12/01 01:57:44 | 00,000,389 | ---- | C] () -- C:\Program Files\WFXSEH32.REG
[2005/12/01 01:57:44 | 00,000,378 | ---- | C] () -- C:\Program Files\OLDAPPS.LST
[2005/12/01 01:57:44 | 00,000,133 | ---- | C] () -- C:\Program Files\LANGUAGE.ID
[2005/12/01 01:57:44 | 00,000,020 | ---- | C] () -- C:\Program Files\OPTIMIZE.BAT
[2005/12/01 01:57:44 | 00,000,019 | ---- | C] () -- C:\Program Files\REBUILD.BAT
[2005/12/01 01:57:44 | 00,000,016 | ---- | C] () -- C:\Program Files\UPDREG.BAT
[2005/12/01 01:57:43 | 00,082,403 | ---- | C] () -- C:\Program Files\WINFAX.REP
[2005/12/01 01:57:43 | 00,082,164 | ---- | C] () -- C:\Program Files\WINFAX.RUL
[2005/12/01 01:57:43 | 00,082,160 | ---- | C] () -- C:\Program Files\WFXHAL.REP
[2005/12/01 01:57:43 | 00,082,160 | ---- | C] () -- C:\Program Files\WFVW32.REP
[2005/12/01 01:57:43 | 00,082,160 | ---- | C] () -- C:\Program Files\WFQVW32.REP
[2005/12/01 01:57:43 | 00,082,114 | ---- | C] () -- C:\Program Files\WFXHAL.RUL
[2005/12/01 01:57:43 | 00,082,114 | ---- | C] () -- C:\Program Files\WFVW32.RUL
[2005/12/01 01:57:43 | 00,082,114 | ---- | C] () -- C:\Program Files\WFQVW32.RUL
[2005/12/01 01:57:43 | 00,030,208 | ---- | C] () -- C:\Program Files\WFXUTILV.DLL
[2005/12/01 01:57:43 | 00,020,992 | ---- | C] () -- C:\Program Files\FAXMNG.EXE
[2005/12/01 01:57:43 | 00,000,097 | ---- | C] () -- C:\Program Files\DEBUGON.REG
[2005/12/01 01:57:43 | 00,000,097 | ---- | C] () -- C:\Program Files\DEBUGOFF.REG
[2005/12/01 01:57:42 | 00,549,376 | R--- | C] () -- C:\Program Files\WFXCTL32.EXE
[2005/12/01 01:57:42 | 00,243,680 | ---- | C] () -- C:\Program Files\WFQVW32.HLP
[2005/12/01 01:57:42 | 00,166,580 | ---- | C] () -- C:\Program Files\PROSPLSH.BMP
[2005/12/01 01:57:42 | 00,093,184 | R--- | C] () -- C:\Program Files\PDKDETEC.DLL
[2005/12/01 01:57:42 | 00,080,214 | ---- | C] () -- C:\Program Files\WFVW32.HLP
[2005/12/01 01:57:42 | 00,032,768 | ---- | C] () -- C:\Program Files\REGACCES.EXE
[2005/12/01 01:57:42 | 00,031,228 | ---- | C] () -- C:\Program Files\WFXCTL32.TLB
[2005/12/01 01:57:42 | 00,025,600 | R--- | C] () -- C:\Program Files\WFXBKUP.EXE
[2005/12/01 01:57:42 | 00,020,539 | R--- | C] () -- C:\Program Files\WFXHAL.HLP
[2005/12/01 01:57:42 | 00,012,900 | ---- | C] () -- C:\Program Files\PROABOUT.BMP
[2005/12/01 01:57:42 | 00,011,893 | ---- | C] () -- C:\Program Files\PROSUPPT.HLP
[2005/12/01 01:57:42 | 00,006,049 | ---- | C] () -- C:\Program Files\WFXTIPS.TXT
[2005/12/01 01:57:42 | 00,003,415 | R--- | C] () -- C:\Program Files\WFVW32.CNT
[2005/12/01 01:57:42 | 00,002,130 | ---- | C] () -- C:\Program Files\SEWELCOM.TXT
[2005/12/01 01:57:42 | 00,001,276 | R--- | C] () -- C:\Program Files\WFQVW32.CNT
[2005/12/01 01:57:42 | 00,001,078 | ---- | C] () -- C:\Program Files\WFVW32.ICO
[2005/12/01 01:57:42 | 00,000,745 | ---- | C] () -- C:\Program Files\PROABOUT.CFG
[2005/12/01 01:57:42 | 00,000,248 | ---- | C] () -- C:\Program Files\PROREG.PRD
[2005/12/01 01:57:42 | 00,000,235 | ---- | C] () -- C:\Program Files\PROSETUP.INF
[2005/12/01 01:57:41 | 00,209,313 | ---- | C] () -- C:\Program Files\INSNTPRI.LSZ
[2005/12/01 01:57:41 | 00,019,968 | ---- | C] () -- C:\Program Files\DELFIX.EXE
[2005/12/01 01:57:41 | 00,018,432 | ---- | C] () -- C:\Program Files\INSPRINT.EXE
[2005/12/01 01:57:41 | 00,004,710 | ---- | C] () -- C:\Program Files\DRAGDROP.ICO
[2005/12/01 01:57:40 | 00,272,384 | ---- | C] () -- C:\Program Files\DBFIX.EXE
[2005/12/01 01:57:40 | 00,050,862 | ---- | C] () -- C:\Program Files\CITY.INI
[2005/12/01 01:57:40 | 00,015,248 | ---- | C] () -- C:\Program Files\CITY2.INI
[2005/12/01 01:57:40 | 00,009,486 | ---- | C] () -- C:\Program Files\CITY1.INI
[2005/12/01 01:57:39 | 00,416,768 | ---- | C] () -- C:\Program Files\FAX.AVI
[2005/12/01 01:57:39 | 00,094,178 | ---- | C] () -- C:\Program Files\DCCMODEM.DAT
[2005/12/01 01:57:39 | 00,059,340 | ---- | C] () -- C:\Program Files\OutgoingType.rpt
[2005/12/01 01:57:39 | 00,058,959 | ---- | C] () -- C:\Program Files\OutgoingRecipient.rpt
[2005/12/01 01:57:39 | 00,058,958 | ---- | C] () -- C:\Program Files\OutgoingCompany.rpt
[2005/12/01 01:57:39 | 00,058,836 | ---- | C] () -- C:\Program Files\OutgoingDialedNumb.rpt
[2005/12/01 01:57:39 | 00,058,805 | ---- | C] () -- C:\Program Files\OutgoingDate.rpt
[2005/12/01 01:57:39 | 00,048,459 | ---- | C] () -- C:\Program Files\incomingCSID.rpt
[2005/12/01 01:57:39 | 00,048,358 | ---- | C] () -- C:\Program Files\IncomingDate.rpt
[2005/12/01 01:57:39 | 00,048,352 | ---- | C] () -- C:\Program Files\IncomingMbox.rpt
[2005/12/01 01:57:39 | 00,048,303 | ---- | C] () -- C:\Program Files\IncomingType.rpt
[2005/12/01 01:57:39 | 00,000,026 | ---- | C] () -- C:\Program Files\SENDLOG.FXJ
[2005/12/01 01:57:39 | 00,000,026 | ---- | C] () -- C:\Program Files\SENDDLG.FXJ
[2005/12/01 01:57:39 | 00,000,026 | ---- | C] () -- C:\Program Files\PHONEBK.FXJ
[2005/12/01 01:57:39 | 00,000,026 | ---- | C] () -- C:\Program Files\OUTBOX.FXJ
[2005/12/01 01:57:39 | 00,000,026 | ---- | C] () -- C:\Program Files\DIALING.FXJ
[2005/12/01 01:57:39 | 00,000,026 | ---- | C] () -- C:\Program Files\COVER.FXJ
[2005/12/01 01:57:39 | 00,000,026 | ---- | C] () -- C:\Program Files\ATTACH.FXJ
[2005/12/01 01:57:39 | 00,000,009 | ---- | C] () -- C:\Program Files\rpt.rpt
[2005/12/01 01:57:38 | 00,018,340 | R--- | C] () -- C:\Program Files\SUPPORT.HLP
[2005/12/01 01:57:38 | 00,015,905 | ---- | C] () -- C:\Program Files\README.TXT
[2005/12/01 01:57:37 | 00,000,248 | ---- | C] () -- C:\Program Files\REGDATA.PRD
[2005/12/01 01:57:35 | 00,554,167 | ---- | C] () -- C:\Program Files\WFXUNIST.ISU
[2005/12/01 01:57:35 | 00,166,580 | ---- | C] () -- C:\Program Files\SPLASH.BMP
[2005/12/01 01:57:35 | 00,055,224 | ---- | C] () -- C:\Program Files\LOGO.BMP
[2005/12/01 01:57:35 | 00,015,360 | ---- | C] () -- C:\Program Files\DCEXPAND.DLL
[2005/12/01 01:57:35 | 00,014,264 | ---- | C] () -- C:\Program Files\ABOUT.BMP
[2005/12/01 01:57:35 | 00,009,357 | ---- | C] () -- C:\Program Files\license.txt
[2005/12/01 01:57:35 | 00,000,761 | ---- | C] () -- C:\Program Files\ABOUT.CFG
[2005/12/01 01:57:35 | 00,000,486 | ---- | C] () -- C:\Program Files\SETUP.INF
[2005/11/30 17:27:29 | 00,000,118 | ---- | C] () -- C:\WINDOWS\USRWIZ.INI
[2005/11/30 17:25:11 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/30 17:14:24 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll
[2005/11/30 17:11:19 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\RTCOMDLL.dll
[2005/11/30 17:11:18 | 00,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/11/30 17:09:59 | 00,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/11/30 16:58:32 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/11/30 16:56:26 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/11/30 16:56:26 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/11/30 16:56:26 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2004/12/17 17:14:44 | 00,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/10 16:30:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\JPEG32.DLL
[2001/12/26 16:12:30 | 00,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/28 13:44:58 | 00,257,536 | ---- | C] () -- C:\WINDOWS\System32\BiImg.dll
[2001/09/03 23:46:38 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/08/10 18:37:54 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/07/30 16:33:56 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2000/01/05 12:51:22 | 00,101,376 | ---- | C] () -- C:\WINDOWS\System32\Welsof32.dll
< End of report >
EXTRAS.TXT -
OTL Extras logfile created on: 1/4/2010 11:56:21 AM - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\Fayiz.CETEK-5X8J0QP22\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 293.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 153.38 Gb Total Space | 119.61 Gb Free Space | 77.98% Space Free | Partition Type: NTFS
Drive D: | 153.38 Gb Total Space | 153.19 Gb Free Space | 99.88% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 9.23 Gb Free Space | 3.96% Space Free | Partition Type: NTFS
Drive G: | 435.68 Gb Total Space | 277.37 Gb Free Space | 63.66% Space Free | Partition Type: NTFS
Drive H: | 435.68 Gb Total Space | 277.37 Gb Free Space | 63.66% Space Free | Partition Type: NTFS
Drive I: | 435.68 Gb Total Space | 277.37 Gb Free Space | 63.66% Space Free | Partition Type: NTFS
Drive J: | 435.68 Gb Total Space | 277.37 Gb Free Space | 63.66% Space Free | Partition Type: NTFS

Computer Name: FAX
Current User Name: Fayiz
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"9124:TCP" = 9124:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"5695:TCP" = 5695:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"9124:TCP" = 9124:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"5695:TCP" = 5695:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Fayiz Old_3\Program Files\Messenger\YahooMessenger.exe" = C:\Fayiz Old_3\Program Files\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Fayiz Old_3\Program Files\Messenger\YahooMessenger.exe" = C:\Fayiz Old_3\Program Files\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0576A3D0-0000-0409-0000-491C453655D7}" = Autodesk Volo View 3.0
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI DVD-Maker
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{23E5032B-56CA-4C19-A72E-B50161DB82CA}" = Shadow Copy Client
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{2D40C5CF-BDAB-48A9-AEF8-4D13486784FE}" = NTI DriveBackup! 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{39E58841-B016-11D4-B541-00001C0919A4}" = PKZIP for Windows - Registered Version
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{40B0A7CC-1676-43E9-8444-2EF2377E87B8}" = ScanSoft PDF Professional 4
"{41F8F89F-4638-4201-8072-D610F61506C9}" = SolidWorks eDrawings 2009
"{4780F600-0001-0409-0000-114715ACF216}" = Autodesk Inventor Plug-In 8.0
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{560976C5-925A-4AA2-B28D-0493FE886F5F}" = ScanSoft OmniPage 15.0
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85029BEA-B18E-11D4-B541-00001C0919A4}" = PKZIP Explorer - Registered Version
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90E00409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{93352A14-437E-4DB2-9CB8-463D0649B5DE}" = MA111 Configuration Utility
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5670-0000-800000000003}" = Korean Fonts Support For Adobe Reader 8
"{B8EA2D6A-3EC4-4DC4-B588-123B7D38B493}" = eDrawings 2006
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD-Maker
"{C6A36D2A-AC05-11D4-B541-00001C0919A4}" = PKZIP Command Line - Registered Version
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D69F2D16-1CF5-43CA-AB62-0F716F5777A7}" = Kubotek Spectrum 5.2
"{EA23971F-2CEE-48FC-B64D-7F74A6EF90F0}" = XMLinst
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FEC56D56-5E4A-4AE0-94E6-823193E62E9A}" = ScanSoft PaperPort 10.0
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"{FFB61742-3942-4EC0-B7B6-0B32695CB436}" = GC-Prevue 17.4.2
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8 Professional
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"AVG9Uninstall" = AVG Free 9.0
"Belarc Advisor 2.0" = Belarc Advisor 7.2
"Connections" = 3Com Corporate Connections
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImageR 32 5.1.0.4" = ImageR 32 5.1.0.4
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI DVD-Maker
"InstallShield_{2D40C5CF-BDAB-48A9-AEF8-4D13486784FE}" = NTI DriveBackup! 4
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD-Maker 6 Standard
"IrfanView" = IrfanView (remove only)
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (2.0.0.1)" = Mozilla Firefox (2.0.0.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"Netscape (7.2)" = Netscape (7.2)
"Netscape Browser" = Netscape Browser (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa2" = Picasa 2
"PROSet" = Intel® PRO Network Adapters and Drivers
"SolidView Pro" = SolidView Pro
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Tracks Eraser Pro_is1" = Tracks Eraser Pro v5.2
"TweakMP9" = Windows Media Player 9 Series TweakMP PowerToy
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"Visioneer Strobe XP 200" = Visioneer Strobe XP 200
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinFax" = Symantec WinFax PRO
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3969987740-3737111307-4009118071-1148\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting/GoToWebinar 3.0.0.190

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/22/2009 10:29:25 AM | Computer Name = FAX-MACHINE | Source = Application Hang | ID = 1001
Description = Fault bucket 02390826.

Error - 12/23/2009 9:32:57 AM | Computer Name = FAX-MACHINE | Source = Application Error | ID = 1000
Description = Faulting application yahoomessenger.exe, version 9.0.0.2162, faulting
module ycpfoundation.dll, version 9.0.0.54871, fault address 0x00026cf0.

Error - 12/23/2009 9:32:59 AM | Computer Name = FAX-MACHINE | Source = Application Error | ID = 1001
Description = Fault bucket 1293945096.

Error - 12/28/2009 11:59:27 AM | Computer Name = FAX-MACHINE | Source = Application Error | ID = 1000
Description = Faulting application netscp.exe, version 7.2.0.0, faulting module
js3250.dll, version 4.0.0.0, fault address 0x00027feb.

Error - 12/28/2009 11:59:30 AM | Computer Name = FAX-MACHINE | Source = Application Error | ID = 1001
Description = Fault bucket 131431305.

Error - 12/29/2009 10:53:20 AM | Computer Name = FAX-MACHINE | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The specified
domain either does not exist or could not be contacted. ). Group Policy processing
aborted.

Error - 12/29/2009 5:16:59 PM | Computer Name = FAX-MACHINE | Source = Application Error | ID = 1000
Description = Faulting application netscp.exe, version 7.2.0.0, faulting module
msgimap.dll, version 1.7.20040.14879, fault address 0x00008df8.

Error - 12/30/2009 10:57:45 AM | Computer Name = FAX-MACHINE | Source = Application Error | ID = 1000
Description = Faulting application gcprevue.exe, version 9.4.2.0, faulting module
unknown, version 0.0.0.0, fault address 0x3db89ad5.

Error - 1/1/2010 6:01:42 PM | Computer Name = FAX | Source = Application Error | ID = 1000
Description = Faulting application yahoomessenger.exe, version 9.0.0.2162, faulting
module ycpfoundation.dll, version 9.0.0.54871, fault address 0x00026cf0.

Error - 1/1/2010 6:01:44 PM | Computer Name = FAX | Source = Application Error | ID = 1001
Description = Fault bucket 1293945096.

[ System Events ]
Error - 12/29/2009 12:46:21 PM | Computer Name = FAX-MACHINE | Source = NETLOGON | ID = 5789
Description = Attempt to update DNS Host Name of the computer object in Active Directory
failed. The updated value was 'FAX-MACHINE'. The following error occurred: %%87

Error - 12/29/2009 3:37:52 PM | Computer Name = FAX-MACHINE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007f0f4: Update for Windows XP (KB976098).

Error - 12/29/2009 6:02:24 PM | Computer Name = FAX-MACHINE | Source = NETLOGON | ID = 5789
Description = Attempt to update DNS Host Name of the computer object in Active Directory
failed. The updated value was 'FAX-MACHINE'. The following error occurred: %%87

Error - 12/29/2009 11:17:27 PM | Computer Name = FAX-MACHINE | Source = NETLOGON | ID = 5789
Description = Attempt to update DNS Host Name of the computer object in Active Directory
failed. The updated value was 'FAX-MACHINE'. The following error occurred: %%87

Error - 12/30/2009 4:41:32 AM | Computer Name = FAX-MACHINE | Source = NETLOGON | ID = 5789
Description = Attempt to update DNS Host Name of the computer object in Active Directory
failed. The updated value was 'FAX-MACHINE'. The following error occurred: %%87

Error - 12/30/2009 9:54:39 AM | Computer Name = FAX-MACHINE | Source = NETLOGON | ID = 5789
Description = Attempt to update DNS Host Name of the computer object in Active Directory
failed. The updated value was 'FAX-MACHINE'. The following error occurred: %%87

Error - 12/30/2009 2:48:42 PM | Computer Name = FAX-MACHINE | Source = NETLOGON | ID = 5789
Description = Attempt to update DNS Host Name of the computer object in Active Directory
failed. The updated value was 'FAX-MACHINE'. The following error occurred: %%87

Error - 12/30/2009 3:18:07 PM | Computer Name = FAX-MACHINE | Source = NETLOGON | ID = 5789
Description = Attempt to update DNS Host Name of the computer object in Active Directory
failed. The updated value was 'FAX-MACHINE'. The following error occurred: %%87

Error - 12/31/2009 4:03:39 PM | Computer Name = FAX | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007f0f4: Update for Windows XP (KB976098).

Error - 12/31/2009 4:16:50 PM | Computer Name = FAX | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007f0f4: Update for Windows XP (KB976098).


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:40 AM

Posted 04 January 2010 - 01:04 PM

Hi,

did you do a destructive rebuild? Meaning did you format your PC and play back the backup?

Please run a scan with Mbam:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

And also a scan with gmer:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Please post the logs from Malwarebytes and gmer in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Crowbar

Crowbar
  • Topic Starter

  • Security Colleague
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:40 PM

Posted 05 January 2010 - 08:23 AM

I won't be in front of that computer until tomorrow, Wednesday. I will post logs then.
Thanks for your help so far.

#6 Crowbar

Crowbar
  • Topic Starter

  • Security Colleague
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:40 PM

Posted 06 January 2010 - 11:25 AM

Hello,
I got some access time on the computer this morning, ran MBAM and got a clean bill of health, I will attach the log at the end of this post. I ran GMER twice and it froze the computer. Before I could try it in safe mode, I was thrown off of the computer by the boss. He had work to do on it. I will set it up tonight to run overnight when nobody is here, but I am afraid I will have to run it in safe mode, as it freezes the computer when run in normal mode. Unless you have another rootkit detector that you would like me to run....

MBAM log -
Malwarebytes' Anti-Malware 1.43
Database version: 3499
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/6/2010 10:10:15 AM
mbam-log-2010-01-06 (10-10-15).txt

Scan type: Quick Scan
Objects scanned: 233833
Time elapsed: 13 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Almost forgot to answer your question, I did a full destructive rebuild, removed the partition, re-partitioned, full format, install windows, reload backup.

Edited by crowbar6761, 06 January 2010 - 11:27 AM.


#7 Crowbar

Crowbar
  • Topic Starter

  • Security Colleague
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:40 PM

Posted 07 January 2010 - 03:25 PM

Hi,

Still trying to get some time on that machine, I am going to attempt to run GMER overnight, and post the log in the morning. Just want to let you know that I have not abandoned this thread, but if I can't kick the boss off of his machine tomorrow, I guess I will close this thread and try again when he is away from the office for a few days.

Thanks for your time so far.

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:40 AM

Posted 08 January 2010 - 06:23 PM

Hi,

let me know if you decide to have this topic closed. If you did a format of the hard disk and restored a clean image there is very little to no chance that the PC is still infected.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Crowbar

Crowbar
  • Topic Starter

  • Security Colleague
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:40 PM

Posted 09 January 2010 - 08:18 AM

Yes, lets close this thread, I can't get enough time on this machine in the near future. I know the backup I restored from was from the time of the infection, but I did clear up the boot sector by formatting. I think its clean. I had the boss run gmer, but he never saved the log file, he thought it saved automatically, even though I told him it didnt. He did tell me that there were no red entries in the program display when I asked him. I know thats not a substitute for the log file.

If I see any suspicious activity, I will try this again. Thanks for your help.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:40 AM

Posted 09 January 2010 - 08:22 AM

Hi,

running fixmbr will/should remove the mbr infection, so that in addition with a (hopefully clean) backup should have killed of any infection present.

Since this topic appears to be resolved, I will now close it.

If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users