Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

broswer redirected to bogus sites from search engine links


  • This topic is locked This topic is locked
13 replies to this topic

#1 nleavitt

nleavitt

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 12 January 2010 - 02:26 PM

Computer was infected with trojans/virusses, including fake AV. Cleaned it with MWB Antimalware, McAffee, Spybot S&D but still when clicking on links from google/bing in either web browser, it sends me to random bogus search sites/placeholders.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Ned Leavitt at 16:57:28.35 on Wed 01/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.107 [GMT -7:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Ned Leavitt\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://EoneCentral
uDefault_Page_URL = hxxp://EoneCentral
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Smapp] c:\program files\analog devices\soundmax\Smtray.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255020346484
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262627046922
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxsrvc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nedlea~1\applic~1\mozilla\firefox\profiles\5ruev0ws.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-2-23 342128]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2009-4-9 21256]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2009-4-9 144888]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2009-4-9 62800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-10-21 70216]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-2-23 91640]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-2-23 43288]
S0 xxjdoz;xxjdoz;c:\windows\system32\drivers\xxjdoz.sys [2010-1-2 32512]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-10-21 65224]

=============== Created Last 30 ================

2010-01-06 23:20:30 0 d-----w- c:\program files\Trend Micro
2010-01-06 20:44:27 0 d-----w- c:\docume~1\nedlea~1\applic~1\Malwarebytes
2010-01-06 15:53:18 980 ----a-w- c:\windows\system32\SiteList.xml
2010-01-05 23:07:04 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-01-05 23:07:04 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-01-05 23:02:45 159744 ----a-w- c:\windows\system32\igfxres.dll
2010-01-05 22:48:01 0 dc-h--w- c:\windows\ie8
2010-01-05 21:03:58 0 d-----w- c:\windows\pss
2010-01-04 15:54:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-04 15:53:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-04 15:53:57 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-04 15:53:56 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-04 15:10:16 0 ----a-w- c:\windows\system32\22929.exe
2010-01-04 14:50:16 0 ----a-w- c:\windows\system32\2082.exe
2010-01-04 14:30:15 0 ----a-w- c:\windows\system32\16118.exe
2010-01-04 14:10:15 0 ----a-w- c:\windows\system32\21538.exe
2010-01-04 13:50:14 0 ----a-w- c:\windows\system32\5537.exe
2010-01-04 13:30:14 0 ----a-w- c:\windows\system32\11323.exe
2010-01-04 13:10:13 0 ----a-w- c:\windows\system32\24626.exe
2010-01-04 12:50:13 0 ----a-w- c:\windows\system32\32439.exe
2010-01-04 12:30:12 0 ----a-w- c:\windows\system32\16944.exe
2010-01-04 12:10:12 0 ----a-w- c:\windows\system32\26308.exe
2010-01-04 11:50:10 0 ----a-w- c:\windows\system32\13931.exe
2010-01-04 11:29:31 0 ----a-w- c:\windows\system32\7376.exe
2010-01-04 11:09:31 0 ----a-w- c:\windows\system32\4966.exe
2010-01-04 10:49:30 0 ----a-w- c:\windows\system32\11840.exe
2010-01-04 10:29:30 0 ----a-w- c:\windows\system32\18756.exe
2010-01-04 10:09:29 0 ----a-w- c:\windows\system32\19954.exe
2010-01-04 09:49:28 0 ----a-w- c:\windows\system32\24084.exe
2010-01-04 09:29:28 0 ----a-w- c:\windows\system32\12623.exe
2010-01-04 09:09:27 0 ----a-w- c:\windows\system32\19629.exe
2010-01-04 08:49:27 0 ----a-w- c:\windows\system32\3548.exe
2010-01-04 08:29:26 0 ----a-w- c:\windows\system32\24393.exe
2010-01-04 08:09:26 0 ----a-w- c:\windows\system32\31101.exe
2010-01-04 07:49:25 0 ----a-w- c:\windows\system32\15006.exe
2010-01-04 07:29:25 0 ----a-w- c:\windows\system32\15350.exe
2010-01-04 07:09:24 0 ----a-w- c:\windows\system32\24370.exe
2010-01-04 06:49:24 0 ----a-w- c:\windows\system32\6729.exe
2010-01-04 06:29:23 0 ----a-w- c:\windows\system32\15890.exe
2010-01-04 06:09:23 0 ----a-w- c:\windows\system32\23805.exe
2010-01-04 05:49:22 0 ----a-w- c:\windows\system32\27446.exe
2010-01-04 05:29:22 0 ----a-w- c:\windows\system32\22648.exe
2010-01-04 05:09:21 0 ----a-w- c:\windows\system32\19264.exe
2010-01-04 04:49:21 0 ----a-w- c:\windows\system32\8942.exe
2010-01-04 04:29:20 0 ----a-w- c:\windows\system32\9040.exe
2010-01-04 04:09:20 0 ----a-w- c:\windows\system32\30106.exe
2010-01-04 03:49:19 0 ----a-w- c:\windows\system32\288.exe
2010-01-04 03:29:18 0 ----a-w- c:\windows\system32\1842.exe
2010-01-04 03:09:18 0 ----a-w- c:\windows\system32\22190.exe
2010-01-04 02:49:17 0 ----a-w- c:\windows\system32\3035.exe
2010-01-04 02:29:17 0 ----a-w- c:\windows\system32\12316.exe
2010-01-04 02:09:16 0 ----a-w- c:\windows\system32\778.exe
2010-01-04 01:49:16 0 ----a-w- c:\windows\system32\27529.exe
2010-01-04 01:29:15 0 ----a-w- c:\windows\system32\9741.exe
2010-01-04 01:09:14 0 ----a-w- c:\windows\system32\8723.exe
2010-01-04 00:49:11 0 ----a-w- c:\windows\system32\12859.exe
2010-01-03 23:08:43 0 ----a-w- c:\windows\system32\25547.exe
2010-01-03 22:28:38 0 ----a-w- c:\windows\system32\28253.exe
2010-01-03 22:08:37 0 ----a-w- c:\windows\system32\7711.exe
2010-01-03 21:48:37 0 ----a-w- c:\windows\system32\15141.exe
2010-01-03 21:28:36 0 ----a-w- c:\windows\system32\4664.exe
2010-01-03 21:08:36 0 ----a-w- c:\windows\system32\17673.exe
2010-01-03 20:48:35 0 ----a-w- c:\windows\system32\30333.exe
2010-01-03 20:28:33 0 ----a-w- c:\windows\system32\31322.exe
2010-01-03 20:08:33 0 ----a-w- c:\windows\system32\23811.exe
2010-01-03 19:48:32 0 ----a-w- c:\windows\system32\28703.exe
2010-01-03 19:28:32 0 ----a-w- c:\windows\system32\9894.exe
2010-01-03 19:08:31 0 ----a-w- c:\windows\system32\17035.exe
2010-01-03 18:48:31 0 ----a-w- c:\windows\system32\26299.exe
2010-01-03 18:28:30 0 ----a-w- c:\windows\system32\25667.exe
2010-01-03 18:08:30 0 ----a-w- c:\windows\system32\19912.exe
2010-01-03 17:48:29 0 ----a-w- c:\windows\system32\1869.exe
2010-01-03 17:28:29 0 ----a-w- c:\windows\system32\11538.exe
2010-01-03 17:08:28 0 ----a-w- c:\windows\system32\14771.exe
2010-01-03 16:48:27 0 ----a-w- c:\windows\system32\21726.exe
2010-01-03 16:28:27 0 ----a-w- c:\windows\system32\5447.exe
2010-01-03 16:08:26 0 ----a-w- c:\windows\system32\19895.exe
2010-01-03 15:48:26 0 ----a-w- c:\windows\system32\19718.exe
2010-01-03 15:28:25 0 ----a-w- c:\windows\system32\18716.exe
2010-01-03 15:08:25 0 ----a-w- c:\windows\system32\17421.exe
2010-01-03 14:48:24 0 ----a-w- c:\windows\system32\12382.exe
2010-01-03 14:28:24 0 ----a-w- c:\windows\system32\292.exe
2010-01-03 14:08:23 0 ----a-w- c:\windows\system32\153.exe
2010-01-03 13:48:23 0 ----a-w- c:\windows\system32\3902.exe
2010-01-03 13:28:22 0 ----a-w- c:\windows\system32\14604.exe
2010-01-03 13:08:22 0 ----a-w- c:\windows\system32\32391.exe
2010-01-03 12:48:21 0 ----a-w- c:\windows\system32\5436.exe
2010-01-03 12:28:21 0 ----a-w- c:\windows\system32\4827.exe
2010-01-03 12:08:20 0 ----a-w- c:\windows\system32\11942.exe
2010-01-03 11:48:20 0 ----a-w- c:\windows\system32\2995.exe
2010-01-03 11:28:19 0 ----a-w- c:\windows\system32\491.exe
2010-01-03 11:08:19 0 ----a-w- c:\windows\system32\9961.exe
2010-01-03 10:48:18 0 ----a-w- c:\windows\system32\16827.exe
2010-01-03 10:28:17 0 ----a-w- c:\windows\system32\23281.exe
2010-01-03 10:08:17 0 ----a-w- c:\windows\system32\28145.exe
2010-01-03 09:48:16 0 ----a-w- c:\windows\system32\5705.exe
2010-01-03 09:28:16 0 ----a-w- c:\windows\system32\24464.exe
2010-01-03 09:08:15 0 ----a-w- c:\windows\system32\26962.exe
2010-01-03 08:48:15 0 ----a-w- c:\windows\system32\29358.exe
2010-01-03 08:28:14 0 ----a-w- c:\windows\system32\11478.exe
2010-01-03 08:08:14 0 ----a-w- c:\windows\system32\15724.exe
2010-01-03 07:48:13 0 ----a-w- c:\windows\system32\19169.exe
2010-01-03 07:28:13 0 ----a-w- c:\windows\system32\26500.exe
2010-01-03 07:08:12 0 ----a-w- c:\windows\system32\6334.exe
2010-01-03 06:48:12 0 ----a-w- c:\windows\system32\18467.exe
2010-01-03 06:24:19 32512 ----a-w- c:\windows\system32\drivers\xxjdoz.sys
2010-01-03 06:23:57 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-01-03 06:23:57 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-01-03 06:23:53 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-01-03 06:23:53 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-01-03 06:23:51 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-01-03 06:23:51 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-01-03 06:23:39 1 ----a-w- C:\s
2009-12-09 15:38:21 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2009-12-09 15:38:21 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2009-12-09 15:38:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
2009-12-09 15:38:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-09 15:37:37 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2009-12-09 15:37:34 149504 -c----w- c:\windows\system32\dllcache\rastls.dll
2009-12-09 15:34:05 270336 -c----w- c:\windows\system32\dllcache\oakley.dll

==================== Find3M ====================

2010-01-06 22:03:49 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
1996-05-09 21:05:22 1280 ----a-w- c:\program files\README.WRI
1994-12-12 14:58:30 493 ----a-w- c:\program files\INFO.TXT
1994-10-12 16:02:20 1762 ----a-w- c:\program files\RELEASE.TXT
1994-02-12 16:19:28 766 ----a-w- c:\program files\UTILITY.ICO

============= FINISH: 17:00:28.81 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:23 AM

Posted 12 January 2010 - 06:55 PM

Hello! smile.gif
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the contents of C:\ComboFix.txt in your next reply.


Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 nleavitt

nleavitt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 22 January 2010 - 11:56 AM

Thanks for the response.

I haven't been able to get combofix onto the computer. There seems to be something in our network, either McAffee or some other security policy, which stops it downloading successfully. When it downloads there is some error message at the end and it fails. Even when I tried to copy it from a USB key to the desktop, the copy operation had an error, and the file disappeared from the USB drive as well.

Something seems to have gone awry in the meantime, when I went to work on it there was an endless stream of memory access errors, and after a hard reboot the system was unstable. I've run a Repair installation of XP, and after service pack 3 and one wave of windows updates I am now getting a error when I try to star IE for further updates.

Currently I am running some malware checks and when that's done I will clean off some of the anti-malware software I've installed and see if I can get IE open, or I'll try Firefox and see if the original problem is still present. I only haven't tried Firefox yet because I would like to have all MS updates done and the PC checked for viruses again before I go on the internet.

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:23 AM

Posted 24 January 2010 - 03:32 AM

Mcafee doesn't like Combofix, so that could be the problem there. If you don't have a way to disable Mcafee in order to get Combofix we can work around it utilizing other tools. Once you've got the updates please post a new log from DDS so I can see what we're still dealing with.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 nleavitt

nleavitt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 27 January 2010 - 01:48 PM

After installing IE again, and checking there and in Firefox, the problem does seem to have gone away. I include a new dds report, but I'm going to consider it cleared unless you see something suspicious or it reoccurs after I give it back to the user. Thanks for your help.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Administrator at 11:21:26.11 on Wed 01/27/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.117 [GMT -7:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Smapp] c:\program files\analog devices\soundmax\Smtray.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264114020475
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262627046922
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxsrvc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\qsf8jsh9.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-2-23 342128]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2009-4-9 21256]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2009-4-9 144888]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2009-4-9 62800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-10-21 70216]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-2-23 91640]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-2-23 43288]
S0 xxjdoz;xxjdoz;c:\windows\system32\drivers\xxjdoz.sys [2010-1-2 32512]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-10-21 65224]

=============== Created Last 30 ================

2010-01-22 22:26:54 0 d-----w- c:\windows\system32\URTTEMP
2010-01-22 22:24:57 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-01-22 21:54:32 0 d-sh--w- c:\documents and settings\administrator\PrivacIE
2010-01-22 21:11:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-22 21:11:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-22 21:11:57 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-22 21:11:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-22 21:11:54 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-01-22 21:11:49 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-01-22 15:04:21 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-01-22 15:04:06 74240 -c----w- c:\windows\system32\dllcache\mscms.dll
2010-01-22 15:04:00 989696 -c----w- c:\windows\system32\dllcache\kernel32.dll
2010-01-22 15:02:48 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2010-01-22 15:02:42 253952 -c----w- c:\windows\system32\dllcache\es.dll
2010-01-22 15:02:38 84992 -c----w- c:\windows\system32\dllcache\avifil32.dll
2010-01-22 15:00:59 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2010-01-22 15:00:51 91648 -c----w- c:\windows\system32\dllcache\mtxoci.dll
2010-01-22 15:00:50 956928 -c----w- c:\windows\system32\dllcache\msdtctm.dll
2010-01-22 15:00:50 66560 -c----w- c:\windows\system32\dllcache\mtxclu.dll
2010-01-22 15:00:50 58880 -c----w- c:\windows\system32\dllcache\msdtclog.dll
2010-01-22 15:00:50 161792 -c----w- c:\windows\system32\dllcache\msdtcuiu.dll
2010-01-22 15:00:42 58880 -c----w- c:\windows\system32\dllcache\atl.dll
2010-01-22 14:59:49 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-01-22 14:59:42 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-22 14:59:34 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2010-01-22 14:59:27 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-01-22 14:59:23 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-01-22 14:59:03 8461312 -c----w- c:\windows\system32\dllcache\shell32.dll
2010-01-22 14:57:56 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-01-22 14:57:53 270336 -c----w- c:\windows\system32\dllcache\oakley.dll
2010-01-22 14:55:57 286720 -c----w- c:\windows\system32\dllcache\gdi32.dll
2010-01-22 14:55:54 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll
2010-01-22 14:55:36 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys
2010-01-22 14:55:36 56832 -c----w- c:\windows\system32\dllcache\secur32.dll
2010-01-22 14:55:35 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
2010-01-22 14:55:35 147456 -c----w- c:\windows\system32\dllcache\schannel.dll
2010-01-22 14:55:35 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2010-01-22 14:55:34 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
2010-01-22 14:55:33 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2010-01-22 14:55:10 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-01-22 14:55:08 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-01-22 14:54:40 1850624 -c----w- c:\windows\system32\dllcache\win32k.sys
2010-01-22 00:23:18 3796 ----a-w- c:\windows\system32\spupdsvc.inf
2010-01-21 23:46:00 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-01-21 23:46:00 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-01-21 23:45:20 19569 ----a-w- c:\windows\003445_.tmp
2010-01-21 22:43:51 159744 ----a-w- c:\windows\system32\igfxres.dll
2010-01-21 22:43:29 13668 ----a-w- c:\windows\system32\wpa.bak
2010-01-21 22:36:58 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2010-01-21 22:35:58 59392 -c--a-w- c:\windows\system32\dllcache\imscinst.exe
2010-01-21 22:34:59 66594 -c--a-w- c:\windows\system32\dllcache\c_858.nls
2010-01-21 22:32:04 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-01-21 22:31:56 749 ---ha-r- c:\windows\WindowsShell.Manifest
2010-01-21 22:31:56 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2010-01-21 22:31:56 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2010-01-21 22:31:56 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2010-01-21 22:31:56 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2010-01-21 22:31:31 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-01-06 23:20:30 0 d-----w- c:\program files\Trend Micro
2010-01-06 17:59:50 0 d-sh--w- c:\documents and settings\administrator\IECompatCache
2010-01-06 15:53:18 980 ----a-w- c:\windows\system32\SiteList.xml
2010-01-05 23:07:04 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-01-05 23:07:04 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-01-05 23:02:25 0 d-sh--w- c:\documents and settings\administrator\IETldCache
2010-01-05 22:48:01 0 dc-h--w- c:\windows\ie8
2010-01-05 21:25:22 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-01-05 21:03:58 0 d-----w- c:\windows\pss
2010-01-04 15:54:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-04 15:53:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-04 15:53:57 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-04 15:53:56 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-04 15:10:16 0 ----a-w- c:\windows\system32\22929.exe
2010-01-04 14:50:16 0 ----a-w- c:\windows\system32\2082.exe
2010-01-04 14:30:15 0 ----a-w- c:\windows\system32\16118.exe
2010-01-04 14:10:15 0 ----a-w- c:\windows\system32\21538.exe
2010-01-04 13:50:14 0 ----a-w- c:\windows\system32\5537.exe
2010-01-04 13:30:14 0 ----a-w- c:\windows\system32\11323.exe
2010-01-04 13:10:13 0 ----a-w- c:\windows\system32\24626.exe
2010-01-04 12:50:13 0 ----a-w- c:\windows\system32\32439.exe
2010-01-04 12:30:12 0 ----a-w- c:\windows\system32\16944.exe
2010-01-04 12:10:12 0 ----a-w- c:\windows\system32\26308.exe
2010-01-04 11:50:10 0 ----a-w- c:\windows\system32\13931.exe
2010-01-04 11:29:31 0 ----a-w- c:\windows\system32\7376.exe
2010-01-04 11:09:31 0 ----a-w- c:\windows\system32\4966.exe
2010-01-04 10:49:30 0 ----a-w- c:\windows\system32\11840.exe
2010-01-04 10:29:30 0 ----a-w- c:\windows\system32\18756.exe
2010-01-04 10:09:29 0 ----a-w- c:\windows\system32\19954.exe
2010-01-04 09:49:28 0 ----a-w- c:\windows\system32\24084.exe
2010-01-04 09:29:28 0 ----a-w- c:\windows\system32\12623.exe
2010-01-04 09:09:27 0 ----a-w- c:\windows\system32\19629.exe
2010-01-04 08:49:27 0 ----a-w- c:\windows\system32\3548.exe
2010-01-04 08:29:26 0 ----a-w- c:\windows\system32\24393.exe
2010-01-04 08:09:26 0 ----a-w- c:\windows\system32\31101.exe
2010-01-04 07:49:25 0 ----a-w- c:\windows\system32\15006.exe
2010-01-04 07:29:25 0 ----a-w- c:\windows\system32\15350.exe
2010-01-04 07:09:24 0 ----a-w- c:\windows\system32\24370.exe
2010-01-04 06:49:24 0 ----a-w- c:\windows\system32\6729.exe
2010-01-04 06:29:23 0 ----a-w- c:\windows\system32\15890.exe
2010-01-04 06:09:23 0 ----a-w- c:\windows\system32\23805.exe
2010-01-04 05:49:22 0 ----a-w- c:\windows\system32\27446.exe
2010-01-04 05:29:22 0 ----a-w- c:\windows\system32\22648.exe
2010-01-04 05:09:21 0 ----a-w- c:\windows\system32\19264.exe
2010-01-04 04:49:21 0 ----a-w- c:\windows\system32\8942.exe
2010-01-04 04:29:20 0 ----a-w- c:\windows\system32\9040.exe
2010-01-04 04:09:20 0 ----a-w- c:\windows\system32\30106.exe
2010-01-04 03:49:19 0 ----a-w- c:\windows\system32\288.exe
2010-01-04 03:29:18 0 ----a-w- c:\windows\system32\1842.exe
2010-01-04 03:09:18 0 ----a-w- c:\windows\system32\22190.exe
2010-01-04 02:49:17 0 ----a-w- c:\windows\system32\3035.exe
2010-01-04 02:29:17 0 ----a-w- c:\windows\system32\12316.exe
2010-01-04 02:09:16 0 ----a-w- c:\windows\system32\778.exe
2010-01-04 01:49:16 0 ----a-w- c:\windows\system32\27529.exe
2010-01-04 01:29:15 0 ----a-w- c:\windows\system32\9741.exe
2010-01-04 01:09:14 0 ----a-w- c:\windows\system32\8723.exe
2010-01-04 00:49:11 0 ----a-w- c:\windows\system32\12859.exe
2010-01-03 23:08:43 0 ----a-w- c:\windows\system32\25547.exe
2010-01-03 22:28:38 0 ----a-w- c:\windows\system32\28253.exe
2010-01-03 22:08:37 0 ----a-w- c:\windows\system32\7711.exe
2010-01-03 21:48:37 0 ----a-w- c:\windows\system32\15141.exe
2010-01-03 21:28:36 0 ----a-w- c:\windows\system32\4664.exe
2010-01-03 21:08:36 0 ----a-w- c:\windows\system32\17673.exe
2010-01-03 20:48:35 0 ----a-w- c:\windows\system32\30333.exe
2010-01-03 20:28:33 0 ----a-w- c:\windows\system32\31322.exe
2010-01-03 20:08:33 0 ----a-w- c:\windows\system32\23811.exe
2010-01-03 19:48:32 0 ----a-w- c:\windows\system32\28703.exe
2010-01-03 19:28:32 0 ----a-w- c:\windows\system32\9894.exe
2010-01-03 19:08:31 0 ----a-w- c:\windows\system32\17035.exe
2010-01-03 18:48:31 0 ----a-w- c:\windows\system32\26299.exe
2010-01-03 18:28:30 0 ----a-w- c:\windows\system32\25667.exe
2010-01-03 18:08:30 0 ----a-w- c:\windows\system32\19912.exe
2010-01-03 17:48:29 0 ----a-w- c:\windows\system32\1869.exe
2010-01-03 17:28:29 0 ----a-w- c:\windows\system32\11538.exe
2010-01-03 17:08:28 0 ----a-w- c:\windows\system32\14771.exe
2010-01-03 16:48:27 0 ----a-w- c:\windows\system32\21726.exe
2010-01-03 16:28:27 0 ----a-w- c:\windows\system32\5447.exe
2010-01-03 16:08:26 0 ----a-w- c:\windows\system32\19895.exe
2010-01-03 15:48:26 0 ----a-w- c:\windows\system32\19718.exe
2010-01-03 15:28:25 0 ----a-w- c:\windows\system32\18716.exe
2010-01-03 15:08:25 0 ----a-w- c:\windows\system32\17421.exe
2010-01-03 14:48:24 0 ----a-w- c:\windows\system32\12382.exe
2010-01-03 14:28:24 0 ----a-w- c:\windows\system32\292.exe
2010-01-03 14:08:23 0 ----a-w- c:\windows\system32\153.exe
2010-01-03 13:48:23 0 ----a-w- c:\windows\system32\3902.exe
2010-01-03 13:28:22 0 ----a-w- c:\windows\system32\14604.exe
2010-01-03 13:08:22 0 ----a-w- c:\windows\system32\32391.exe
2010-01-03 12:48:21 0 ----a-w- c:\windows\system32\5436.exe
2010-01-03 12:28:21 0 ----a-w- c:\windows\system32\4827.exe
2010-01-03 12:08:20 0 ----a-w- c:\windows\system32\11942.exe
2010-01-03 11:48:20 0 ----a-w- c:\windows\system32\2995.exe
2010-01-03 11:28:19 0 ----a-w- c:\windows\system32\491.exe
2010-01-03 11:08:19 0 ----a-w- c:\windows\system32\9961.exe
2010-01-03 10:48:18 0 ----a-w- c:\windows\system32\16827.exe
2010-01-03 10:28:17 0 ----a-w- c:\windows\system32\23281.exe
2010-01-03 10:08:17 0 ----a-w- c:\windows\system32\28145.exe
2010-01-03 09:48:16 0 ----a-w- c:\windows\system32\5705.exe
2010-01-03 09:28:16 0 ----a-w- c:\windows\system32\24464.exe
2010-01-03 09:08:15 0 ----a-w- c:\windows\system32\26962.exe
2010-01-03 08:48:15 0 ----a-w- c:\windows\system32\29358.exe
2010-01-03 08:28:14 0 ----a-w- c:\windows\system32\11478.exe
2010-01-03 08:08:14 0 ----a-w- c:\windows\system32\15724.exe
2010-01-03 07:48:13 0 ----a-w- c:\windows\system32\19169.exe
2010-01-03 07:28:13 0 ----a-w- c:\windows\system32\26500.exe
2010-01-03 07:08:12 0 ----a-w- c:\windows\system32\6334.exe
2010-01-03 06:48:12 0 ----a-w- c:\windows\system32\18467.exe
2010-01-03 06:24:19 32512 ----a-w- c:\windows\system32\drivers\xxjdoz.sys
2010-01-03 06:23:39 1 ----a-w- C:\s

==================== Find3M ====================

2010-01-21 22:29:40 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
1996-05-09 21:05:22 1280 ----a-w- c:\program files\README.WRI
1994-12-12 14:58:30 493 ----a-w- c:\program files\INFO.TXT
1994-10-12 16:02:20 1762 ----a-w- c:\program files\RELEASE.TXT
1994-02-12 16:19:28 766 ----a-w- c:\program files\UTILITY.ICO

============= FINISH: 11:22:53.83 ===============

Attached Files



#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:23 AM

Posted 28 January 2010 - 07:43 AM

Your log doesn't look much different and still shows numerous malware files.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

  • Click the "Run Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 nleavitt

nleavitt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 28 January 2010 - 03:25 PM

OTL.txt:

OTL logfile created on: 1/28/2010 11:27:22 AM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 111.00 Mb Available Physical Memory | 22.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 21.78 Gb Free Space | 58.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-BUR104
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/28 11:26:15 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/01/22 14:18:20 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/09 19:07:00 | 00,144,888 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2009/04/09 19:07:00 | 00,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2009/04/09 19:07:00 | 00,070,216 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2009/04/09 19:07:00 | 00,062,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2009/04/09 19:07:00 | 00,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2009/04/09 19:07:00 | 00,021,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/14 04:00:00 | 00,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2008/03/14 04:00:00 | 00,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2008/03/14 04:00:00 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2008/03/14 04:00:00 | 00,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2004/07/01 12:02:52 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2004/07/01 11:58:46 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2002/06/26 13:36:58 | 00,090,112 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe


========== Modules (SafeList) ==========

MOD - [2010/01/28 11:26:15 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (WinVNC4)
SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Disabled | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/04/09 19:07:00 | 00,144,888 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2009/04/09 19:07:00 | 00,070,216 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2009/04/09 19:07:00 | 00,062,800 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2009/04/09 19:07:00 | 00,021,256 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2009/01/07 18:21:00 | 00,026,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2008/03/14 04:00:00 | 00,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2003/07/28 10:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002/07/15 12:36:54 | 00,045,056 | ---- | M] (Analog Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2010/01/02 23:24:19 | 00,032,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\xxjdoz.sys -- (xxjdoz)
DRV - [2009/04/09 19:07:00 | 00,342,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/04/09 19:07:00 | 00,091,640 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/04/09 19:07:00 | 00,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2009/04/09 19:07:00 | 00,065,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2009/04/09 19:07:00 | 00,063,696 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/04/09 19:07:00 | 00,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008/08/20 22:18:42 | 00,171,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1000325.sys -- (E1000) Intel®
DRV - [2008/04/13 11:40:58 | 00,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\changer.sys -- (Changer)
DRV - [2008/04/13 11:40:26 | 00,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2005/08/11 11:49:28 | 00,393,088 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2005/03/28 08:19:38 | 00,220,992 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2005/03/04 18:53:00 | 00,127,872 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/07/01 12:26:16 | 00,724,221 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2003/04/15 07:40:54 | 00,113,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS)
DRV - [2003/04/15 07:40:46 | 00,078,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH)
DRV - [2003/03/04 08:56:26 | 00,145,408 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1390067357-1757981266-725345543-500\S-1-5-21-1390067357-1757981266-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2246006506-2116409902-937687127-14282\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://EoneCentral
IE - HKU\S-1-5-21-2246006506-2116409902-937687127-14282\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://EoneCentral
IE - HKU\S-1-5-21-2246006506-2116409902-937687127-14282\S-1-5-21-2246006506-2116409902-937687127-14282\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2246006506-2116409902-937687127-4324\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://EoneCentral
IE - HKU\S-1-5-21-2246006506-2116409902-937687127-4324\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://EoneCentral
IE - HKU\S-1-5-21-2246006506-2116409902-937687127-4324\S-1-5-21-2246006506-2116409902-937687127-4324\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2246006506-2116409902-937687127-500\S-1-5-21-2246006506-2116409902-937687127-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/22 14:18:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/22 14:18:33 | 00,000,000 | ---D | M]

[2010/01/05 15:29:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/01/22 14:13:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qsf8jsh9.default\extensions
[2010/01/04 11:01:30 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/01/22 11:29:26 | 00,625,907 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 data2.activshopper.com #[Trackware.ActivShopper]
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 16591 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKU\S-1-5-21-1390067357-1757981266-725345543-500..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe File not found
O4 - HKU\S-1-5-21-2246006506-2116409902-937687127-4324..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1390067357-1757981266-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2246006506-2116409902-937687127-14282\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2246006506-2116409902-937687127-4324\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2246006506-2116409902-937687127-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1390067357-1757981266-725345543-500\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2246006506-2116409902-937687127-14282\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2246006506-2116409902-937687127-4324\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1264114020475 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1262627046922 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_14)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.10.7.63 10.10.0.90 10.10.0.64
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = entertainmentone.ca
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/23 13:16:56 | 00,000,055 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6e9020ef-232e-11db-a76c-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{6e9020ef-232e-11db-a76c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6e9020ef-232e-11db-a76c-806d6172696f}\Shell\AutoRun\command - "" = D:\AutoRunPro.exe -- File not found
O33 - MountPoints2\{8b37e4ef-4c46-11da-ad0c-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{8b37e4ef-4c46-11da-ad0c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8b37e4ef-4c46-11da-ad0c-806d6172696f}\Shell\AutoRun\command - "" = D:\AutoRunPro.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/01/21 15:32:43 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 30 Days ==========

[2010/01/28 11:26:14 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/01/22 16:26:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2010/01/22 15:26:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2010/01/22 14:54:32 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010/01/22 14:11:59 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/01/22 14:11:59 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/01/22 14:11:54 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/01/22 14:11:49 | 11,070,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/01/22 14:05:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2010/01/22 08:04:21 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/01/22 08:04:06 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscms.dll
[2010/01/22 08:04:00 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
[2010/01/22 08:03:58 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tlntsess.exe
[2010/01/22 08:03:58 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\telnet.exe
[2010/01/22 08:03:53 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/01/22 08:03:53 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdc.ocx
[2010/01/22 08:03:52 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/01/22 08:03:49 | 01,509,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2010/01/22 08:03:48 | 05,942,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/01/22 08:03:13 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/22 08:03:06 | 00,149,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rastls.dll
[2010/01/22 08:03:06 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\raschap.dll
[2010/01/22 08:03:03 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2010/01/22 08:03:03 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrobj.dll
[2010/01/22 08:03:03 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrrun.dll
[2010/01/22 08:03:03 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cscript.exe
[2010/01/22 08:03:03 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshext.dll
[2010/01/22 08:03:02 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wscript.exe
[2010/01/22 08:02:48 | 01,435,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.dll
[2010/01/22 08:02:42 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\es.dll
[2010/01/22 08:02:38 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifil32.dll
[2010/01/22 08:01:53 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wkssvc.dll
[2010/01/22 08:01:15 | 00,345,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\localspl.dll
[2010/01/22 08:00:51 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxoci.dll
[2010/01/22 08:00:50 | 00,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtctm.dll
[2010/01/22 08:00:50 | 00,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcuiu.dll
[2010/01/22 08:00:50 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxclu.dll
[2010/01/22 08:00:50 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtclog.dll
[2010/01/22 08:00:42 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atl.dll
[2010/01/22 07:59:49 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2010/01/22 07:59:42 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/01/22 07:59:34 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/01/22 07:59:27 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2010/01/22 07:59:03 | 08,461,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/01/22 07:57:56 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2010/01/22 07:57:53 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oakley.dll
[2010/01/22 07:56:57 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys
[2010/01/22 07:56:57 | 00,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2010/01/22 07:56:56 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswsock.dll
[2010/01/22 07:56:56 | 00,225,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip6.sys
[2010/01/22 07:56:56 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsapi.dll
[2010/01/22 07:56:44 | 00,585,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2010/01/22 07:56:35 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/01/22 07:56:34 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/01/22 07:56:33 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/01/22 07:56:18 | 00,354,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winhttp.dll
[2010/01/22 07:56:14 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2010/01/22 07:56:10 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2010/01/22 07:56:05 | 01,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2010/01/22 07:55:57 | 00,286,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gdi32.dll
[2010/01/22 07:55:54 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2010/01/22 07:55:36 | 00,092,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksecdd.sys
[2010/01/22 07:55:36 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\secur32.dll
[2010/01/22 07:55:35 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[2010/01/22 07:55:35 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msv1_0.dll
[2010/01/22 07:55:35 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdigest.dll
[2010/01/22 07:55:34 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kerberos.dll
[2010/01/22 07:55:33 | 00,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2010/01/22 07:55:10 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/01/22 07:55:08 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/01/22 07:54:40 | 01,850,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2010/01/21 16:57:45 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/01/21 16:46:00 | 01,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2010/01/21 16:46:00 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2010/01/21 15:43:51 | 00,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2010/01/21 15:37:39 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2010/01/21 15:37:38 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2010/01/21 15:37:38 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2010/01/21 15:37:37 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2010/01/21 15:37:37 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2010/01/21 15:37:37 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2010/01/21 15:37:35 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2010/01/21 15:37:35 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2010/01/21 15:37:34 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2010/01/21 15:37:32 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2010/01/21 15:37:32 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2010/01/21 15:37:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2010/01/21 15:37:32 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2010/01/21 15:37:31 | 00,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2010/01/21 15:37:31 | 00,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2010/01/21 15:37:24 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2010/01/21 15:37:24 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2010/01/21 15:37:22 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2010/01/21 15:37:21 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2010/01/21 15:37:20 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2010/01/21 15:37:20 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2010/01/21 15:37:20 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2010/01/21 15:37:18 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2010/01/21 15:37:17 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2010/01/21 15:37:17 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2010/01/21 15:37:17 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2010/01/21 15:37:14 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2010/01/21 15:37:13 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2010/01/21 15:37:11 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2010/01/21 15:37:10 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2010/01/21 15:37:10 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2010/01/21 15:37:09 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2010/01/21 15:37:08 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2010/01/21 15:37:08 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2010/01/21 15:37:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2010/01/21 15:37:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2010/01/21 15:37:07 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2010/01/21 15:37:07 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2010/01/21 15:37:07 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2010/01/21 15:37:07 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2010/01/21 15:37:07 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2010/01/21 15:37:07 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2010/01/21 15:37:07 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2010/01/21 15:37:07 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2010/01/21 15:37:07 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2010/01/21 15:37:07 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2010/01/21 15:37:07 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2010/01/21 15:37:06 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2010/01/21 15:37:04 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2010/01/21 15:36:58 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2010/01/21 15:36:57 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2010/01/21 15:36:55 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/01/21 15:36:55 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/01/21 15:36:53 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2010/01/21 15:36:51 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2010/01/21 15:36:51 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2010/01/21 15:36:49 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2010/01/21 15:36:49 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2010/01/21 15:36:49 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2010/01/21 15:36:46 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2010/01/21 15:36:46 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2010/01/21 15:36:45 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2010/01/21 15:36:45 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2010/01/21 15:36:45 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2010/01/21 15:36:45 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2010/01/21 15:36:45 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2010/01/21 15:36:44 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2010/01/21 15:36:44 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2010/01/21 15:36:43 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2010/01/21 15:36:43 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2010/01/21 15:36:43 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2010/01/21 15:36:42 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2010/01/21 15:36:42 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2010/01/21 15:36:37 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2010/01/21 15:36:35 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2010/01/21 15:36:32 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2010/01/21 15:36:25 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2010/01/21 15:36:25 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2010/01/21 15:36:14 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2010/01/21 15:36:14 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2010/01/21 15:36:13 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2010/01/21 15:36:12 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2010/01/21 15:36:11 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2010/01/21 15:36:09 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2010/01/21 15:36:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2010/01/21 15:36:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2010/01/21 15:36:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2010/01/21 15:36:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2010/01/21 15:36:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2010/01/21 15:36:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2010/01/21 15:36:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2010/01/21 15:36:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2010/01/21 15:36:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2010/01/21 15:36:07 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2010/01/21 15:36:07 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2010/01/21 15:36:07 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2010/01/21 15:36:06 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2010/01/21 15:36:06 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2010/01/21 15:36:06 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2010/01/21 15:36:06 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2010/01/21 15:36:06 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2010/01/21 15:36:06 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2010/01/21 15:36:06 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2010/01/21 15:36:06 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2010/01/21 15:36:05 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2010/01/21 15:36:05 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2010/01/21 15:36:05 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2010/01/21 15:36:05 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2010/01/21 15:36:05 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2010/01/21 15:36:04 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2010/01/21 15:36:04 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2010/01/21 15:36:04 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2010/01/21 15:36:04 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2010/01/21 15:36:04 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2010/01/21 15:36:04 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2010/01/21 15:36:04 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2010/01/21 15:36:03 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2010/01/21 15:36:03 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2010/01/21 15:36:00 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2010/01/21 15:35:58 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2010/01/21 15:35:58 | 00,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2010/01/21 15:35:58 | 00,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2010/01/21 15:35:57 | 00,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2010/01/21 15:35:57 | 00,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2010/01/21 15:35:57 | 00,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2010/01/21 15:35:57 | 00,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2010/01/21 15:35:57 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2010/01/21 15:35:57 | 00,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2010/01/21 15:35:56 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2010/01/21 15:35:56 | 00,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2010/01/21 15:35:56 | 00,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2010/01/21 15:35:56 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2010/01/21 15:35:56 | 00,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2010/01/21 15:35:56 | 00,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2010/01/21 15:35:56 | 00,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2010/01/21 15:35:56 | 00,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2010/01/21 15:35:55 | 00,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2010/01/21 15:35:55 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2010/01/21 15:35:55 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2010/01/21 15:35:55 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2010/01/21 15:35:55 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2010/01/21 15:35:55 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2010/01/21 15:35:54 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2010/01/21 15:35:54 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2010/01/21 15:35:54 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2010/01/21 15:35:54 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2010/01/21 15:35:49 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2010/01/21 15:35:39 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2010/01/21 15:35:35 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2010/01/21 15:35:31 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2010/01/21 15:35:31 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2010/01/21 15:35:30 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2010/01/21 15:35:30 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2010/01/21 15:35:29 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2010/01/21 15:35:29 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2010/01/21 15:35:26 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2010/01/21 15:35:25 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2010/01/21 15:35:24 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010/01/21 15:35:24 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2010/01/21 15:35:23 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010/01/21 15:35:23 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010/01/21 15:35:14 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2010/01/21 15:35:10 | 00,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2010/01/21 15:35:10 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2010/01/21 15:35:09 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2010/01/21 15:35:09 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2010/01/21 15:35:08 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2010/01/21 15:35:05 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2010/01/21 15:35:05 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2010/01/21 15:35:05 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2010/01/21 15:35:05 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2010/01/21 15:35:05 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2010/01/21 15:35:04 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2010/01/21 15:35:04 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2010/01/21 15:35:03 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2010/01/21 15:35:03 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2010/01/21 15:35:03 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2010/01/21 15:35:03 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2010/01/21 15:35:03 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2010/01/21 15:35:01 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/01/21 15:35:01 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2010/01/21 15:35:00 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2010/01/21 15:34:53 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2010/01/21 15:34:51 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2010/01/21 15:34:41 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2010/01/21 15:34:41 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2010/01/21 15:34:40 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2010/01/21 15:34:31 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2010/01/21 15:34:31 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2010/01/21 15:34:31 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2010/01/21 15:34:24 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2010/01/21 15:34:14 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2010/01/21 15:34:14 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2010/01/21 15:34:13 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2010/01/21 15:34:13 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2010/01/21 15:34:13 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2010/01/21 15:34:13 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2010/01/21 15:34:08 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2010/01/21 15:31:31 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2010/01/21 14:40:59 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010/01/21 14:40:59 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2010/01/21 14:40:59 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010/01/21 14:40:59 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2010/01/19 10:06:49 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/01/06 17:01:35 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Administrator\Desktop\RootRepeal.exe
[2010/01/06 16:20:30 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/06 11:51:55 | 00,070,858 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Administrator\Desktop\GooredFix.exe
[2010/01/06 11:51:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\GooredFix Backups
[2010/01/06 11:25:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\hosts
[2010/01/06 10:59:50 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2010/01/05 16:07:04 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/01/05 16:07:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/01/05 16:02:25 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/01/05 15:48:01 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/01/05 15:30:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/01/05 15:29:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2010/01/05 15:29:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2010/01/05 14:25:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/01/05 14:03:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/01/04 11:01:27 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/01/04 08:54:00 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/04 08:53:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/04 08:53:57 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/04 08:53:56 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/02 23:24:19 | 00,032,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xxjdoz.sys
[2007/11/26 18:12:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2004/07/05 10:52:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2004/07/05 10:52:44 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/07/05 10:52:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/07/05 10:52:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/28 11:26:15 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/01/28 11:24:38 | 00,013,668 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/27 11:52:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/27 11:52:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/27 11:49:12 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/01/27 11:49:11 | 05,242,880 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/01/22 16:25:46 | 00,513,578 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/22 16:25:46 | 00,443,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/22 16:25:46 | 00,071,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/22 15:30:36 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/22 14:16:53 | 00,003,796 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/01/22 11:29:26 | 00,625,907 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2010/01/22 09:10:11 | 00,290,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/22 08:54:44 | 02,003,353 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/01/22 07:55:10 | 00,009,574 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/01/21 15:43:29 | 00,013,668 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/01/21 15:38:40 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/01/21 15:33:22 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/01/21 15:33:21 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/01/21 15:33:21 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/01/21 15:33:06 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/01/21 15:32:04 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/01/21 15:32:04 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/01/21 15:31:56 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/01/21 15:31:56 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/01/21 15:31:56 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/01/21 15:31:56 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/01/21 15:31:56 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/01/21 15:31:56 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/01/21 15:31:41 | 00,000,977 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/21 15:29:40 | 00,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/01/21 15:27:38 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2010/01/21 14:41:06 | 00,000,515 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/06 17:01:53 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\settings.dat
[2010/01/06 17:01:51 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Administrator\Desktop\RootRepeal.exe
[2010/01/06 16:57:21 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/01/06 16:20:30 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2010/01/06 11:30:19 | 00,070,858 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Administrator\Desktop\GooredFix.exe
[2010/01/06 11:25:32 | 00,625,907 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100122-112926.backup
[2010/01/06 11:12:26 | 00,601,245 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/01/06 08:53:18 | 00,000,980 | ---- | M] () -- C:\WINDOWS\System32\SiteList.xml
[2010/01/05 17:16:44 | 00,371,233 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS.MVP
[2010/01/04 11:01:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/01/04 11:01:34 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/04 08:36:25 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2010/01/04 08:10:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\22929.exe
[2010/01/04 07:50:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\2082.exe
[2010/01/04 07:30:15 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\16118.exe
[2010/01/04 07:10:15 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\21538.exe
[2010/01/04 06:50:14 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5537.exe
[2010/01/04 06:30:14 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11323.exe
[2010/01/04 06:10:13 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24626.exe
[2010/01/04 05:50:13 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\32439.exe
[2010/01/04 05:30:12 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\16944.exe
[2010/01/04 05:10:12 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26308.exe
[2010/01/04 04:50:10 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\13931.exe
[2010/01/04 04:29:31 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\7376.exe
[2010/01/04 04:09:31 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\4966.exe
[2010/01/04 03:49:30 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11840.exe
[2010/01/04 03:29:30 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18756.exe
[2010/01/04 03:09:29 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19954.exe
[2010/01/04 02:49:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24084.exe
[2010/01/04 02:29:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\12623.exe
[2010/01/04 02:09:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19629.exe
[2010/01/04 01:49:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\3548.exe
[2010/01/04 01:29:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24393.exe
[2010/01/04 01:09:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\31101.exe
[2010/01/04 00:49:25 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15006.exe
[2010/01/04 00:29:25 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15350.exe
[2010/01/04 00:09:24 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24370.exe
[2010/01/03 23:49:24 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6729.exe
[2010/01/03 23:29:23 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15890.exe
[2010/01/03 23:09:23 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\23805.exe
[2010/01/03 22:49:22 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\27446.exe
[2010/01/03 22:29:22 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\22648.exe
[2010/01/03 22:09:21 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19264.exe
[2010/01/03 21:49:21 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\8942.exe
[2010/01/03 21:29:20 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\9040.exe
[2010/01/03 21:09:20 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\30106.exe
[2010/01/03 20:49:19 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\288.exe
[2010/01/03 20:29:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\1842.exe
[2010/01/03 20:09:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\22190.exe
[2010/01/03 19:49:17 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\3035.exe
[2010/01/03 19:29:17 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\12316.exe
[2010/01/03 19:09:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\778.exe
[2010/01/03 18:49:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\27529.exe
[2010/01/03 18:29:15 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\9741.exe
[2010/01/03 18:09:14 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\8723.exe
[2010/01/03 17:49:11 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\12859.exe
[2010/01/03 16:08:43 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\25547.exe
[2010/01/03 15:28:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28253.exe
[2010/01/03 15:08:37 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\7711.exe
[2010/01/03 14:48:37 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15141.exe
[2010/01/03 14:28:36 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\4664.exe
[2010/01/03 14:08:36 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\17673.exe
[2010/01/03 13:48:35 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\30333.exe
[2010/01/03 13:28:33 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\31322.exe
[2010/01/03 13:08:33 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\23811.exe
[2010/01/03 12:48:32 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28703.exe
[2010/01/03 12:28:32 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\9894.exe
[2010/01/03 12:08:31 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\17035.exe
[2010/01/03 11:48:31 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26299.exe
[2010/01/03 11:28:30 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\25667.exe
[2010/01/03 11:08:30 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19912.exe
[2010/01/03 10:48:29 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\1869.exe
[2010/01/03 10:28:29 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11538.exe
[2010/01/03 10:08:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\14771.exe
[2010/01/03 09:48:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\21726.exe
[2010/01/03 09:28:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5447.exe
[2010/01/03 09:08:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19895.exe
[2010/01/03 08:48:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19718.exe
[2010/01/03 08:28:25 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18716.exe
[2010/01/03 08:08:25 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\17421.exe
[2010/01/03 07:48:24 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\12382.exe
[2010/01/03 07:28:24 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\292.exe
[2010/01/03 07:08:23 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\153.exe
[2010/01/03 06:48:23 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\3902.exe
[2010/01/03 06:28:22 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\14604.exe
[2010/01/03 06:08:22 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\32391.exe
[2010/01/03 05:48:21 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5436.exe
[2010/01/03 05:28:21 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\4827.exe
[2010/01/03 05:08:20 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11942.exe
[2010/01/03 04:48:20 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\2995.exe
[2010/01/03 04:28:19 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\491.exe
[2010/01/03 04:08:19 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\9961.exe
[2010/01/03 03:48:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\16827.exe
[2010/01/03 03:28:17 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe
[2010/01/03 03:08:17 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28145.exe
[2010/01/03 02:48:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe
[2010/01/03 02:28:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe
[2010/01/03 02:08:15 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
[2010/01/03 01:48:15 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
[2010/01/03 01:28:14 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
[2010/01/03 01:08:14 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
[2010/01/03 00:48:13 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
[2010/01/03 00:28:13 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2010/01/03 00:08:12 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2010/01/02 23:24:19 | 00,032,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xxjdoz.sys
[2010/01/02 23:23:39 | 00,000,001 | ---- | M] () -- C:\s
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/22 08:01:11 | 01,291,264 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2010/01/21 17:23:18 | 00,003,796 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/01/21 15:43:29 | 00,013,668 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2010/01/21 15:37:48 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/01/21 15:36:46 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/01/21 15:36:46 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/01/21 15:36:44 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/01/21 15:36:10 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/01/21 15:36:09 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/01/21 15:35:58 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/01/21 15:35:57 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/01/21 15:35:55 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/01/21 15:35:44 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/01/21 15:35:35 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/01/21 15:35:05 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/01/21 15:35:00 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/01/21 15:35:00 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/01/21 15:35:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/01/21 15:34:59 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/01/21 15:34:59 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/01/21 15:34:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/01/21 15:34:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/01/21 15:34:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/01/21 15:34:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/01/21 15:34:58 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/01/21 15:34:58 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/01/21 15:34:58 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/01/21 15:34:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/01/21 15:34:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/01/21 15:34:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/01/21 15:34:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/01/21 15:34:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/01/21 15:34:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/01/21 15:34:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/01/21 15:34:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/01/21 15:34:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/01/21 15:34:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/01/21 15:34:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/01/21 15:34:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/01/21 15:34:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/01/21 15:34:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/01/21 15:34:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/01/21 15:34:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/01/21 15:34:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/01/21 15:34:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/01/21 15:34:56 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/01/21 15:34:56 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/01/21 15:34:56 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/01/21 15:34:56 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/01/21 15:34:56 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/01/21 15:34:56 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/01/21 15:34:56 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/01/21 15:34:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/01/21 15:34:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/01/21 15:34:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/01/21 15:34:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/01/21 15:34:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/01/21 15:34:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/01/21 15:34:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/01/21 15:34:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/01/21 15:34:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/01/21 15:34:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/01/21 15:34:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/01/21 15:34:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/01/21 15:34:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/01/21 15:34:54 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/01/21 15:34:54 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/01/21 15:34:54 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/01/21 15:34:54 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/01/21 15:34:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/01/21 15:34:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/01/21 15:34:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/01/21 15:34:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/01/21 15:34:53 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/01/21 15:34:52 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/01/21 15:32:04 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/01/21 15:31:56 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/01/21 15:31:56 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/01/21 15:31:56 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/01/21 15:31:56 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/01/21 15:31:56 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/01/21 14:40:43 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/01/21 14:40:43 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/01/21 14:40:43 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/01/21 14:40:43 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/01/21 14:40:43 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/01/21 14:40:43 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/01/21 14:40:43 | 00,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/01/21 14:40:42 | 01,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/01/06 17:01:53 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\settings.dat
[2010/01/06 16:56:52 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/01/06 16:20:30 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2010/01/06 08:53:18 | 00,000,980 | ---- | C] () -- C:\WINDOWS\System32\SiteList.xml
[2010/01/04 11:01:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/04 11:01:34 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/04 08:10:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\22929.exe
[2010/01/04 07:50:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\2082.exe
[2010/01/04 07:30:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\16118.exe
[2010/01/04 07:10:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\21538.exe
[2010/01/04 06:50:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5537.exe
[2010/01/04 06:30:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11323.exe
[2010/01/04 06:10:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\24626.exe
[2010/01/04 05:50:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\32439.exe
[2010/01/04 05:30:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\16944.exe
[2010/01/04 05:10:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26308.exe
[2010/01/04 04:50:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\13931.exe
[2010/01/04 04:29:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\7376.exe
[2010/01/04 04:09:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\4966.exe
[2010/01/04 03:49:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11840.exe
[2010/01/04 03:29:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18756.exe
[2010/01/04 03:09:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19954.exe
[2010/01/04 02:49:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\24084.exe
[2010/01/04 02:29:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\12623.exe
[2010/01/04 02:09:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19629.exe
[2010/01/04 01:49:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\3548.exe
[2010/01/04 01:29:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\24393.exe
[2010/01/04 01:09:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\31101.exe
[2010/01/04 00:49:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15006.exe
[2010/01/04 00:29:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15350.exe
[2010/01/04 00:09:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\24370.exe
[2010/01/03 23:49:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6729.exe
[2010/01/03 23:29:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15890.exe
[2010/01/03 23:09:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\23805.exe
[2010/01/03 22:49:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\27446.exe
[2010/01/03 22:29:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\22648.exe
[2010/01/03 22:09:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19264.exe
[2010/01/03 21:49:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\8942.exe
[2010/01/03 21:29:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\9040.exe
[2010/01/03 21:09:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\30106.exe
[2010/01/03 20:49:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\288.exe
[2010/01/03 20:29:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\1842.exe
[2010/01/03 20:09:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\22190.exe
[2010/01/03 19:49:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\3035.exe
[2010/01/03 19:29:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\12316.exe
[2010/01/03 19:09:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\778.exe
[2010/01/03 18:49:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\27529.exe
[2010/01/03 18:29:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\9741.exe
[2010/01/03 18:09:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\8723.exe
[2010/01/03 17:49:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\12859.exe
[2010/01/03 16:08:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\25547.exe
[2010/01/03 15:28:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\28253.exe
[2010/01/03 15:08:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\7711.exe
[2010/01/03 14:48:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15141.exe
[2010/01/03 14:28:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\4664.exe
[2010/01/03 14:08:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\17673.exe
[2010/01/03 13:48:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\30333.exe
[2010/01/03 13:28:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\31322.exe
[2010/01/03 13:08:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\23811.exe
[2010/01/03 12:48:32 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\28703.exe
[2010/01/03 12:28:32 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\9894.exe
[2010/01/03 12:08:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\17035.exe
[2010/01/03 11:48:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26299.exe
[2010/01/03 11:28:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\25667.exe
[2010/01/03 11:08:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19912.exe
[2010/01/03 10:48:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\1869.exe
[2010/01/03 10:28:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11538.exe
[2010/01/03 10:08:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\14771.exe
[2010/01/03 09:48:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\21726.exe
[2010/01/03 09:28:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5447.exe
[2010/01/03 09:08:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19895.exe
[2010/01/03 08:48:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19718.exe
[2010/01/03 08:28:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18716.exe
[2010/01/03 08:08:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\17421.exe
[2010/01/03 07:48:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\12382.exe
[2010/01/03 07:28:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\292.exe
[2010/01/03 07:08:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\153.exe
[2010/01/03 06:48:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\3902.exe
[2010/01/03 06:28:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\14604.exe
[2010/01/03 06:08:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\32391.exe
[2010/01/03 05:48:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5436.exe
[2010/01/03 05:28:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\4827.exe
[2010/01/03 05:08:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11942.exe
[2010/01/03 04:48:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\2995.exe
[2010/01/03 04:28:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\491.exe
[2010/01/03 04:08:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\9961.exe
[2010/01/03 03:48:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\16827.exe
[2010/01/03 03:28:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\23281.exe
[2010/01/03 03:08:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\28145.exe
[2010/01/03 02:48:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5705.exe
[2010/01/03 02:28:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\24464.exe
[2010/01/03 02:08:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26962.exe
[2010/01/03 01:48:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe
[2010/01/03 01:28:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe
[2010/01/03 01:08:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
[2010/01/03 00:48:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
[2010/01/03 00:28:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2010/01/03 00:08:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2010/01/02 23:48:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2010/01/02 23:23:39 | 00,000,001 | ---- | C] () -- C:\s
[2007/12/21 14:23:14 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/05/23 12:25:28 | 00,001,739 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/04 14:19:23 | 00,002,741 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2007/02/23 13:42:25 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2007/02/23 13:16:56 | 00,000,357 | ---- | C] () -- C:\WINDOWS\INFORMIX.INI
[2007/02/23 13:16:49 | 00,001,762 | ---- | C] () -- C:\Program Files\RELEASE.TXT
[2007/02/23 13:16:49 | 00,001,280 | ---- | C] () -- C:\Program Files\README.WRI
[2007/02/23 13:16:49 | 00,000,766 | ---- | C] () -- C:\Program Files\UTILITY.ICO
[2007/02/23 13:16:49 | 00,000,493 | ---- | C] () -- C:\Program Files\INFO.TXT
[2007/02/23 13:12:38 | 00,000,228 | ---- | C] () -- C:\WINDOWS\cognos.ini
[2007/02/23 13:11:27 | 00,000,120 | ---- | C] () -- C:\WINDOWS\ELITE.INI
[2007/02/23 13:09:59 | 00,000,649 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/03 02:38:21 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/16 09:13:48 | 00,000,012 | ---- | C] () -- C:\WINDOWS\WinInit.INI
[2005/07/16 10:06:32 | 00,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/07/16 09:24:09 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2003/01/07 13:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/01/21 16:53:03 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/01/21 16:53:03 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 05:51:44 | 20,056,462 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\90e2b77e52bde5a61cb581fd9eb73789\i386\sp3.cab:AGP440.sys
[2010/01/21 16:53:03 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/13 11:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/01/21 16:53:03 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/01/21 16:53:03 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 20,056,462 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\90e2b77e52bde5a61cb581fd9eb73789\i386\sp3.cab:atapi.sys
[2010/01/21 16:53:03 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/13 11:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/13 17:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 11:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 11:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\SP2QFE\netlogon.dll
[2009/02/06 11:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\SP2QFE\netlogon.dll
[2004/08/04 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

Extras.txt:

OTL Extras logfile created on: 1/28/2010 11:27:22 AM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 111.00 Mb Available Physical Memory | 22.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 21.78 Gb Free Space | 58.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-BUR104
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{7148F0A8-6813-11D6-A77B-00B0D0142140}" = Java 2 Runtime Environment, SE v1.4.2_14
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A638557B-1F13-40A0-9627-C892FBCA6960}" = McAfee Agent
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe Acrobat Reader 3.02" = Adobe Acrobat Reader 3.02
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Cognos cer1" = Cognos BI
"Cognos cer3" = Cognos Series 7 Version 2 and Enterprise Planning Series
"Cognos commonlogon" = Cognos Windows Common Logon Server
"EliteQ" = EliteQ
"EliteSeries Client" = EliteSeries Client
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"INFORMIX-Connect" = INFORMIX-Connect
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"PROSet" = Intel® PRO Network Adapters and Drivers
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/21/2010 12:41:01 PM | Computer Name = PC-BUR104 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x001b0218.

Error - 1/21/2010 12:42:57 PM | Computer Name = PC-BUR104 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0005021c.

Error - 1/21/2010 1:13:43 PM | Computer Name = PC-BUR104 | Source = Userenv | ID = 1096
Description = Windows cannot access the registry policy file, \\entertainmentone.ca\sysvol\entertainmentone.ca\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\registry.pol.
(The data is invalid. ).

Error - 1/21/2010 1:17:45 PM | Computer Name = PC-BUR104 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00100220.

Error - 1/21/2010 1:20:33 PM | Computer Name = PC-BUR104 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00120222.

Error - 1/21/2010 1:20:58 PM | Computer Name = PC-BUR104 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0037021a.

Error - 1/21/2010 2:00:27 PM | Computer Name = PC-BUR104 | Source = Userenv | ID = 1096
Description = Windows cannot access the registry policy file, \\entertainmentone.ca\sysvol\entertainmentone.ca\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\registry.pol.
(The data is invalid. ).

Error - 1/21/2010 2:07:00 PM | Computer Name = PC-BUR104 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x032ef7a5.

Error - 1/21/2010 2:07:18 PM | Computer Name = PC-BUR104 | Source = Application Error | ID = 1001
Description = Fault bucket 1669049041.

Error - 1/21/2010 3:31:13 PM | Computer Name = PC-BUR104 | Source = Userenv | ID = 1096
Description = Windows cannot access the registry policy file, \\entertainmentone.ca\sysvol\entertainmentone.ca\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\registry.pol.
(The data is invalid. ).

[ System Events ]
Error - 1/17/2010 8:49:50 PM | Computer Name = PC-BUR104 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 1/17/2010 8:49:50 PM | Computer Name = PC-BUR104 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 1/19/2010 12:54:49 PM | Computer Name = PC-BUR104 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 1/19/2010 12:54:49 PM | Computer Name = PC-BUR104 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 1/20/2010 12:31:05 PM | Computer Name = PC-BUR104 | Source = Service Control Manager | ID = 7031
Description = The DCOM Server Process Launcher service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.

Error - 1/20/2010 12:31:05 PM | Computer Name = PC-BUR104 | Source = Service Control Manager | ID = 7034
Description = The Terminal Services service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/20/2010 12:36:43 PM | Computer Name = PC-BUR104 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 1/20/2010 12:36:43 PM | Computer Name = PC-BUR104 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 1/21/2010 2:00:06 PM | Computer Name = PC-BUR104 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 1/21/2010 2:00:06 PM | Computer Name = PC-BUR104 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.


< End of report >


#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:23 AM

Posted 29 January 2010 - 08:45 AM


Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.



================


Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    DRV - [2010/01/02 23:24:19 | 00,032,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\xxjdoz.sys -- (xxjdoz)
    [2010/01/04 08:36:25 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
    [2010/01/04 08:10:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\22929.exe
    [2010/01/04 07:50:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\2082.exe
    [2010/01/04 07:30:15 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\16118.exe
    [2010/01/04 07:10:15 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\21538.exe
    [2010/01/04 06:50:14 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5537.exe
    [2010/01/04 06:30:14 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11323.exe
    [2010/01/04 06:10:13 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24626.exe
    [2010/01/04 05:50:13 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\32439.exe
    [2010/01/04 05:30:12 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\16944.exe
    [2010/01/04 05:10:12 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26308.exe
    [2010/01/04 04:50:10 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\13931.exe
    [2010/01/04 04:29:31 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\7376.exe
    [2010/01/04 04:09:31 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\4966.exe
    [2010/01/04 03:49:30 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11840.exe
    [2010/01/04 03:29:30 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18756.exe
    [2010/01/04 03:09:29 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19954.exe
    [2010/01/04 02:49:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24084.exe
    [2010/01/04 02:29:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\12623.exe
    [2010/01/04 02:09:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19629.exe
    [2010/01/04 01:49:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\3548.exe
    [2010/01/04 01:29:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24393.exe
    [2010/01/04 01:09:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\31101.exe
    [2010/01/04 00:49:25 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15006.exe
    [2010/01/04 00:29:25 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15350.exe
    [2010/01/04 00:09:24 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24370.exe
    [2010/01/03 23:49:24 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6729.exe
    [2010/01/03 23:29:23 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15890.exe
    [2010/01/03 23:09:23 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\23805.exe
    [2010/01/03 22:49:22 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\27446.exe
    [2010/01/03 22:29:22 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\22648.exe
    [2010/01/03 22:09:21 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19264.exe
    [2010/01/03 21:49:21 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\8942.exe
    [2010/01/03 21:29:20 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\9040.exe
    [2010/01/03 21:09:20 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\30106.exe
    [2010/01/03 20:49:19 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\288.exe
    [2010/01/03 20:29:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\1842.exe
    [2010/01/03 20:09:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\22190.exe
    [2010/01/03 19:49:17 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\3035.exe
    [2010/01/03 19:29:17 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\12316.exe
    [2010/01/03 19:09:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\778.exe
    [2010/01/03 18:49:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\27529.exe
    [2010/01/03 18:29:15 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\9741.exe
    [2010/01/03 18:09:14 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\8723.exe
    [2010/01/03 17:49:11 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\12859.exe
    [2010/01/03 16:08:43 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\25547.exe
    [2010/01/03 15:28:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28253.exe
    [2010/01/03 15:08:37 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\7711.exe
    [2010/01/03 14:48:37 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15141.exe
    [2010/01/03 14:28:36 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\4664.exe
    [2010/01/03 14:08:36 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\17673.exe
    [2010/01/03 13:48:35 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\30333.exe
    [2010/01/03 13:28:33 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\31322.exe
    [2010/01/03 13:08:33 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\23811.exe
    [2010/01/03 12:48:32 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28703.exe
    [2010/01/03 12:28:32 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\9894.exe
    [2010/01/03 12:08:31 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\17035.exe
    [2010/01/03 11:48:31 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26299.exe
    [2010/01/03 11:28:30 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\25667.exe
    [2010/01/03 11:08:30 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19912.exe
    [2010/01/03 10:48:29 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\1869.exe
    [2010/01/03 10:28:29 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11538.exe
    [2010/01/03 10:08:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\14771.exe
    [2010/01/03 09:48:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\21726.exe
    [2010/01/03 09:28:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5447.exe
    [2010/01/03 09:08:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19895.exe
    [2010/01/03 08:48:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19718.exe
    [2010/01/03 08:28:25 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18716.exe
    [2010/01/03 08:08:25 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\17421.exe
    [2010/01/03 07:48:24 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\12382.exe
    [2010/01/03 07:28:24 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\292.exe
    [2010/01/03 07:08:23 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\153.exe
    [2010/01/03 06:48:23 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\3902.exe
    [2010/01/03 06:28:22 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\14604.exe
    [2010/01/03 06:08:22 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\32391.exe
    [2010/01/03 05:48:21 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5436.exe
    [2010/01/03 05:28:21 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\4827.exe
    [2010/01/03 05:08:20 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11942.exe
    [2010/01/03 04:48:20 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\2995.exe
    [2010/01/03 04:28:19 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\491.exe
    [2010/01/03 04:08:19 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\9961.exe
    [2010/01/03 03:48:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\16827.exe
    [2010/01/03 03:28:17 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe
    [2010/01/03 03:08:17 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28145.exe
    [2010/01/03 02:48:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe
    [2010/01/03 02:28:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe
    [2010/01/03 02:08:15 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
    [2010/01/03 01:48:15 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
    [2010/01/03 01:28:14 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
    [2010/01/03 01:08:14 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
    [2010/01/03 00:48:13 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
    [2010/01/03 00:28:13 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
    [2010/01/03 00:08:12 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
    [2010/01/02 23:24:19 | 00,032,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xxjdoz.sys
    [2010/01/02 23:23:39 | 00,000,001 | ---- | M] () -- C:\s
    [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]





    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 nleavitt

nleavitt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 29 January 2010 - 04:21 PM

Fix log:

All processes killed
========== OTL ==========
Service xxjdoz stopped successfully!
Service xxjdoz deleted successfully!
C:\WINDOWS\system32\drivers\xxjdoz.sys moved successfully.
C:\WINDOWS\system32\18467.exe moved successfully.
C:\WINDOWS\system32\22929.exe moved successfully.
C:\WINDOWS\system32\2082.exe moved successfully.
C:\WINDOWS\system32\16118.exe moved successfully.
C:\WINDOWS\system32\21538.exe moved successfully.
C:\WINDOWS\system32\5537.exe moved successfully.
C:\WINDOWS\system32\11323.exe moved successfully.
C:\WINDOWS\system32\24626.exe moved successfully.
C:\WINDOWS\system32\32439.exe moved successfully.
C:\WINDOWS\system32\16944.exe moved successfully.
C:\WINDOWS\system32\26308.exe moved successfully.
C:\WINDOWS\system32\13931.exe moved successfully.
C:\WINDOWS\system32\7376.exe moved successfully.
C:\WINDOWS\system32\4966.exe moved successfully.
C:\WINDOWS\system32\11840.exe moved successfully.
C:\WINDOWS\system32\18756.exe moved successfully.
C:\WINDOWS\system32\19954.exe moved successfully.
C:\WINDOWS\system32\24084.exe moved successfully.
C:\WINDOWS\system32\12623.exe moved successfully.
C:\WINDOWS\system32\19629.exe moved successfully.
C:\WINDOWS\system32\3548.exe moved successfully.
C:\WINDOWS\system32\24393.exe moved successfully.
C:\WINDOWS\system32\31101.exe moved successfully.
C:\WINDOWS\system32\15006.exe moved successfully.
C:\WINDOWS\system32\15350.exe moved successfully.
C:\WINDOWS\system32\24370.exe moved successfully.
C:\WINDOWS\system32\6729.exe moved successfully.
C:\WINDOWS\system32\15890.exe moved successfully.
C:\WINDOWS\system32\23805.exe moved successfully.
C:\WINDOWS\system32\27446.exe moved successfully.
C:\WINDOWS\system32\22648.exe moved successfully.
C:\WINDOWS\system32\19264.exe moved successfully.
C:\WINDOWS\system32\8942.exe moved successfully.
C:\WINDOWS\system32\9040.exe moved successfully.
C:\WINDOWS\system32\30106.exe moved successfully.
C:\WINDOWS\system32\288.exe moved successfully.
C:\WINDOWS\system32\1842.exe moved successfully.
C:\WINDOWS\system32\22190.exe moved successfully.
C:\WINDOWS\system32\3035.exe moved successfully.
C:\WINDOWS\system32\12316.exe moved successfully.
C:\WINDOWS\system32\778.exe moved successfully.
C:\WINDOWS\system32\27529.exe moved successfully.
C:\WINDOWS\system32\9741.exe moved successfully.
C:\WINDOWS\system32\8723.exe moved successfully.
C:\WINDOWS\system32\12859.exe moved successfully.
C:\WINDOWS\system32\25547.exe moved successfully.
C:\WINDOWS\system32\28253.exe moved successfully.
C:\WINDOWS\system32\7711.exe moved successfully.
C:\WINDOWS\system32\15141.exe moved successfully.
C:\WINDOWS\system32\4664.exe moved successfully.
C:\WINDOWS\system32\17673.exe moved successfully.
C:\WINDOWS\system32\30333.exe moved successfully.
C:\WINDOWS\system32\31322.exe moved successfully.
C:\WINDOWS\system32\23811.exe moved successfully.
C:\WINDOWS\system32\28703.exe moved successfully.
C:\WINDOWS\system32\9894.exe moved successfully.
C:\WINDOWS\system32\17035.exe moved successfully.
C:\WINDOWS\system32\26299.exe moved successfully.
C:\WINDOWS\system32\25667.exe moved successfully.
C:\WINDOWS\system32\19912.exe moved successfully.
C:\WINDOWS\system32\1869.exe moved successfully.
C:\WINDOWS\system32\11538.exe moved successfully.
C:\WINDOWS\system32\14771.exe moved successfully.
C:\WINDOWS\system32\21726.exe moved successfully.
C:\WINDOWS\system32\5447.exe moved successfully.
C:\WINDOWS\system32\19895.exe moved successfully.
C:\WINDOWS\system32\19718.exe moved successfully.
C:\WINDOWS\system32\18716.exe moved successfully.
C:\WINDOWS\system32\17421.exe moved successfully.
C:\WINDOWS\system32\12382.exe moved successfully.
C:\WINDOWS\system32\292.exe moved successfully.
C:\WINDOWS\system32\153.exe moved successfully.
C:\WINDOWS\system32\3902.exe moved successfully.
C:\WINDOWS\system32\14604.exe moved successfully.
C:\WINDOWS\system32\32391.exe moved successfully.
C:\WINDOWS\system32\5436.exe moved successfully.
C:\WINDOWS\system32\4827.exe moved successfully.
C:\WINDOWS\system32\11942.exe moved successfully.
C:\WINDOWS\system32\2995.exe moved successfully.
C:\WINDOWS\system32\491.exe moved successfully.
C:\WINDOWS\system32\9961.exe moved successfully.
C:\WINDOWS\system32\16827.exe moved successfully.
C:\WINDOWS\system32\23281.exe moved successfully.
C:\WINDOWS\system32\28145.exe moved successfully.
C:\WINDOWS\system32\5705.exe moved successfully.
C:\WINDOWS\system32\24464.exe moved successfully.
C:\WINDOWS\system32\26962.exe moved successfully.
C:\WINDOWS\system32\29358.exe moved successfully.
C:\WINDOWS\system32\11478.exe moved successfully.
C:\WINDOWS\system32\15724.exe moved successfully.
C:\WINDOWS\system32\19169.exe moved successfully.
C:\WINDOWS\system32\26500.exe moved successfully.
C:\WINDOWS\system32\6334.exe moved successfully.
File C:\WINDOWS\System32\drivers\xxjdoz.sys not found.
C:\s moved successfully.
C:\WINDOWS\002224_.tmp deleted successfully.
C:\WINDOWS\003445_.tmp deleted successfully.
C:\WINDOWS\005698_.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET7.tmp deleted successfully.
C:\WINDOWS\SETCE.tmp deleted successfully.
C:\WINDOWS\SETD1.tmp deleted successfully.
C:\WINDOWS\SETDD.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 11508902 bytes
->Temporary Internet Files folder emptied: 36029271 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 33139937 bytes

User: Administrator.EONE
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Ned Leavitt
->Temp folder emptied: 60430193 bytes
->Temporary Internet Files folder emptied: 1448520 bytes
->Java cache emptied: 25493482 bytes
->FireFox cache emptied: 45924942 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 383736688 bytes

User: Rob Farnholz
->Temp folder emptied: 22222607 bytes
->Temporary Internet Files folder emptied: 46995934 bytes
->Java cache emptied: 37659511 bytes
->FireFox cache emptied: 23667952 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1208122 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10948464 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 5811239 bytes
RecycleBin emptied: 104 bytes

Total Files Cleaned = 712.00 mb


OTL by OldTimer - Version 3.1.27.0 log created on 01292010_141320

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


#10 nleavitt

nleavitt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 29 January 2010 - 04:48 PM

OTL logfile created on: 1/29/2010 2:25:46 PM - Run 2
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 171.00 Mb Available Physical Memory | 34.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 22.66 Gb Free Space | 60.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-BUR104
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/28 11:26:15 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/01/22 14:18:20 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/11 15:21:52 | 00,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2009/12/17 17:14:11 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/04/09 19:07:00 | 00,144,888 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2009/04/09 19:07:00 | 00,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2009/04/09 19:07:00 | 00,070,216 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2009/04/09 19:07:00 | 00,062,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2009/04/09 19:07:00 | 00,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2009/04/09 19:07:00 | 00,021,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/14 04:00:00 | 00,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2008/03/14 04:00:00 | 00,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2008/03/14 04:00:00 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2008/03/14 04:00:00 | 00,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2004/07/01 12:02:52 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2004/07/01 11:58:46 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2002/06/26 13:36:58 | 00,090,112 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe


========== Modules (SafeList) ==========

MOD - [2010/01/28 11:26:15 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (WinVNC4)
SRV - [2009/12/17 17:14:11 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/04/09 19:07:00 | 00,144,888 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2009/04/09 19:07:00 | 00,070,216 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2009/04/09 19:07:00 | 00,062,800 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2009/04/09 19:07:00 | 00,021,256 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2009/01/07 18:21:00 | 00,026,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2008/03/14 04:00:00 | 00,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2003/07/28 10:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002/07/15 12:36:54 | 00,045,056 | ---- | M] (Analog Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2009/04/09 19:07:00 | 00,342,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/04/09 19:07:00 | 00,091,640 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/04/09 19:07:00 | 00,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2009/04/09 19:07:00 | 00,065,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2009/04/09 19:07:00 | 00,063,696 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/04/09 19:07:00 | 00,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008/08/20 22:18:42 | 00,171,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1000325.sys -- (E1000) Intel®
DRV - [2008/04/13 11:40:58 | 00,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\changer.sys -- (Changer)
DRV - [2008/04/13 11:40:26 | 00,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2005/08/11 11:49:28 | 00,393,088 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2005/03/28 08:19:38 | 00,220,992 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2005/03/04 18:53:00 | 00,127,872 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/07/01 12:26:16 | 00,724,221 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2003/04/15 07:40:54 | 00,113,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS)
DRV - [2003/04/15 07:40:46 | 00,078,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH)
DRV - [2003/03/04 08:56:26 | 00,145,408 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1390067357-1757981266-725345543-500\S-1-5-21-1390067357-1757981266-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/22 14:18:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/29 14:11:52 | 00,000,000 | ---D | M]

[2010/01/05 15:29:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/01/28 11:35:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qsf8jsh9.default\extensions
[2010/01/29 14:11:53 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/01/22 11:29:26 | 00,625,907 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 data2.activshopper.com #[Trackware.ActivShopper]
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 16591 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1390067357-1757981266-725345543-500..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1390067357-1757981266-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1390067357-1757981266-725345543-500\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1264114020475 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1262627046922 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.10.7.63 10.10.0.90 10.10.0.64
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = entertainmentone.ca
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/23 13:16:56 | 00,000,055 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6e9020ef-232e-11db-a76c-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{6e9020ef-232e-11db-a76c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6e9020ef-232e-11db-a76c-806d6172696f}\Shell\AutoRun\command - "" = D:\AutoRunPro.exe -- File not found
O33 - MountPoints2\{8b37e4ef-4c46-11da-ad0c-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{8b37e4ef-4c46-11da-ad0c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8b37e4ef-4c46-11da-ad0c-806d6172696f}\Shell\AutoRun\command - "" = D:\AutoRunPro.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/01/21 15:32:43 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 30 Days ==========

[2010/01/29 14:13:20 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/29 14:12:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/01/29 14:11:51 | 00,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/29 14:11:51 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/29 14:11:51 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/29 14:09:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2010/01/29 14:03:40 | 00,157,696 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\Administrator\Desktop\JavaRa.exe
[2010/01/29 13:59:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/01/28 11:26:14 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/01/22 16:26:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2010/01/22 15:26:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2010/01/22 14:54:32 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010/01/22 14:11:59 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/01/22 14:11:59 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/01/22 14:11:54 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/01/22 14:11:49 | 11,070,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/01/22 14:05:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2010/01/22 08:04:21 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/01/22 08:04:06 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscms.dll
[2010/01/22 08:04:00 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
[2010/01/22 08:03:58 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tlntsess.exe
[2010/01/22 08:03:58 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\telnet.exe
[2010/01/22 08:03:53 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/01/22 08:03:53 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdc.ocx
[2010/01/22 08:03:52 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/01/22 08:03:49 | 01,509,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2010/01/22 08:03:48 | 05,942,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/01/22 08:03:13 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/22 08:03:06 | 00,149,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rastls.dll
[2010/01/22 08:03:06 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\raschap.dll
[2010/01/22 08:03:03 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2010/01/22 08:03:03 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrobj.dll
[2010/01/22 08:03:03 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrrun.dll
[2010/01/22 08:03:03 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cscript.exe
[2010/01/22 08:03:03 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshext.dll
[2010/01/22 08:03:02 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wscript.exe
[2010/01/22 08:02:48 | 01,435,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.dll
[2010/01/22 08:02:42 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\es.dll
[2010/01/22 08:02:38 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifil32.dll
[2010/01/22 08:01:53 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wkssvc.dll
[2010/01/22 08:01:15 | 00,345,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\localspl.dll
[2010/01/22 08:00:51 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxoci.dll
[2010/01/22 08:00:50 | 00,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtctm.dll
[2010/01/22 08:00:50 | 00,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcuiu.dll
[2010/01/22 08:00:50 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxclu.dll
[2010/01/22 08:00:50 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtclog.dll
[2010/01/22 08:00:42 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atl.dll
[2010/01/22 07:59:49 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2010/01/22 07:59:42 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/01/22 07:59:34 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/01/22 07:59:27 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2010/01/22 07:59:03 | 08,461,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/01/22 07:57:56 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2010/01/22 07:57:53 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oakley.dll
[2010/01/22 07:56:57 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys
[2010/01/22 07:56:57 | 00,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2010/01/22 07:56:56 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswsock.dll
[2010/01/22 07:56:56 | 00,225,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip6.sys
[2010/01/22 07:56:56 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsapi.dll
[2010/01/22 07:56:44 | 00,585,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2010/01/22 07:56:35 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/01/22 07:56:34 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/01/22 07:56:33 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/01/22 07:56:18 | 00,354,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winhttp.dll
[2010/01/22 07:56:14 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2010/01/22 07:56:10 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2010/01/22 07:56:05 | 01,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2010/01/22 07:55:57 | 00,286,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gdi32.dll
[2010/01/22 07:55:54 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2010/01/22 07:55:36 | 00,092,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksecdd.sys
[2010/01/22 07:55:36 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\secur32.dll
[2010/01/22 07:55:35 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[2010/01/22 07:55:35 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msv1_0.dll
[2010/01/22 07:55:35 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdigest.dll
[2010/01/22 07:55:34 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kerberos.dll
[2010/01/22 07:55:33 | 00,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2010/01/22 07:55:10 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/01/22 07:55:08 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/01/22 07:54:40 | 01,850,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2010/01/21 16:57:45 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/01/21 16:46:00 | 01,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2010/01/21 16:46:00 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2010/01/21 15:43:51 | 00,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2010/01/21 15:37:39 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2010/01/21 15:37:38 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2010/01/21 15:37:38 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2010/01/21 15:37:37 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2010/01/21 15:37:37 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2010/01/21 15:37:37 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2010/01/21 15:37:35 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2010/01/21 15:37:35 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2010/01/21 15:37:34 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2010/01/21 15:37:32 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2010/01/21 15:37:32 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2010/01/21 15:37:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2010/01/21 15:37:32 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2010/01/21 15:37:31 | 00,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2010/01/21 15:37:31 | 00,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2010/01/21 15:37:24 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2010/01/21 15:37:24 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2010/01/21 15:37:22 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2010/01/21 15:37:21 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2010/01/21 15:37:20 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2010/01/21 15:37:20 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2010/01/21 15:37:20 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2010/01/21 15:37:18 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2010/01/21 15:37:17 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2010/01/21 15:37:17 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2010/01/21 15:37:17 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2010/01/21 15:37:14 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2010/01/21 15:37:13 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2010/01/21 15:37:11 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2010/01/21 15:37:10 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2010/01/21 15:37:10 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2010/01/21 15:37:09 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2010/01/21 15:37:08 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2010/01/21 15:37:08 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2010/01/21 15:37:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2010/01/21 15:37:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2010/01/21 15:37:07 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2010/01/21 15:37:07 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2010/01/21 15:37:07 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2010/01/21 15:37:07 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2010/01/21 15:37:07 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2010/01/21 15:37:07 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2010/01/21 15:37:07 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2010/01/21 15:37:07 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2010/01/21 15:37:07 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2010/01/21 15:37:07 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2010/01/21 15:37:07 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2010/01/21 15:37:06 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2010/01/21 15:37:04 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2010/01/21 15:36:58 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2010/01/21 15:36:57 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2010/01/21 15:36:55 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/01/21 15:36:55 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/01/21 15:36:53 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2010/01/21 15:36:51 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2010/01/21 15:36:51 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2010/01/21 15:36:49 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2010/01/21 15:36:49 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2010/01/21 15:36:49 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2010/01/21 15:36:46 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2010/01/21 15:36:46 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2010/01/21 15:36:45 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2010/01/21 15:36:45 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2010/01/21 15:36:45 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2010/01/21 15:36:45 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2010/01/21 15:36:45 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2010/01/21 15:36:44 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2010/01/21 15:36:44 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2010/01/21 15:36:43 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2010/01/21 15:36:43 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2010/01/21 15:36:43 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2010/01/21 15:36:42 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2010/01/21 15:36:42 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2010/01/21 15:36:37 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2010/01/21 15:36:35 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2010/01/21 15:36:32 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2010/01/21 15:36:25 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2010/01/21 15:36:25 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2010/01/21 15:36:14 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2010/01/21 15:36:14 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2010/01/21 15:36:13 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2010/01/21 15:36:12 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2010/01/21 15:36:11 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2010/01/21 15:36:09 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2010/01/21 15:36:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2010/01/21 15:36:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2010/01/21 15:36:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2010/01/21 15:36:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2010/01/21 15:36:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2010/01/21 15:36:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2010/01/21 15:36:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2010/01/21 15:36:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2010/01/21 15:36:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2010/01/21 15:36:07 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2010/01/21 15:36:07 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2010/01/21 15:36:07 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2010/01/21 15:36:06 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2010/01/21 15:36:06 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2010/01/21 15:36:06 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2010/01/21 15:36:06 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2010/01/21 15:36:06 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2010/01/21 15:36:06 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2010/01/21 15:36:06 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2010/01/21 15:36:06 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2010/01/21 15:36:05 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2010/01/21 15:36:05 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2010/01/21 15:36:05 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2010/01/21 15:36:05 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2010/01/21 15:36:05 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2010/01/21 15:36:04 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2010/01/21 15:36:04 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2010/01/21 15:36:04 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2010/01/21 15:36:04 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2010/01/21 15:36:04 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2010/01/21 15:36:04 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2010/01/21 15:36:04 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2010/01/21 15:36:03 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2010/01/21 15:36:03 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2010/01/21 15:36:00 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2010/01/21 15:35:58 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2010/01/21 15:35:58 | 00,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2010/01/21 15:35:58 | 00,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2010/01/21 15:35:57 | 00,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2010/01/21 15:35:57 | 00,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2010/01/21 15:35:57 | 00,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2010/01/21 15:35:57 | 00,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2010/01/21 15:35:57 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2010/01/21 15:35:57 | 00,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2010/01/21 15:35:56 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2010/01/21 15:35:56 | 00,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2010/01/21 15:35:56 | 00,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2010/01/21 15:35:56 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2010/01/21 15:35:56 | 00,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2010/01/21 15:35:56 | 00,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2010/01/21 15:35:56 | 00,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2010/01/21 15:35:56 | 00,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2010/01/21 15:35:55 | 00,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2010/01/21 15:35:55 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2010/01/21 15:35:55 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2010/01/21 15:35:55 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2010/01/21 15:35:55 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2010/01/21 15:35:55 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2010/01/21 15:35:54 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2010/01/21 15:35:54 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2010/01/21 15:35:54 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2010/01/21 15:35:54 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2010/01/21 15:35:49 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2010/01/21 15:35:39 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2010/01/21 15:35:35 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2010/01/21 15:35:31 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2010/01/21 15:35:31 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2010/01/21 15:35:30 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2010/01/21 15:35:30 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2010/01/21 15:35:29 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2010/01/21 15:35:29 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2010/01/21 15:35:26 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2010/01/21 15:35:25 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2010/01/21 15:35:24 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010/01/21 15:35:24 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2010/01/21 15:35:23 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010/01/21 15:35:23 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010/01/21 15:35:14 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2010/01/21 15:35:10 | 00,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2010/01/21 15:35:10 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2010/01/21 15:35:09 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2010/01/21 15:35:09 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2010/01/21 15:35:08 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2010/01/21 15:35:05 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2010/01/21 15:35:05 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2010/01/21 15:35:05 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2010/01/21 15:35:05 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2010/01/21 15:35:05 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2010/01/21 15:35:04 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2010/01/21 15:35:04 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2010/01/21 15:35:03 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2010/01/21 15:35:03 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2010/01/21 15:35:03 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2010/01/21 15:35:03 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2010/01/21 15:35:03 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2010/01/21 15:35:01 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/01/21 15:35:01 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2010/01/21 15:35:00 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2010/01/21 15:34:53 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2010/01/21 15:34:51 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2010/01/21 15:34:41 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2010/01/21 15:34:41 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2010/01/21 15:34:40 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2010/01/21 15:34:31 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2010/01/21 15:34:31 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2010/01/21 15:34:31 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2010/01/21 15:34:24 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2010/01/21 15:34:14 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2010/01/21 15:34:14 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2010/01/21 15:34:13 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2010/01/21 15:34:13 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2010/01/21 15:34:13 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2010/01/21 15:34:13 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2010/01/21 15:34:08 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2010/01/21 15:31:31 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2010/01/21 14:40:59 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010/01/21 14:40:59 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2010/01/21 14:40:59 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010/01/21 14:40:59 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2010/01/19 10:06:49 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/01/06 17:01:35 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Administrator\Desktop\RootRepeal.exe
[2010/01/06 16:20:30 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/06 11:51:55 | 00,070,858 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Administrator\Desktop\GooredFix.exe
[2010/01/06 11:51:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\GooredFix Backups
[2010/01/06 11:25:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\hosts
[2010/01/06 10:59:50 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2010/01/05 16:07:04 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/01/05 16:07:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/01/05 16:02:25 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/01/05 15:48:01 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/01/05 15:30:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/01/05 15:29:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2010/01/05 15:29:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2010/01/05 14:25:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/01/05 14:03:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/01/04 11:01:27 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/01/04 08:54:00 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/04 08:53:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/04 08:53:57 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/04 08:53:56 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2007/11/26 18:12:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2004/07/05 10:52:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2004/07/05 10:52:44 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/07/05 10:52:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/07/05 10:52:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/01/29 14:19:58 | 00,013,668 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/29 14:19:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/29 14:18:55 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/29 14:16:03 | 05,242,880 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/01/29 14:16:03 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/01/28 11:26:15 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/01/22 16:25:46 | 00,513,578 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/22 16:25:46 | 00,443,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/22 16:25:46 | 00,071,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/22 15:30:36 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/22 14:16:53 | 00,003,796 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/01/22 11:29:26 | 00,625,907 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2010/01/22 09:10:11 | 00,290,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/22 08:54:44 | 02,003,353 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/01/22 07:55:10 | 00,009,574 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/01/21 15:43:29 | 00,013,668 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/01/21 15:38:40 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/01/21 15:33:22 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/01/21 15:33:21 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/01/21 15:33:21 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/01/21 15:33:06 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/01/21 15:32:04 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/01/21 15:32:04 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/01/21 15:31:56 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/01/21 15:31:56 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/01/21 15:31:56 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/01/21 15:31:56 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/01/21 15:31:56 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/01/21 15:31:56 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/01/21 15:31:41 | 00,000,977 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/21 15:29:40 | 00,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/01/21 15:27:38 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2010/01/21 14:41:06 | 00,000,515 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/06 17:01:53 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\settings.dat
[2010/01/06 17:01:51 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Administrator\Desktop\RootRepeal.exe
[2010/01/06 16:57:21 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/01/06 16:20:30 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2010/01/06 11:30:19 | 00,070,858 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Administrator\Desktop\GooredFix.exe
[2010/01/06 11:25:32 | 00,625,907 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100122-112926.backup
[2010/01/06 11:12:26 | 00,601,245 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/01/06 08:53:18 | 00,000,980 | ---- | M] () -- C:\WINDOWS\System32\SiteList.xml
[2010/01/05 17:16:44 | 00,371,233 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS.MVP
[2010/01/04 11:01:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/01/04 11:01:34 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2010/01/29 14:03:39 | 00,245,103 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\JavaRa.def
[2010/01/22 08:01:11 | 01,291,264 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2010/01/21 17:23:18 | 00,003,796 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/01/21 15:43:29 | 00,013,668 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2010/01/21 15:37:48 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/01/21 15:36:46 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/01/21 15:36:46 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/01/21 15:36:44 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/01/21 15:36:10 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/01/21 15:36:09 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/01/21 15:35:58 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/01/21 15:35:57 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/01/21 15:35:55 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/01/21 15:35:44 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/01/21 15:35:35 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/01/21 15:35:05 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/01/21 15:35:00 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/01/21 15:35:00 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/01/21 15:35:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/01/21 15:34:59 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/01/21 15:34:59 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/01/21 15:34:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/01/21 15:34:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/01/21 15:34:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/01/21 15:34:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/01/21 15:34:58 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/01/21 15:34:58 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/01/21 15:34:58 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/01/21 15:34:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/01/21 15:34:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/01/21 15:34:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/01/21 15:34:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/01/21 15:34:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/01/21 15:34:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/01/21 15:34:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/01/21 15:34:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/01/21 15:34:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/01/21 15:34:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/01/21 15:34:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/01/21 15:34:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/01/21 15:34:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/01/21 15:34:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/01/21 15:34:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/01/21 15:34:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/01/21 15:34:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/01/21 15:34:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/01/21 15:34:56 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/01/21 15:34:56 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/01/21 15:34:56 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/01/21 15:34:56 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/01/21 15:34:56 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/01/21 15:34:56 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/01/21 15:34:56 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/01/21 15:34:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/01/21 15:34:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/01/21 15:34:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/01/21 15:34:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/01/21 15:34:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/01/21 15:34:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/01/21 15:34:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/01/21 15:34:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/01/21 15:34:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/01/21 15:34:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/01/21 15:34:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/01/21 15:34:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/01/21 15:34:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/01/21 15:34:54 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/01/21 15:34:54 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/01/21 15:34:54 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/01/21 15:34:54 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/01/21 15:34:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/01/21 15:34:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/01/21 15:34:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/01/21 15:34:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/01/21 15:34:53 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/01/21 15:34:52 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/01/21 15:32:04 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/01/21 15:31:56 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/01/21 15:31:56 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/01/21 15:31:56 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/01/21 15:31:56 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/01/21 15:31:56 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/01/21 14:40:43 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/01/21 14:40:43 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/01/21 14:40:43 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/01/21 14:40:43 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/01/21 14:40:43 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/01/21 14:40:43 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/01/21 14:40:43 | 00,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/01/21 14:40:42 | 01,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/01/06 17:01:53 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\settings.dat
[2010/01/06 16:56:52 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/01/06 16:20:30 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2010/01/06 08:53:18 | 00,000,980 | ---- | C] () -- C:\WINDOWS\System32\SiteList.xml
[2010/01/04 11:01:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/04 11:01:34 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2007/12/21 14:23:14 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/05/23 12:25:28 | 00,001,739 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/04 14:19:23 | 00,002,741 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2007/02/23 13:42:25 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2007/02/23 13:16:56 | 00,000,357 | ---- | C] () -- C:\WINDOWS\INFORMIX.INI
[2007/02/23 13:16:49 | 00,001,762 | ---- | C] () -- C:\Program Files\RELEASE.TXT
[2007/02/23 13:16:49 | 00,001,280 | ---- | C] () -- C:\Program Files\README.WRI
[2007/02/23 13:16:49 | 00,000,766 | ---- | C] () -- C:\Program Files\UTILITY.ICO
[2007/02/23 13:16:49 | 00,000,493 | ---- | C] () -- C:\Program Files\INFO.TXT
[2007/02/23 13:12:38 | 00,000,228 | ---- | C] () -- C:\WINDOWS\cognos.ini
[2007/02/23 13:11:27 | 00,000,120 | ---- | C] () -- C:\WINDOWS\ELITE.INI
[2007/02/23 13:09:59 | 00,000,649 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/03 02:38:21 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/16 09:13:48 | 00,000,012 | ---- | C] () -- C:\WINDOWS\WinInit.INI
[2005/07/16 10:06:32 | 00,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/07/16 09:24:09 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2003/01/07 13:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/01/21 16:53:03 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/01/21 16:53:03 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 05:51:44 | 20,056,462 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\90e2b77e52bde5a61cb581fd9eb73789\i386\sp3.cab:AGP440.sys
[2010/01/21 16:53:03 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/13 11:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/01/21 16:53:03 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/01/21 16:53:03 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 20,056,462 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\90e2b77e52bde5a61cb581fd9eb73789\i386\sp3.cab:atapi.sys
[2010/01/21 16:53:03 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/13 11:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/13 17:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 11:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 11:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\SP2QFE\netlogon.dll
[2009/02/06 11:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\SP2QFE\netlogon.dll
[2004/08/04 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >


#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:23 AM

Posted 30 January 2010 - 08:25 AM

Looks good to me. How is your computer behaving now? Any issues?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 nleavitt

nleavitt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 13 February 2010 - 02:45 PM

The computer hasn't been used very much, but there do not seem to be an furthur issues. I tried replicating the original problems and did not enoucnter anything suspicious. Thank you very much.

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:23 AM

Posted 14 February 2010 - 09:27 AM

Follow these steps to remove OTL and some of the other tools we've used.
  • Double-click OTL.exe to run it.
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



================




Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  1. Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  2. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  3. Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  4. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  5. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  6. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  7. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  8. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

thumbup.gif smile.gif





Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:23 AM

Posted 24 February 2010 - 08:26 AM

Now that your malware problem appears to be resolved, this topic will be closed.
If you need this topic reopened, please contact a member of the Malware Response Team and we will reopen it for you.
Include the address of this topic in your request.


Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users