Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Infections Google Redirect & Spambot


  • This topic is locked This topic is locked
7 replies to this topic

#1 Jay Callero

Jay Callero

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 10 February 2010 - 07:26 PM

Hello,

This is a Dell Inspiron E1705. I have done everything in my power to repair this virus before coming to post on this forum.

A brief description of what has been done.

I have ran many security software's fully updated including MalwareBytes, Super Anti-Spyware, Avast Anti-Virus, Ad Aware, Spybot, Combo Fix, Sd Fix, Microsoft Security Essentials and more.

I have ran a full repair installation of windows XP - Including reinstalling Internet Explorer, and trying different browsers (Firefox, Chrome, Etc)

The virus was originally called Live PC very similar to the normal fake anti-virus software. The fake anti-virus part has been long removed thanks to malware bytes. The current problem that have been unable to resolve is a google redirect virus. Sometimes when going to google it will say "Your computer may be sending automated queries to google" Other times you go to google to make a search, click on a good link and it says "The document has been moved, Redirecting" Then takes you to a spam/ad type website. I also like to add there is a box called "results from UK" that is not on any other computers that I have seen. In the hijackthis log there are tons of entires similar to Hosts IP www.google.uk etc.

I have read the forum what to do before posting with extreme care and I was unable to save the GMER log to post. It takes about 1hr to run and it either gives a blue screen of death before finishing or finishes and the entire computer freezes before being able to save the log. Instead I have posted a standard Hijack this log.

This has been a project and am hoping to find a cure thanks a lot for any assistance


DDS

CODE
DDS (Ver_09-12-01.01) - NTFSx86  
Run by Gail at 14:59:19.20 on Wed 02/10/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1622 [GMT -8:00]

AV: avast! Internet Security *On-access scanning enabled* (Updated)   {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *enabled*   {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Documents and Settings\Gail\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
Notify: AtiExtEvent - Ati2evxx.dll
Hosts: 192.168.0.2 HP0017A42E3725
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gail\applic~1\mozilla\firefox\profiles\ykq65emk.default\
FF - plugin: c:\documents and settings\gail\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-2-1 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-2-1 194640]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-2-1 103120]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-2-1 270928]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-1 163280]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-1 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-1 40384]
R2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2010-2-1 119200]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-1 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-1 40384]
S3 DrvAgent32;DrvAgent32;\??\c:\windows\system32\drivers\drvagent32.sys --> c:\windows\system32\drivers\DrvAgent32.sys [?]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-5-27 174336]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]

=============== Created Last 30 ================

2010-02-10 22:59:07    0    ----a-w-    c:\documents and settings\gail\defogger_reenable
2010-02-10 20:45:31    0    d-----w-    c:\program files\Trend Micro
2010-02-10 20:17:35    52224    -c----w-    c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-10 20:17:35    459264    -c----w-    c:\windows\system32\dllcache\msfeeds.dll
2010-02-10 20:17:34    13824    -c----w-    c:\windows\system32\dllcache\ieudinit.exe
2010-02-10 20:17:33    991232    -c----w-    c:\windows\system32\dllcache\ieframe.dll.mui
2010-02-10 20:17:33    6067200    -c----w-    c:\windows\system32\dllcache\ieframe.dll
2010-02-10 20:17:33    268288    -c----w-    c:\windows\system32\dllcache\iertutil.dll
2010-02-10 20:17:32    63488    -c----w-    c:\windows\system32\dllcache\icardie.dll
2010-02-10 20:17:32    380928    -c----w-    c:\windows\system32\dllcache\ieapfltr.dll
2010-02-10 20:17:32    2452872    -c----w-    c:\windows\system32\dllcache\ieapfltr.dat
2010-02-10 20:03:56    45568    ----a-r-    c:\windows\system32\drivers\bcm4sbxp.sys
2010-02-10 19:59:06    57384    ----a-w-    c:\windows\system32\drivers\btwhid.sys
2010-02-10 19:59:06    37160    ----a-w-    c:\windows\system32\drivers\btport.sys
2010-02-10 19:59:06    37032    ----a-w-    c:\windows\system32\drivers\btwmodem.sys
2010-02-10 19:59:06    156816    ----a-w-    c:\windows\system32\drivers\btwdndis.sys
2010-02-10 19:59:05    534568    ----a-w-    c:\windows\system32\drivers\btaudio.sys
2010-02-10 19:54:24    457    ----a-w-    c:\windows\system32\vcredist_x86.bat
2010-02-10 19:54:24    2682880    ----a-w-    c:\windows\system32\vcredist_x86.exe
2010-02-10 19:54:22    151552    ----a-w-    c:\windows\system32\bcmwlapi.dll
2010-02-10 19:46:40    455424    -c----w-    c:\windows\system32\dllcache\mrxsmb.sys
2010-02-10 19:45:04    2189184    -c----w-    c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-10 19:45:04    2145280    -c----w-    c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-10 19:45:03    2066048    -c----w-    c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-10 19:45:03    2023936    -c----w-    c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-10 01:35:59    20736    -c--a-w-    c:\windows\system32\dllcache\ramdisk.sys
2010-02-10 01:34:59    59904    -c--a-w-    c:\windows\system32\dllcache\imkrinst.exe
2010-02-10 01:33:59    33792    -c--a-w-    c:\windows\system32\dllcache\controt.dll
2010-02-10 01:31:15    488    ---ha-r-    c:\windows\system32\logonui.exe.manifest
2010-02-10 01:31:06    749    ---ha-r-    c:\windows\WindowsShell.Manifest
2010-02-10 01:31:06    749    ---ha-r-    c:\windows\system32\wuaucpl.cpl.manifest
2010-02-10 01:31:06    749    ---ha-r-    c:\windows\system32\sapi.cpl.manifest
2010-02-10 01:31:06    749    ---ha-r-    c:\windows\system32\nwc.cpl.manifest
2010-02-10 01:31:06    749    ---ha-r-    c:\windows\system32\ncpa.cpl.manifest
2010-02-10 01:30:47    16384    -c--a-w-    c:\windows\system32\dllcache\isignup.exe
2010-02-10 01:21:03    24661    -c--a-w-    c:\windows\system32\dllcache\spxcoins.dll
2010-02-10 01:21:03    24661    ----a-w-    c:\windows\system32\spxcoins.dll
2010-02-10 01:21:03    13312    -c--a-w-    c:\windows\system32\dllcache\irclass.dll
2010-02-10 01:21:03    13312    ----a-w-    c:\windows\system32\irclass.dll
2010-02-10 01:20:45    1296669    -c--a-w-    c:\windows\system32\dllcache\SP3.CAT
2010-02-10 01:20:42    16535    ----a-r-    c:\windows\SET5F.tmp
2010-02-10 01:20:39    1088840    ----a-r-    c:\windows\SET53.tmp
2010-02-10 01:20:35    1296669    ----a-r-    c:\windows\SET52.tmp
2010-02-09 21:35:42    0    d-sh--w-    C:\$RECYCLE.BIN
2010-02-09 18:30:22    14573    ----a-r-    c:\windows\SET98.tmp
2010-02-09 18:30:18    13753    ----a-r-    c:\windows\SET5D.tmp
2010-02-09 18:30:13    1086058    ----a-r-    c:\windows\SET51.tmp
2010-02-09 18:30:11    1042903    ----a-r-    c:\windows\SET50.tmp
2010-02-09 17:06:38    0    d--h--w-    c:\windows\inf
2010-02-08 22:17:37    12872    ----a-w-    c:\windows\system32\bootdelete.exe
2010-02-08 22:11:09    15944    ----a-w-    c:\windows\system32\drivers\hitmanpro35.sys
2010-02-08 22:11:03    0    d-----w-    c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-02-08 22:11:02    0    d-----w-    c:\program files\Hitman Pro 3.5
2010-02-08 19:51:37    0    d-sha-r-    C:\cmdcons
2010-02-08 17:36:06    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-08 17:36:05    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-02-08 17:01:41    199776    ----a-w-    c:\windows\setupapi.old
2010-02-08 16:42:54    0    d-----w-    C:\CC Cleaner
2010-02-08 16:35:55    0    d-----w-    c:\program files\CCleaner
2010-02-06 13:18:56    274288    ----a-w-    c:\windows\system32\mucltui.dll
2010-02-06 13:18:56    215920    ----a-w-    c:\windows\system32\muweb.dll
2010-02-06 13:18:56    16736    ----a-w-    c:\windows\system32\mucltui.dll.mui
2010-02-06 01:21:36    0    d-----w-    c:\program files\Lavasoft
2010-02-05 20:12:10    181120    ----a-w-    c:\windows\system32\MpSigStub.exe
2010-02-05 19:47:49    0    d-----w-    c:\program files\Spybot - Search & Destroy
2010-02-05 19:47:49    0    d-----w-    c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-02-05 19:34:18    0    d-----w-    c:\windows\ERUNT
2010-02-05 19:33:59    0    d-----w-    C:\SDFix
2010-02-05 19:03:32    98816    ----a-w-    c:\windows\sed.exe
2010-02-05 19:03:32    77312    ----a-w-    c:\windows\MBR.exe
2010-02-05 19:03:32    261632    ----a-w-    c:\windows\PEV.exe
2010-02-05 19:03:32    161792    ----a-w-    c:\windows\SWREG.exe
2010-02-05 19:01:37    389120    ----a-w-    c:\windows\system32\CF11127.exe
2010-02-04 23:01:32    0    d-----w-    c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-02-04 23:01:10    0    d-----w-    c:\program files\SUPERAntiSpyware
2010-02-04 23:01:10    0    d-----w-    c:\docume~1\gail\applic~1\SUPERAntiSpyware.com
2010-02-04 22:26:03    0    d-----w-    c:\windows\system32\appmgmt
2010-02-02 00:00:05    270928    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2010-02-02 00:00:04    103120    ----a-w-    c:\windows\system32\drivers\aswFW.sys
2010-02-01 23:59:53    194640    ----a-w-    c:\windows\system32\drivers\aswNdis2.sys
2010-02-01 23:59:28    12112    ----a-w-    c:\windows\system32\drivers\aswNdis.sys
2010-02-01 21:40:47    0    d-----w-    c:\docume~1\gail\applic~1\Malwarebytes
2010-02-01 21:40:42    0    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-02-01 21:40:42    0    d-----w-    c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-01 21:10:32    0    d-----w-    c:\docume~1\alluse~1\applic~1\Alwil Software
2010-02-01 20:17:35    0    d-sh--w-    c:\docume~1\alluse~1\applic~1\LPUEYQBQCG

==================== Find3M  ====================

2010-02-10 01:29:37    22720    ----a-w-    c:\windows\system32\emptyregdb.dat
2010-01-05 10:00:29    832512    ----a-w-    c:\windows\system32\wininet.dll
2010-01-05 10:00:21    78336    ----a-w-    c:\windows\system32\ieencode.dll
2010-01-05 10:00:20    17408    ----a-w-    c:\windows\system32\corpol.dll
2009-12-31 16:50:03    353792    ----a-w-    c:\windows\system32\drivers\srv.sys
2009-12-16 18:43:27    343040    ----a-w-    c:\windows\system32\mspaint.exe
2009-12-14 07:08:23    33280    ----a-w-    c:\windows\system32\csrsrv.dll
2009-12-08 19:26:15    2145280    ----a-w-    c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:51    2023936    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2009-12-06 00:51:47    27748    ---ha-w-    c:\windows\system32\mlfcache.dat
2009-11-27 17:11:44    17920    ----a-w-    c:\windows\system32\msyuv.dll
2009-11-27 17:11:44    1291776    ----a-w-    c:\windows\system32\quartz.dll
2009-11-27 16:07:35    8704    ----a-w-    c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35    28672    ----a-w-    c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34    84992    ----a-w-    c:\windows\system32\avifil32.dll
2009-11-27 16:07:34    48128    ----a-w-    c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34    11264    ----a-w-    c:\windows\system32\msrle32.dll

============= FINISH: 14:59:48.76 ===============


HijackThis

CODE
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:53:41 PM, on 2/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 188.124.7.186 www.google.com
O1 - Hosts: 188.124.7.186 google.com
O1 - Hosts: 188.124.7.186 google.com.au
O1 - Hosts: 188.124.7.186 www.google.com.au
O1 - Hosts: 188.124.7.186 google.be
O1 - Hosts: 188.124.7.186 www.google.be
O1 - Hosts: 188.124.7.186 google.com.br
O1 - Hosts: 188.124.7.186 www.google.com.br
O1 - Hosts: 188.124.7.186 google.ca
O1 - Hosts: 188.124.7.186 www.google.ca
O1 - Hosts: 188.124.7.186 google.ch
O1 - Hosts: 188.124.7.186 www.google.ch
O1 - Hosts: 188.124.7.186 google.de
O1 - Hosts: 188.124.7.186 www.google.de
O1 - Hosts: 188.124.7.186 google.dk
O1 - Hosts: 188.124.7.186 www.google.dk
O1 - Hosts: 188.124.7.186 google.fr
O1 - Hosts: 188.124.7.186 www.google.fr
O1 - Hosts: 188.124.7.186 google.ie
O1 - Hosts: 188.124.7.186 www.google.ie
O1 - Hosts: 188.124.7.186 google.it
O1 - Hosts: 188.124.7.186 www.google.it
O1 - Hosts: 188.124.7.186 google.co.jp
O1 - Hosts: 188.124.7.186 www.google.co.jp
O1 - Hosts: 188.124.7.186 google.nl
O1 - Hosts: 188.124.7.186 www.google.nl
O1 - Hosts: 188.124.7.186 google.no
O1 - Hosts: 188.124.7.186 www.google.no
O1 - Hosts: 188.124.7.186 google.co.nz
O1 - Hosts: 188.124.7.186 www.google.co.nz
O1 - Hosts: 188.124.7.186 google.pl
O1 - Hosts: 188.124.7.186 www.google.pl
O1 - Hosts: 188.124.7.186 google.se
O1 - Hosts: 188.124.7.186 www.google.se
O1 - Hosts: 188.124.7.186 google.co.uk
O1 - Hosts: 188.124.7.186 www.google.co.uk
O1 - Hosts: 188.124.7.186 google.co.za
O1 - Hosts: 188.124.7.186 www.google.co.za
O1 - Hosts: 188.124.7.186 www.google-analytics.com
O1 - Hosts: 188.124.7.186 www.bing.com
O1 - Hosts: 188.124.7.186 search.yahoo.com
O1 - Hosts: 188.124.7.186 www.search.yahoo.com
O1 - Hosts: 188.124.7.186 uk.search.yahoo.com
O1 - Hosts: 188.124.7.186 ca.search.yahoo.com
O1 - Hosts: 188.124.7.186 de.search.yahoo.com
O1 - Hosts: 188.124.7.186 fr.search.yahoo.com
O1 - Hosts: 188.124.7.186 au.search.yahoo.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - ALWIL Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8196 bytes

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:22 AM

Posted 11 February 2010 - 08:45 AM

Hello! smile.gif
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  • Click the "Run Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Jay Callero

Jay Callero
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 11 February 2010 - 01:54 PM

Sam,

Thanks a lot for the reply! I have done what you asked and attached the log files.

Thanks,
Jay


=================


OTL logfile created on: 2/11/2010 10:39:51 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Gail\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 243.33 Gb Free Space | 81.63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.76 Gb Total Space | 1.17 Gb Free Space | 31.10% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 448.19 Gb Total Space | 416.38 Gb Free Space | 92.90% Space Free | Partition Type: NTFS

Computer Name: GAIL-E4DEED3AB4
Current User Name: Gail
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/11 10:15:30 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gail\Desktop\OTL.exe
PRC - [2010/02/05 17:18:36 | 000,135,664 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2010/01/28 14:09:31 | 002,757,512 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/01/28 14:09:28 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/04/30 14:51:36 | 002,396,160 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
PRC - [2009/04/30 14:51:36 | 000,025,088 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
PRC - [2009/04/30 14:51:22 | 002,134,016 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
PRC - [2008/09/29 14:39:48 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/09/29 14:39:46 | 001,448,576 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008/09/29 14:39:46 | 000,346,720 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2008/04/14 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 04:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2006/05/23 20:59:38 | 000,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe


========== Modules (SafeList) ==========

MOD - [2010/02/11 10:15:30 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gail\Desktop\OTL.exe
MOD - [2010/01/28 13:58:21 | 000,122,880 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\snxBorder.dll
MOD - [2010/01/28 13:56:49 | 000,135,168 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\snxPlugins.dll
MOD - [2008/09/29 14:38:50 | 000,094,273 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2008/09/29 14:37:16 | 000,069,697 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/05 17:18:36 | 000,135,664 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2010/01/28 14:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/01/28 14:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/01/28 14:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/01/28 14:09:15 | 000,119,200 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2009/09/21 15:36:02 | 000,545,568 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/05 06:39:18 | 000,182,768 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/08/28 18:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/04/30 14:51:36 | 000,025,088 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/09/29 14:39:46 | 000,346,720 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/05/23 20:59:38 | 000,409,600 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2006/05/09 15:03:32 | 000,052,736 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/05/09 15:03:30 | 000,043,520 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/01/28 13:59:21 | 000,103,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswFW.sys -- (aswFW)
DRV - [2010/01/28 13:59:05 | 000,270,928 | ---- | M] (ALWIL Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010/01/28 13:58:45 | 000,194,640 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2010/01/28 13:57:55 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/01/28 13:57:34 | 000,163,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/01/28 13:54:42 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/01/28 13:54:16 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/01/28 13:54:05 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/01/28 13:53:50 | 000,028,240 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/01/09 13:22:02 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2009/09/03 16:40:17 | 000,023,600 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TVICHW32.SYS -- (TVICHW32)
DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/04/30 14:51:28 | 001,952,512 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/11/05 22:20:24 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/10/11 14:56:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/09/30 19:13:26 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/09/26 08:30:10 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/07/29 14:41:36 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/06/09 09:41:28 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/05/27 16:03:00 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2008/05/27 16:03:00 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/27 16:03:00 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2008/04/14 04:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 04:00:00 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/14 04:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2007/07/26 18:08:18 | 000,019,072 | R--- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ax88772.sys -- (AX88772)
DRV - [2007/05/10 09:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/11/21 04:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/05/23 21:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/19 16:48:37 | 000,021,568 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2006/03/19 16:48:36 | 000,049,920 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006/03/19 16:48:36 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2005/12/01 01:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 01:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 01:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/10/04 23:57:08 | 000,012,544 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2001/08/17 13:53:32 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\serscan.sys -- (StillCam)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/08 09:16:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/08 09:16:16 | 000,000,000 | ---D | M]

[2010/02/08 09:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gail\Application Data\Mozilla\Extensions
[2010/02/08 15:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gail\Application Data\Mozilla\Firefox\Profiles\ykq65emk.default\extensions
[2010/02/08 09:16:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/02/01 13:14:12 | 000,002,780 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.0.2 HP0017A42E3725
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 188.124.7.186 www.google.com
O1 - Hosts: 188.124.7.186 google.com
O1 - Hosts: 188.124.7.186 google.com.au
O1 - Hosts: 188.124.7.186 www.google.com.au
O1 - Hosts: 188.124.7.186 google.be
O1 - Hosts: 188.124.7.186 www.google.be
O1 - Hosts: 188.124.7.186 google.com.br
O1 - Hosts: 188.124.7.186 www.google.com.br
O1 - Hosts: 39 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.180.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Gail\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gail\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/03 16:29:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (猀瀀爀攀猀琀爀琀) - File not found
O34 - HKLM BootExecute: (猀瀀爀攀猀琀爀琀) - File not found
O34 - HKLM BootExecute: (猀瀀爀攀猀琀爀琀) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/02/09 17:31:56 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891835792228352)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/11 10:26:56 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gail\Desktop\OTL.exe
[2010/02/11 10:24:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/02/10 14:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gail\Desktop\Disable CD Emulation
[2010/02/10 12:56:21 | 000,217,088 | ---- | C] (NDNet ver. Hitoma) -- C:\Documents and Settings\Gail\Desktop\WurtBeta Update Fix.exe
[2010/02/10 12:47:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/10 12:45:31 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/10 12:17:35 | 000,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/02/10 12:17:35 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/02/10 12:17:34 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2010/02/10 12:17:33 | 006,067,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/02/10 12:17:33 | 000,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2010/02/10 12:17:33 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/02/10 12:17:32 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2010/02/10 12:17:32 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2010/02/10 12:17:32 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2010/02/10 12:07:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gail\Desktop\ojproL7X00
[2010/02/10 12:07:01 | 067,482,800 | ---- | C] (Hewlett Packard) -- C:\Documents and Settings\Gail\Desktop\OJProL7X00_Basic_8.exe
[2010/02/10 12:03:56 | 000,045,568 | R--- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\bcm4sbxp.sys
[2010/02/10 11:59:06 | 000,156,816 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btwdndis.sys
[2010/02/10 11:59:06 | 000,057,384 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btwhid.sys
[2010/02/10 11:59:06 | 000,037,160 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btport.sys
[2010/02/10 11:59:06 | 000,037,032 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btwmodem.sys
[2010/02/10 11:59:05 | 000,534,568 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btaudio.sys
[2010/02/10 11:54:24 | 002,682,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vcredist_x86.exe
[2010/02/10 11:54:22 | 000,151,552 | ---- | C] (Broadcom Corp.) -- C:\WINDOWS\System32\bcmwlapi.dll
[2010/02/10 11:54:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gail\Application Data\InstallShield
[2010/02/10 11:47:54 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/02/10 11:46:40 | 000,455,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/02/10 11:45:04 | 002,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/02/10 11:45:04 | 002,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/02/10 11:45:03 | 002,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/02/10 11:45:03 | 002,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/02/09 17:40:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/02/09 17:36:45 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2010/02/09 17:36:45 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2010/02/09 17:36:44 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2010/02/09 17:36:44 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2010/02/09 17:36:43 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2010/02/09 17:36:43 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2010/02/09 17:36:41 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2010/02/09 17:36:41 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2010/02/09 17:36:40 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2010/02/09 17:36:40 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2010/02/09 17:36:39 | 000,364,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2010/02/09 17:36:39 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2010/02/09 17:36:39 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2010/02/09 17:36:38 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2010/02/09 17:36:38 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2010/02/09 17:36:38 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2010/02/09 17:36:37 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2010/02/09 17:36:37 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2010/02/09 17:36:33 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2010/02/09 17:36:33 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2010/02/09 17:36:32 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2010/02/09 17:36:31 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2010/02/09 17:36:30 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2010/02/09 17:36:29 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2010/02/09 17:36:29 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2010/02/09 17:36:29 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2010/02/09 17:36:29 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2010/02/09 17:36:28 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2010/02/09 17:36:27 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2010/02/09 17:36:27 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2010/02/09 17:36:27 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2010/02/09 17:36:24 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2010/02/09 17:36:23 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2010/02/09 17:36:22 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2010/02/09 17:36:22 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2010/02/09 17:36:21 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2010/02/09 17:36:19 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2010/02/09 17:36:18 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2010/02/09 17:36:18 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2010/02/09 17:36:18 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2010/02/09 17:36:18 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2010/02/09 17:36:18 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2010/02/09 17:36:17 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2010/02/09 17:36:17 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2010/02/09 17:36:17 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2010/02/09 17:36:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2010/02/09 17:36:16 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2010/02/09 17:36:16 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2010/02/09 17:36:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpapi.dll
[2010/02/09 17:36:15 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2010/02/09 17:36:15 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2010/02/09 17:36:15 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2010/02/09 17:36:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2010/02/09 17:36:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2010/02/09 17:36:14 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2010/02/09 17:36:14 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2010/02/09 17:36:14 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2010/02/09 17:36:14 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2010/02/09 17:36:14 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2010/02/09 17:36:14 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2010/02/09 17:36:14 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2010/02/09 17:36:14 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2010/02/09 17:36:13 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2010/02/09 17:36:13 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2010/02/09 17:36:13 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2010/02/09 17:36:13 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2010/02/09 17:36:13 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2010/02/09 17:36:08 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seo.dll
[2010/02/09 17:36:08 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2010/02/09 17:36:07 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2010/02/09 17:36:05 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/02/09 17:36:05 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/02/09 17:36:05 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/02/09 17:36:05 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2010/02/09 17:36:05 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwnh.dll
[2010/02/09 17:36:03 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2010/02/09 17:36:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2010/02/09 17:36:01 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2010/02/09 17:36:01 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2010/02/09 17:35:59 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2010/02/09 17:35:58 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2010/02/09 17:35:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2010/02/09 17:35:58 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2010/02/09 17:35:56 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2010/02/09 17:35:54 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2010/02/09 17:35:54 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2010/02/09 17:35:54 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2010/02/09 17:35:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2010/02/09 17:35:53 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2010/02/09 17:35:53 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2010/02/09 17:35:53 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2010/02/09 17:35:52 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2010/02/09 17:35:52 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2010/02/09 17:35:50 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2010/02/09 17:35:50 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2010/02/09 17:35:50 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2010/02/09 17:35:50 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2010/02/09 17:35:50 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2010/02/09 17:35:45 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2010/02/09 17:35:44 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2010/02/09 17:35:43 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2010/02/09 17:35:39 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2010/02/09 17:35:39 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2010/02/09 17:35:32 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2010/02/09 17:35:32 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2010/02/09 17:35:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2010/02/09 17:35:20 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2010/02/09 17:35:20 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2010/02/09 17:35:20 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2010/02/09 17:35:20 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2010/02/09 17:35:19 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2010/02/09 17:35:18 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2010/02/09 17:35:17 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2010/02/09 17:35:17 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2010/02/09 17:35:17 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2010/02/09 17:35:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2010/02/09 17:35:16 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2010/02/09 17:35:13 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2010/02/09 17:35:12 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2010/02/09 17:35:11 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2010/02/09 17:35:11 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2010/02/09 17:35:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2010/02/09 17:35:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2010/02/09 17:35:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2010/02/09 17:35:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2010/02/09 17:35:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2010/02/09 17:35:10 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2010/02/09 17:35:10 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2010/02/09 17:35:10 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2010/02/09 17:35:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2010/02/09 17:35:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2010/02/09 17:35:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2010/02/09 17:35:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2010/02/09 17:35:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2010/02/09 17:35:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2010/02/09 17:35:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2010/02/09 17:35:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2010/02/09 17:35:08 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2010/02/09 17:35:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2010/02/09 17:35:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2010/02/09 17:35:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2010/02/09 17:35:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2010/02/09 17:35:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2010/02/09 17:35:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2010/02/09 17:35:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2010/02/09 17:35:07 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2010/02/09 17:35:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2010/02/09 17:35:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2010/02/09 17:35:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2010/02/09 17:35:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2010/02/09 17:35:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2010/02/09 17:35:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2010/02/09 17:35:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2010/02/09 17:35:06 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2010/02/09 17:35:06 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2010/02/09 17:35:05 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2010/02/09 17:35:05 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2010/02/09 17:35:05 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2010/02/09 17:35:05 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2010/02/09 17:35:03 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2010/02/09 17:35:02 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2010/02/09 17:35:02 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2010/02/09 17:35:01 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2010/02/09 17:35:00 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2010/02/09 17:35:00 | 000,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2010/02/09 17:35:00 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2010/02/09 17:34:59 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2010/02/09 17:34:59 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2010/02/09 17:34:59 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2010/02/09 17:34:59 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2010/02/09 17:34:59 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2010/02/09 17:34:58 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2010/02/09 17:34:58 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2010/02/09 17:34:58 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2010/02/09 17:34:58 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2010/02/09 17:34:58 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2010/02/09 17:34:57 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2010/02/09 17:34:57 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2010/02/09 17:34:57 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2010/02/09 17:34:56 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2010/02/09 17:34:56 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2010/02/09 17:34:56 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2010/02/09 17:34:56 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2010/02/09 17:34:56 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2010/02/09 17:34:56 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2010/02/09 17:34:56 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2010/02/09 17:34:55 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2010/02/09 17:34:55 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2010/02/09 17:34:55 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2010/02/09 17:34:55 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2010/02/09 17:34:54 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2010/02/09 17:34:54 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2010/02/09 17:34:54 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2010/02/09 17:34:54 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2010/02/09 17:34:45 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2010/02/09 17:34:30 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2010/02/09 17:34:30 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2010/02/09 17:34:30 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2010/02/09 17:34:30 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2010/02/09 17:34:29 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2010/02/09 17:34:27 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2010/02/09 17:34:27 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2010/02/09 17:34:25 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2010/02/09 17:34:25 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2010/02/09 17:34:25 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2010/02/09 17:34:24 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2010/02/09 17:34:24 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2010/02/09 17:34:24 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2010/02/09 17:34:24 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2010/02/09 17:34:24 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2010/02/09 17:34:23 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2010/02/09 17:34:23 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2010/02/09 17:34:23 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2010/02/09 17:34:23 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2010/02/09 17:34:23 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2010/02/09 17:34:23 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2010/02/09 17:34:23 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2010/02/09 17:34:23 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2010/02/09 17:34:22 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2010/02/09 17:34:22 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2010/02/09 17:34:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2010/02/09 17:34:22 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2010/02/09 17:34:22 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2010/02/09 17:34:22 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2010/02/09 17:34:21 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2010/02/09 17:34:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2010/02/09 17:34:21 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2010/02/09 17:34:21 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2010/02/09 17:34:20 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2010/02/09 17:34:18 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2010/02/09 17:34:18 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2010/02/09 17:34:17 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2010/02/09 17:34:16 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2010/02/09 17:34:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2010/02/09 17:34:16 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2010/02/09 17:34:15 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2010/02/09 17:34:15 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010/02/09 17:34:15 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010/02/09 17:34:15 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010/02/09 17:34:15 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2010/02/09 17:34:15 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2010/02/09 17:34:03 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2010/02/09 17:34:03 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2010/02/09 17:34:00 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2010/02/09 17:34:00 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2010/02/09 17:34:00 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2010/02/09 17:34:00 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2010/02/09 17:33:59 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2010/02/09 17:33:58 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2010/02/09 17:33:56 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2010/02/09 17:33:55 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2010/02/09 17:33:55 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2010/02/09 17:33:55 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2010/02/09 17:33:55 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2010/02/09 17:33:54 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2010/02/09 17:33:53 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2010/02/09 17:33:53 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2010/02/09 17:33:53 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2010/02/09 17:33:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2010/02/09 17:33:52 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2010/02/09 17:33:52 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2010/02/09 17:33:50 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2010/02/09 17:33:50 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/02/09 17:33:50 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2010/02/09 17:33:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2010/02/09 17:33:39 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2010/02/09 17:33:37 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2010/02/09 17:33:35 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2010/02/09 17:33:35 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2010/02/09 17:33:35 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2010/02/09 17:33:34 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2010/02/09 17:33:34 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2010/02/09 17:33:34 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2010/02/09 17:33:33 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2010/02/09 17:33:33 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2010/02/09 17:33:33 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2010/02/09 17:33:33 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2010/02/09 17:33:32 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2010/02/09 17:33:32 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2010/02/09 17:33:31 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2010/02/09 17:33:30 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2010/02/09 17:33:30 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2010/02/09 17:33:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2010/02/09 17:33:24 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2010/02/09 17:33:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2010/02/09 17:33:23 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2010/02/09 17:33:23 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2010/02/09 17:33:22 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsnap.dll
[2010/02/09 17:33:22 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpadm.dll
[2010/02/09 17:33:22 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2010/02/09 17:33:21 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2010/02/09 17:33:16 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2010/02/09 17:33:15 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2010/02/09 17:33:15 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2010/02/09 17:33:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2010/02/09 17:33:15 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2010/02/09 17:33:14 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2010/02/09 17:33:14 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2010/02/09 17:33:14 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2010/02/09 17:33:14 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2010/02/09 17:33:14 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2010/02/09 17:33:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2010/02/09 17:33:13 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2010/02/09 17:33:13 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2010/02/09 17:33:13 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2010/02/09 17:33:13 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2010/02/09 17:33:12 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2010/02/09 17:33:12 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2010/02/09 17:33:12 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2010/02/09 17:33:12 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2010/02/09 17:33:11 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2010/02/09 17:33:11 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2010/02/09 17:33:11 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2010/02/09 17:33:11 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2010/02/09 17:33:11 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2010/02/09 17:33:10 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2010/02/09 17:33:10 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2010/02/09 17:33:10 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2010/02/09 17:33:10 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2010/02/09 17:33:10 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2010/02/09 17:33:09 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2010/02/09 17:33:08 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2010/02/09 17:33:08 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2010/02/09 17:33:08 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2010/02/09 17:33:08 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2010/02/09 17:33:08 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2010/02/09 17:33:07 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2010/02/09 17:33:07 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2010/02/09 17:33:06 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2010/02/09 17:33:06 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2010/02/09 17:33:06 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2010/02/09 17:33:03 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2010/02/09 17:30:47 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2010/02/09 17:21:03 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010/02/09 17:21:03 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2010/02/09 17:21:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010/02/09 17:21:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2010/02/09 13:35:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/02/09 09:06:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010/02/08 14:17:37 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/02/08 14:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/02/08 14:11:02 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/02/08 14:10:57 | 005,058,880 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Gail\Desktop\HitmanPro35.exe
[2010/02/08 14:03:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/02/08 13:12:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gail\Desktop\Virus Removal Tool
[2010/02/08 11:51:37 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/08 10:12:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gail\Desktop\Instructions
[2010/02/08 09:36:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/08 09:36:05 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/08 09:16:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gail\Local Settings\Application Data\Mozilla
[2010/02/08 09:16:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gail\Application Data\Mozilla
[2010/02/08 09:16:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/02/08 09:15:24 | 008,067,224 | ---- | C] (Mozilla) -- C:\Documents and Settings\Gail\Desktop\Firefox Setup 3.5.3.exe
[2010/02/08 09:02:34 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2010/02/08 09:00:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/02/08 09:00:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/02/08 09:00:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/02/08 09:00:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/02/08 09:00:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/02/08 09:00:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/02/08 09:00:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/02/08 09:00:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/02/08 09:00:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/02/08 09:00:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/02/08 09:00:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/02/08 09:00:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/02/08 09:00:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/02/08 09:00:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/02/08 09:00:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/02/08 09:00:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/02/08 09:00:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/02/08 08:58:38 | 015,452,536 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Gail\Desktop\IE7-WindowsXP-x86-enu.exe
[2010/02/08 08:42:54 | 000,000,000 | ---D | C] -- C:\CC Cleaner
[2010/02/08 08:36:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gail\Recent
[2010/02/08 08:35:55 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/02/06 05:18:56 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/02/06 05:18:56 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/02/05 17:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/05 17:21:36 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/02/05 17:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/02/05 17:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/02/05 12:12:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/05 12:12:10 | 000,181,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/02/05 11:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/02/05 11:47:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/02/05 11:34:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2010/02/05 11:33:59 | 000,000,000 | ---D | C] -- C:\SDFix
[2010/02/05 11:03:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/05 11:03:32 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/05 11:03:32 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/05 11:03:32 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/05 11:03:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/05 11:03:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/05 11:01:37 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF11127.exe
[2010/02/05 10:18:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gail\Desktop\Computer Defense
[2010/02/04 15:55:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gail\Local Settings\Application Data\Temp
[2010/02/04 15:54:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gail\Local Settings\Application Data\Deployment
[2010/02/04 15:01:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/02/04 15:01:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gail\Application Data\SUPERAntiSpyware.com
[2010/02/04 15:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/02/04 14:26:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/02/01 16:00:07 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/02/01 16:00:06 | 000,163,280 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/02/01 16:00:05 | 000,270,928 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010/02/01 16:00:04 | 000,103,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2010/02/01 15:59:53 | 000,194,640 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2010/02/01 15:59:52 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/02/01 15:59:51 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/02/01 15:59:50 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/02/01 15:59:50 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/02/01 15:59:49 | 000,028,240 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/02/01 15:59:28 | 000,152,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/02/01 15:59:28 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/02/01 15:59:28 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2010/02/01 13:40:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gail\Application Data\Malwarebytes
[2010/02/01 13:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/01 13:40:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/01 13:14:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/01 13:10:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/02/01 12:17:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\LPUEYQBQCG
[2009/09/03 16:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/09/03 16:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/11 10:23:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/11 10:15:30 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gail\Desktop\OTL.exe
[2010/02/10 16:00:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-606747145-1801674531-1003UA.job
[2010/02/10 16:00:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-606747145-1801674531-1003Core.job
[2010/02/10 15:49:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/10 15:49:39 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (SD).job
[2010/02/10 15:49:29 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/02/10 15:49:28 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/10 15:49:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/10 15:49:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/10 15:49:03 | 1610,612,736 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/02/10 14:59:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Gail\defogger_reenable
[2010/02/10 14:22:36 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Gail\Desktop\dds.scr
[2010/02/10 13:05:53 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Gail\NTUSER.DAT
[2010/02/10 13:05:51 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Gail\ntuser.ini
[2010/02/10 13:02:03 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/10 13:02:03 | 000,432,924 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/10 13:02:03 | 000,067,714 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/10 12:58:51 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/02/10 12:58:51 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/02/10 12:45:32 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Gail\Desktop\HijackThis.lnk
[2010/02/10 12:43:07 | 000,146,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/10 12:38:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/10 12:15:29 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/02/10 12:11:22 | 001,389,856 | ---- | M] () -- C:\Documents and Settings\Gail\Desktop\R114079.EXE
[2010/02/10 12:07:33 | 067,482,800 | ---- | M] (Hewlett Packard) -- C:\Documents and Settings\Gail\Desktop\OJProL7X00_Basic_8.exe
[2010/02/10 11:58:43 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2010/02/10 11:56:56 | 134,737,376 | ---- | M] () -- C:\Documents and Settings\Gail\Desktop\R206978.exe
[2010/02/10 11:56:04 | 004,064,976 | ---- | M] () -- C:\Documents and Settings\Gail\Desktop\RICOH_MULTI-DEVICE_A00_R215879.exe
[2010/02/10 11:53:47 | 100,788,832 | ---- | M] () -- C:\Documents and Settings\Gail\Desktop\R219313.exe
[2010/02/10 11:51:35 | 004,758,792 | ---- | M] () -- C:\Documents and Settings\Gail\Desktop\R154493.exe
[2010/02/10 11:50:43 | 002,428,008 | ---- | M] () -- C:\Documents and Settings\Gail\Desktop\R114200.exe
[2010/02/09 17:55:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/02/09 17:37:55 | 000,000,287 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/02/09 17:32:44 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/02/09 17:32:28 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/02/09 17:31:15 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/02/09 17:31:15 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/02/09 17:31:06 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/02/09 17:31:06 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/02/09 17:31:06 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/02/09 17:31:06 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/02/09 17:31:06 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/02/09 17:31:06 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/02/09 17:30:52 | 000,000,696 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/09 17:29:37 | 000,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/02/09 17:27:33 | 000,000,282 | -HS- | M] () -- C:\boot.ini
[2010/02/09 17:21:12 | 000,000,285 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/09 11:53:51 | 000,199,776 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/02/08 14:17:37 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/02/08 13:36:22 | 005,058,880 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Gail\Desktop\HitmanPro35.exe
[2010/02/08 09:36:09 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/08 09:26:47 | 000,000,211 | -HS- | M] () -- C:\Boot.bak
[2010/02/08 09:17:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/02/08 09:16:22 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/08 08:35:59 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Gail\Desktop\CCleaner.lnk
[2010/02/05 17:23:33 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/04 15:59:02 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/02/04 15:55:43 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Gail\Desktop\Google Chrome.lnk
[2010/02/04 14:25:15 | 000,008,235 | ---- | M] () -- C:\Documents and Settings\Gail\Desktop\bookmark.htm
[2010/02/01 16:00:07 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2010/02/01 15:59:50 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/02/01 13:14:12 | 000,002,780 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100205-165915.backup
[2010/02/01 13:14:12 | 000,002,780 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100205-165853.backup
[2010/02/01 13:14:12 | 000,002,780 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/01 13:02:02 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\License.avastlic
[2010/01/30 08:13:11 | 001,170,812 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\HIGHLAND AGGREGATE.docx
[2010/01/28 19:44:50 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/28 19:44:07 | 000,022,244 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\Price Quotation.docx
[2010/01/28 14:09:46 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/01/28 14:09:26 | 000,152,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/01/28 13:59:21 | 000,103,120 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2010/01/28 13:59:05 | 000,270,928 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010/01/28 13:58:45 | 000,194,640 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2010/01/28 13:57:55 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/01/28 13:57:34 | 000,163,280 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/01/28 13:54:42 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/01/28 13:54:16 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/01/28 13:54:12 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/01/28 13:54:05 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/01/28 13:53:50 | 000,028,240 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/01/27 14:53:54 | 000,021,348 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\Ferguson Price Quotation.docx
[2010/01/27 14:16:39 | 000,014,085 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\COCHRAN Rohl Kitchen.xlsx
[2010/01/27 12:12:17 | 000,115,093 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\Mountain Plumbing Products.docx
[2010/01/22 12:50:42 | 000,484,010 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\farnie plan.sdr
[2010/01/21 12:52:29 | 000,011,354 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\Farnsworth Remodel.docx
[2010/01/21 12:52:10 | 000,011,167 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\Doc1.dotx
[2010/01/18 18:04:35 | 000,747,825 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\casa kitchen.sdr
[2010/01/18 17:25:55 | 000,972,042 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\casa cochran kitchen floorplan.sdr
[2010/01/18 14:39:46 | 000,013,738 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\LABELS.2.docx
[2010/01/18 11:18:42 | 000,012,986 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\BUSINESS FILING LABELS.docx
[2010/01/16 08:48:17 | 000,012,333 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\grohe list.docx
[2010/01/15 16:46:52 | 000,777,155 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\CASA COCHRAN COST COMPARISON.xlsx
[2010/01/14 15:07:11 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\niche @ hallway.doc
[2010/01/14 14:39:06 | 000,217,177 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\niche @ hallway.docx
[2010/01/14 13:22:42 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\window change on so. elev..doc
[2010/01/14 12:25:08 | 000,304,128 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\casa exterior stairwell.doc
[2010/01/14 12:11:38 | 000,001,112 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\Copy of front entry change.lnk
[2010/01/14 11:12:06 | 000,181,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/01/12 12:12:28 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\Casa APPLIANCE LIST.doc
[2010/01/12 11:00:46 | 001,668,209 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\Toto, CST424SF_G, V.04.pdf
[2010/01/12 10:59:34 | 001,534,177 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\Toto, BT774B, V.03.pdf
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/10 14:59:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gail\defogger_reenable
[2010/02/10 14:58:47 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Gail\Desktop\dds.scr
[2010/02/10 12:45:32 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Gail\Desktop\HijackThis.lnk
[2010/02/10 12:11:18 | 001,389,856 | ---- | C] () -- C:\Documents and Settings\Gail\Desktop\R114079.EXE
[2010/02/10 11:58:43 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2010/02/10 11:56:47 | 134,737,376 | ---- | C] () -- C:\Documents and Settings\Gail\Desktop\R206978.exe
[2010/02/10 11:55:33 | 004,064,976 | ---- | C] () -- C:\Documents and Settings\Gail\Desktop\RICOH_MULTI-DEVICE_A00_R215879.exe
[2010/02/10 11:54:24 | 000,000,457 | ---- | C] () -- C:\WINDOWS\System32\vcredist_x86.bat
[2010/02/10 11:53:39 | 100,788,832 | ---- | C] () -- C:\Documents and Settings\Gail\Desktop\R219313.exe
[2010/02/10 11:51:19 | 004,758,792 | ---- | C] () -- C:\Documents and Settings\Gail\Desktop\R154493.exe
[2010/02/10 11:50:37 | 002,428,008 | ---- | C] () -- C:\Documents and Settings\Gail\Desktop\R114200.exe
[2010/02/09 17:36:56 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/02/09 17:35:55 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/02/09 17:35:55 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/02/09 17:35:53 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/02/09 17:35:14 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/02/09 17:35:13 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/02/09 17:35:00 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/02/09 17:34:58 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/02/09 17:34:55 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/02/09 17:34:37 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/02/09 17:34:27 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/02/09 17:34:20 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/02/09 17:33:55 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/02/09 17:33:49 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/02/09 17:33:49 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/02/09 17:33:49 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/02/09 17:33:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/02/09 17:33:48 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/02/09 17:33:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/02/09 17:33:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/02/09 17:33:47 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/02/09 17:33:47 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/02/09 17:33:47 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/02/09 17:33:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/02/09 17:33:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/02/09 17:33:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/02/09 17:33:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/02/09 17:33:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/02/09 17:33:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/02/09 17:33:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/02/09 17:33:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/02/09 17:33:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/02/09 17:33:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/02/09 17:33:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/02/09 17:33:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/02/09 17:33:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/02/09 17:33:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/02/09 17:33:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/02/09 17:33:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/02/09 17:33:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/02/09 17:33:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/02/09 17:33:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/02/09 17:33:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/02/09 17:33:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/02/09 17:33:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/02/09 17:33:44 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/02/09 17:33:44 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/02/09 17:33:44 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/02/09 17:33:44 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/02/09 17:33:44 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/02/09 17:33:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/02/09 17:33:43 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/02/09 17:33:43 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/02/09 17:33:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/02/09 17:33:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/02/09 17:33:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/02/09 17:33:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/02/09 17:33:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/02/09 17:33:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/02/09 17:33:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/02/09 17:33:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/02/09 17:33:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/02/09 17:33:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/02/09 17:33:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/02/09 17:33:41 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/02/09 17:33:41 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/02/09 17:33:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/02/09 17:33:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/02/09 17:33:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/02/09 17:33:40 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/02/09 17:33:40 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/02/09 17:33:39 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/02/09 17:33:39 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/02/09 17:31:15 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/02/09 17:31:06 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/02/09 17:31:06 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/02/09 17:31:06 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/02/09 17:31:06 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/02/09 17:31:06 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/02/09 17:20:45 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2010/02/09 09:06:37 | 1610,612,736 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2010/02/08 15:48:39 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/02/08 15:48:39 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/02/08 15:48:39 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/02/08 15:48:39 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/02/08 15:48:39 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/02/08 15:48:39 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/02/08 15:48:39 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/02/08 15:48:39 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/02/08 15:48:39 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/02/08 15:48:39 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/02/08 15:48:39 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/02/08 15:48:39 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/02/08 15:48:38 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/02/08 15:48:38 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/02/08 15:48:38 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/02/08 15:48:38 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/02/08 15:48:38 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/02/08 14:11:09 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/02/08 11:51:40 | 000,000,211 | -HS- | C] () -- C:\Boot.bak
[2010/02/08 11:51:38 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/08 09:36:09 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/08 09:17:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/02/08 09:16:22 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/08 09:01:41 | 000,199,776 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2010/02/08 09:00:43 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/02/08 08:51:14 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/02/08 08:35:59 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Gail\Desktop\CCleaner.lnk
[2010/02/05 17:23:33 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/05 17:18:42 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/05 17:18:41 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/05 11:03:32 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/05 11:03:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/05 11:03:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/05 11:03:32 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/05 11:03:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/04 15:59:02 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/02/04 15:55:43 | 000,002,277 | ---- | C] () -- C:\Documents and Settings\Gail\Desktop\Google Chrome.lnk
[2010/02/04 15:55:15 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-606747145-1801674531-1003UA.job
[2010/02/04 15:55:14 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-606747145-1801674531-1003Core.job
[2010/02/04 14:25:15 | 000,008,235 | ---- | C] () -- C:\Documents and Settings\Gail\Desktop\bookmark.htm
[2010/02/01 16:00:07 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2010/02/01 13:01:58 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\Gail\My Documents\License.avastlic
[2010/01/28 19:44:07 | 000,022,244 | ---- | C] () -- C:\Documents and Settings\Gail\My Documents\Price Quotation.docx
[2010/01/27 14:53:53 | 000,021,348 | ---- | C] () -- C:\Documents and Settings\Gail\My Documents\Ferguson Price Quotation.docx
[2010/01/27 14:16:39 | 000,014,085 | ---- | C] () -- C:\Documents and Settings\Gail\My Documents\COCHRAN Rohl Kitchen.xlsx
[2010/01/27 12:12:17 | 000,115,093 | ---- | C] () -- C:\Documents and Settings\Gail\My Documents\Mountain Plumbing Products.docx
[2010/01/21 12:52:29 | 000,011,354 | ---- | C] () -- C:\Documents and Settings\Gail\My Documents\Farnsworth Remodel.docx
[2010/01/21 12:17:27 | 000,011,167 | ---- | C] () -- C:\Documents and Settings\Gail\My Documents\Doc1.dotx
[2010/01/18 18:04:35 | 000,747,825 | ---- | C] () -- C:\Documents and Settings\Gail\My Documents\casa kitchen.sdr
[2010/01/18 15:59:05 | 000,484,010 | ---- | C] () -- C:\Documents and Settings\Gail\My Documents\farnie plan.sdr
[2010/01/18 11:18:41 | 000,012,986 | ---- | C] () -- C:\Documents and Settings\Gail\My Documents\BUSINESS FILING LABELS.docx
[2010/01/15 10:37:20 | 000,777,155 | ---- | C] () -- C:\Documents and Settings\Gail\My Documents\CASA COCHRAN COST COMPARISON.xlsx
[2010/01/14 14:40:52 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\Gail\My Documents\niche @ hallway.doc
[2010/01/14 14:39:06 | 000,217,177 | ---- | C] () -- C:\Documents and Settings\Gail\My Documents\niche @ hallway.docx
[2010/01/14 13:22:41 | 000,100,864 | ---- | C] () -- C:\Documents and Settings\Gail\My Documents\window change on so. elev..doc
[2010/01/14 12:14:46 | 000,001,112 | ---- | C] () -- C:\Documents and Settings\Gail\My Documents\Copy of front entry change.lnk
[2010/01/14 11:42:10 | 000,304,128 | ---- | C] () -- C:\Documents and Settings\Gail\My Documents\casa exterior stairwell.doc
[2010/01/12 11:00:46 | 001,668,209 | ---- | C] () -- C:\Documents and Settings\Gail\My Documents\Toto, CST424SF_G, V.04.pdf
[2010/01/12 10:59:34 | 001,534,177 | ---- | C] () -- C:\Documents and Settings\Gail\My Documents\Toto, BT774B, V.03.pdf
[2009/10/01 13:36:33 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll
[2009/09/07 16:46:31 | 000,000,156 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2009/09/07 16:45:15 | 000,000,804 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/09/07 16:44:22 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/09/07 16:40:21 | 000,002,101 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/09/03 17:33:54 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/09/03 17:33:53 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/09/29 14:39:00 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 04:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 04:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0018\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 04:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 04:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 04:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 04:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 04:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 04:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >

Attached Files


Edited by Buckeye_Sam, 11 February 2010 - 04:18 PM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:22 AM

Posted 11 February 2010 - 04:25 PM


Please do not attach log files unless specifically requested to do so. Just copy the text in the log and then paste it directly into your reply.
It makes it much easier for me to review the information if I can see it all in one place.


Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.


====================



We need to run this special tool.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • If prompted to reboot, please do so.
  • When it is done, a log file should be created on your desktop called "TDSSKiller.txt" please copy and paste the contents of that file here.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Jay Callero

Jay Callero
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 11 February 2010 - 08:35 PM

Ok, Here are the 3 logs you requested.

I am leaving for the night and will return tomorrow morning.

Thanks a lot for your assistance it is highly appreciated.

All processes killed
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Gail
->Temp folder emptied: 7376750 bytes
->Temporary Internet Files folder emptied: 1543659 bytes
->FireFox cache emptied: 14480495 bytes
->Google Chrome cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 9363419 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 93521 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 39523 bytes

Total Files Cleaned = 32.00 mb


OTL by OldTimer - Version 3.1.28.0 log created on 02112010_172144

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


---------



OTL logfile created on: 2/11/2010 5:24:03 PM - Run 2
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Gail\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 243.34 Gb Free Space | 81.64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GAIL-E4DEED3AB4
Current User Name: Gail
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/11 10:15:30 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gail\Desktop\OTL.exe
PRC - [2010/02/05 17:18:36 | 000,135,664 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2010/01/28 14:09:31 | 002,757,512 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/01/28 14:09:28 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/01/28 14:09:15 | 000,119,200 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe
PRC - [2009/04/30 14:51:36 | 002,396,160 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
PRC - [2009/04/30 14:51:36 | 000,025,088 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
PRC - [2009/04/30 14:51:22 | 002,134,016 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
PRC - [2008/09/29 14:39:48 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/09/29 14:39:46 | 001,448,576 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008/09/29 14:39:46 | 000,346,720 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2008/04/14 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/05/23 20:59:38 | 000,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe


========== Modules (SafeList) ==========

MOD - [2010/02/11 10:15:30 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gail\Desktop\OTL.exe
MOD - [2010/01/28 13:58:21 | 000,122,880 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\snxBorder.dll
MOD - [2010/01/28 13:56:49 | 000,135,168 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\snxPlugins.dll
MOD - [2008/09/29 14:38:50 | 000,094,273 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/05 17:18:36 | 000,135,664 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2010/01/28 14:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/01/28 14:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/01/28 14:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/01/28 14:09:15 | 000,119,200 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2009/09/21 15:36:02 | 000,545,568 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/05 06:39:18 | 000,182,768 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/08/28 18:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/04/30 14:51:36 | 000,025,088 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/09/29 14:39:46 | 000,346,720 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/05/23 20:59:38 | 000,409,600 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2006/05/09 15:03:32 | 000,052,736 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/05/09 15:03:30 | 000,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/01/28 13:59:21 | 000,103,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswFW.sys -- (aswFW)
DRV - [2010/01/28 13:59:05 | 000,270,928 | ---- | M] (ALWIL Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010/01/28 13:58:45 | 000,194,640 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2010/01/28 13:57:55 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/01/28 13:57:34 | 000,163,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/01/28 13:54:42 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/01/28 13:54:16 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/01/28 13:54:05 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/01/28 13:53:50 | 000,028,240 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/01/09 13:22:02 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2009/09/03 16:40:17 | 000,023,600 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TVICHW32.SYS -- (TVICHW32)
DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/04/30 14:51:28 | 001,952,512 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/11/05 22:20:24 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/10/11 14:56:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/09/30 19:13:26 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/09/26 08:30:10 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/07/29 14:41:36 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/06/09 09:41:28 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/05/27 16:03:00 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2008/05/27 16:03:00 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/27 16:03:00 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2008/04/14 04:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 04:00:00 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/14 04:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2007/07/26 18:08:18 | 000,019,072 | R--- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ax88772.sys -- (AX88772)
DRV - [2007/05/10 09:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/11/21 04:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/05/23 21:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/19 16:48:37 | 000,021,568 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2006/03/19 16:48:36 | 000,049,920 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006/03/19 16:48:36 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2005/12/01 01:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 01:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 01:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/10/04 23:57:08 | 000,012,544 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2001/08/17 13:53:32 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\serscan.sys -- (StillCam)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-343818398-606747145-1801674531-1003\S-1-5-21-343818398-606747145-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-343818398-606747145-1801674531-1003\S-1-5-21-343818398-606747145-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/08 09:16:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/08 09:16:16 | 000,000,000 | ---D | M]

[2010/02/08 09:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gail\Application Data\Mozilla\Extensions
[2010/02/08 15:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gail\Application Data\Mozilla\Firefox\Profiles\ykq65emk.default\extensions
[2010/02/08 09:16:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/02/11 17:21:45 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-343818398-606747145-1801674531-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\System32\tscupgrd.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\System32\tscupgrd.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-343818398-606747145-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-343818398-606747145-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-343818398-606747145-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-343818398-606747145-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-343818398-606747145-1801674531-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.180.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Gail\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gail\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/03 16:29:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (猀瀀爀攀猀琀爀琀) - File not found
O34 - HKLM BootExecute: (猀瀀爀攀猀琀爀琀) - File not found
O34 - HKLM BootExecute: (猀瀀爀攀猀琀爀琀) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/11 17:23:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/02/11 17:21:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/11 10:26:56 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gail\Desktop\OTL.exe
[2010/02/10 14:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gail\Desktop\Disable CD Emulation
[2010/02/10 12:56:21 | 000,217,088 | ---- | C] (NDNet ver. Hitoma) -- C:\Documents and Settings\Gail\Desktop\WurtBeta Update Fix.exe
[2010/02/10 12:47:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/10 12:45:31 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/10 12:17:35 | 000,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/02/10 12:17:35 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/02/10 12:17:34 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2010/02/10 12:17:33 | 006,067,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/02/10 12:17:33 | 000,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2010/02/10 12:17:33 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/02/10 12:17:32 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2010/02/10 12:17:32 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2010/02/10 12:17:32 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2010/02/10 12:07:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gail\Desktop\ojproL7X00
[2010/02/10 12:07:01 | 067,482,800 | ---- | C] (Hewlett Packard) -- C:\Documents and Settings\Gail\Desktop\OJProL7X00_Basic_8.exe
[2010/02/10 12:03:56 | 000,045,568 | R--- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\bcm4sbxp.sys
[2010/02/10 11:59:06 | 000,156,816 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btwdndis.sys
[2010/02/10 11:59:06 | 000,057,384 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btwhid.sys
[2010/02/10 11:59:06 | 000,037,160 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btport.sys
[2010/02/10 11:59:06 | 000,037,032 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btwmodem.sys
[2010/02/10 11:59:05 | 000,534,568 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btaudio.sys
[2010/02/10 11:54:24 | 002,682,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vcredist_x86.exe
[2010/02/10 11:54:22 | 000,151,552 | ---- | C] (Broadcom Corp.) -- C:\WINDOWS\System32\bcmwlapi.dll
[2010/02/10 11:54:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gail\Application Data\InstallShield
[2010/02/10 11:47:54 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/02/10 11:46:40 | 000,455,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/02/10 11:45:04 | 002,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/02/10 11:45:04 | 002,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/02/10 11:45:03 | 002,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/02/10 11:45:03 | 002,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/02/09 17:40:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/02/09 17:36:45 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2010/02/09 17:36:45 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2010/02/09 17:36:44 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2010/02/09 17:36:44 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2010/02/09 17:36:43 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2010/02/09 17:36:43 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2010/02/09 17:36:41 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2010/02/09 17:36:41 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2010/02/09 17:36:40 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2010/02/09 17:36:40 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2010/02/09 17:36:39 | 000,364,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2010/02/09 17:36:39 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2010/02/09 17:36:39 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2010/02/09 17:36:38 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2010/02/09 17:36:38 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2010/02/09 17:36:38 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2010/02/09 17:36:37 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2010/02/09 17:36:37 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2010/02/09 17:36:33 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2010/02/09 17:36:33 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2010/02/09 17:36:32 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2010/02/09 17:36:31 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2010/02/09 17:36:30 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2010/02/09 17:36:29 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2010/02/09 17:36:29 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2010/02/09 17:36:29 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2010/02/09 17:36:29 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2010/02/09 17:36:28 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2010/02/09 17:36:27 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2010/02/09 17:36:27 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2010/02/09 17:36:27 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2010/02/09 17:36:24 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2010/02/09 17:36:23 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2010/02/09 17:36:22 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2010/02/09 17:36:22 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2010/02/09 17:36:21 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2010/02/09 17:36:19 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2010/02/09 17:36:18 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2010/02/09 17:36:18 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2010/02/09 17:36:18 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2010/02/09 17:36:18 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2010/02/09 17:36:18 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2010/02/09 17:36:17 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2010/02/09 17:36:17 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2010/02/09 17:36:17 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2010/02/09 17:36:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2010/02/09 17:36:16 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2010/02/09 17:36:16 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2010/02/09 17:36:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpapi.dll
[2010/02/09 17:36:15 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2010/02/09 17:36:15 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2010/02/09 17:36:15 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2010/02/09 17:36:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2010/02/09 17:36:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2010/02/09 17:36:14 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2010/02/09 17:36:14 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2010/02/09 17:36:14 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2010/02/09 17:36:14 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2010/02/09 17:36:14 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2010/02/09 17:36:14 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2010/02/09 17:36:14 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2010/02/09 17:36:14 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2010/02/09 17:36:13 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2010/02/09 17:36:13 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2010/02/09 17:36:13 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2010/02/09 17:36:13 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2010/02/09 17:36:13 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2010/02/09 17:36:08 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seo.dll
[2010/02/09 17:36:08 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2010/02/09 17:36:07 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2010/02/09 17:36:05 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/02/09 17:36:05 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/02/09 17:36:05 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/02/09 17:36:05 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2010/02/09 17:36:05 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwnh.dll
[2010/02/09 17:36:03 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2010/02/09 17:36:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2010/02/09 17:36:01 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2010/02/09 17:36:01 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2010/02/09 17:35:59 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2010/02/09 17:35:58 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2010/02/09 17:35:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2010/02/09 17:35:58 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2010/02/09 17:35:56 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2010/02/09 17:35:54 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2010/02/09 17:35:54 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2010/02/09 17:35:54 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2010/02/09 17:35:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2010/02/09 17:35:53 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2010/02/09 17:35:53 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2010/02/09 17:35:53 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2010/02/09 17:35:52 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2010/02/09 17:35:52 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2010/02/09 17:35:50 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2010/02/09 17:35:50 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2010/02/09 17:35:50 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2010/02/09 17:35:50 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2010/02/09 17:35:50 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2010/02/09 17:35:45 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2010/02/09 17:35:44 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2010/02/09 17:35:43 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2010/02/09 17:35:39 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2010/02/09 17:35:39 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2010/02/09 17:35:32 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2010/02/09 17:35:32 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2010/02/09 17:35:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2010/02/09 17:35:20 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2010/02/09 17:35:20 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2010/02/09 17:35:20 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2010/02/09 17:35:20 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2010/02/09 17:35:19 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2010/02/09 17:35:18 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2010/02/09 17:35:17 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2010/02/09 17:35:17 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2010/02/09 17:35:17 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2010/02/09 17:35:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2010/02/09 17:35:16 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2010/02/09 17:35:13 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2010/02/09 17:35:12 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2010/02/09 17:35:11 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2010/02/09 17:35:11 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2010/02/09 17:35:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2010/02/09 17:35:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2010/02/09 17:35:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2010/02/09 17:35:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2010/02/09 17:35:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2010/02/09 17:35:10 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2010/02/09 17:35:10 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2010/02/09 17:35:10 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2010/02/09 17:35:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2010/02/09 17:35:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2010/02/09 17:35:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2010/02/09 17:35:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2010/02/09 17:35:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2010/02/09 17:35:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2010/02/09 17:35:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2010/02/09 17:35:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2010/02/09 17:35:08 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2010/02/09 17:35:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2010/02/09 17:35:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2010/02/09 17:35:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2010/02/09 17:35:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2010/02/09 17:35:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2010/02/09 17:35:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2010/02/09 17:35:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2010/02/09 17:35:07 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2010/02/09 17:35:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2010/02/09 17:35:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2010/02/09 17:35:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2010/02/09 17:35:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2010/02/09 17:35:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2010/02/09 17:35:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2010/02/09 17:35:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2010/02/09 17:35:06 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2010/02/09 17:35:06 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2010/02/09 17:35:05 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2010/02/09 17:35:05 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2010/02/09 17:35:05 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2010/02/09 17:35:05 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2010/02/09 17:35:03 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2010/02/09 17:35:02 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2010/02/09 17:35:02 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2010/02/09 17:35:01 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2010/02/09 17:35:00 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2010/02/09 17:35:00 | 000,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2010/02/09 17:35:00 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2010/02/09 17:34:59 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2010/02/09 17:34:59 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2010/02/09 17:34:59 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2010/02/09 17:34:59 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2010/02/09 17:34:59 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2010/02/09 17:34:58 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2010/02/09 17:34:58 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2010/02/09 17:34:58 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2010/02/09 17:34:58 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2010/02/09 17:34:58 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2010/02/09 17:34:57 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2010/02/09 17:34:57 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2010/02/09 17:34:57 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2010/02/09 17:34:56 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2010/02/09 17:34:56 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2010/02/09 17:34:56 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2010/02/09 17:34:56 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2010/02/09 17:34:56 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2010/02/09 17:34:56 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2010/02/09 17:34:56 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2010/02/09 17:34:55 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2010/02/09 17:34:55 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2010/02/09 17:34:55 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2010/02/09 17:34:55 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2010/02/09 17:34:54 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2010/02/09 17:34:54 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2010/02/09 17:34:54 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2010/02/09 17:34:54 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2010/02/09 17:34:45 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2010/02/09 17:34:30 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2010/02/09 17:34:30 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2010/02/09 17:34:30 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2010/02/09 17:34:30 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2010/02/09 17:34:29 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2010/02/09 17:34:27 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2010/02/09 17:34:27 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2010/02/09 17:34:25 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2010/02/09 17:34:25 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2010/02/09 17:34:25 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2010/02/09 17:34:24 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2010/02/09 17:34:24 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2010/02/09 17:34:24 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2010/02/09 17:34:24 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2010/02/09 17:34:24 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2010/02/09 17:34:23 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2010/02/09 17:34:23 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2010/02/09 17:34:23 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2010/02/09 17:34:23 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2010/02/09 17:34:23 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2010/02/09 17:34:23 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2010/02/09 17:34:23 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2010/02/09 17:34:23 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2010/02/09 17:34:22 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2010/02/09 17:34:22 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2010/02/09 17:34:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2010/02/09 17:34:22 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2010/02/09 17:34:22 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2010/02/09 17:34:22 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2010/02/09 17:34:21 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2010/02/09 17:34:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2010/02/09 17:34:21 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2010/02/09 17:34:21 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2010/02/09 17:34:20 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2010/02/09 17:34:18 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2010/02/09 17:34:18 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2010/02/09 17:34:17 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2010/02/09 17:34:16 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2010/02/09 17:34:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2010/02/09 17:34:16 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2010/02/09 17:34:15 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2010/02/09 17:34:15 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010/02/09 17:34:15 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010/02/09 17:34:15 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010/02/09 17:34:15 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2010/02/09 17:34:15 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2010/02/09 17:34:03 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2010/02/09 17:34:03 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2010/02/09 17:34:00 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2010/02/09 17:34:00 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2010/02/09 17:34:00 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2010/02/09 17:34:00 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2010/02/09 17:33:59 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2010/02/09 17:33:58 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2010/02/09 17:33:56 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2010/02/09 17:33:55 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2010/02/09 17:33:55 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2010/02/09 17:33:55 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2010/02/09 17:33:55 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2010/02/09 17:33:54 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2010/02/09 17:33:53 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2010/02/09 17:33:53 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2010/02/09 17:33:53 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2010/02/09 17:33:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2010/02/09 17:33:52 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2010/02/09 17:33:52 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2010/02/09 17:33:50 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2010/02/09 17:33:50 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/02/09 17:33:50 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2010/02/09 17:33:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2010/02/09 17:33:39 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2010/02/09 17:33:37 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2010/02/09 17:33:35 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2010/02/09 17:33:35 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2010/02/09 17:33:35 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2010/02/09 17:33:34 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2010/02/09 17:33:34 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2010/02/09 17:33:34 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2010/02/09 17:33:33 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2010/02/09 17:33:33 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2010/02/09 17:33:33 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2010/02/09 17:33:33 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2010/02/09 17:33:32 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2010/02/09 17:33:32 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2010/02/09 17:33:31 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2010/02/09 17:33:30 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2010/02/09 17:33:30 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2010/02/09 17:33:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2010/02/09 17:33:24 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2010/02/09 17:33:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2010/02/09 17:33:23 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2010/02/09 17:33:23 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2010/02/09 17:33:22 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsnap.dll
[2010/02/09 17:33:22 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpadm.dll
[2010/02/09 17:33:22 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2010/02/09 17:33:21 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2010/02/09 17:33:16 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2010/02/09 17:33:15 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2010/02/09 17:33:15 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2010/02/09 17:33:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2010/02/09 17:33:15 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2010/02/09 17:33:14 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2010/02/09 17:33:14 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2010/02/09 17:33:14 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2010/02/09 17:33:14 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2010/02/09 17:33:14 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2010/02/09 17:33:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2010/02/09 17:33:13 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2010/02/09 17:33:13 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2010/02/09 17:33:13 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2010/02/09 17:33:13 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2010/02/09 17:33:12 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2010/02/09 17:33:12 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2010/02/09 17:33:12 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2010/02/09 17:33:12 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2010/02/09 17:33:11 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2010/02/09 17:33:11 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2010/02/09 17:33:11 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2010/02/09 17:33:11 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2010/02/09 17:33:11 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2010/02/09 17:33:10 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2010/02/09 17:33:10 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2010/02/09 17:33:10 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2010/02/09 17:33:10 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2010/02/09 17:33:10 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2010/02/09 17:33:09 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2010/02/09 17:33:08 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2010/02/09 17:33:08 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2010/02/09 17:33:08 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2010/02/09 17:33:08 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2010/02/09 17:33:08 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2010/02/09 17:33:07 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2010/02/09 17:33:07 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2010/02/09 17:33:06 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2010/02/09 17:33:06 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2010/02/09 17:33:06 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2010/02/09 17:33:03 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2010/02/09 17:30:47 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2010/02/09 17:21:03 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010/02/09 17:21:03 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2010/02/09 17:21:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010/02/09 17:21:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2010/02/09 13:35:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/02/09 09:06:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010/02/08 14:17:37 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/02/08 14:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/02/08 14:11:02 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/02/08 14:10:57 | 005,058,880 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Gail\Desktop\HitmanPro35.exe
[2010/02/08 14:03:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/02/08 13:12:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gail\Desktop\Virus Removal Tool
[2010/02/08 11:51:37 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/08 10:12:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gail\Desktop\Instructions
[2010/02/08 09:36:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/08 09:36:05 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/08 09:16:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gail\Local Settings\Application Data\Mozilla
[2010/02/08 09:16:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gail\Application Data\Mozilla
[2010/02/08 09:16:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/02/08 09:15:24 | 008,067,224 | ---- | C] (Mozilla) -- C:\Documents and Settings\Gail\Desktop\Firefox Setup 3.5.3.exe
[2010/02/08 09:02:34 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2010/02/08 09:00:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/02/08 09:00:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/02/08 09:00:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/02/08 09:00:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/02/08 09:00:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/02/08 09:00:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/02/08 09:00:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/02/08 09:00:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/02/08 09:00:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/02/08 09:00:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/02/08 09:00:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/02/08 09:00:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/02/08 09:00:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/02/08 09:00:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/02/08 09:00:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/02/08 09:00:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/02/08 09:00:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/02/08 08:58:38 | 015,452,536 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Gail\Desktop\IE7-WindowsXP-x86-enu.exe
[2010/02/08 08:42:54 | 000,000,000 | ---D | C] -- C:\CC Cleaner
[2010/02/08 08:36:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gail\Recent
[2010/02/08 08:35:55 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/02/06 05:18:56 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/02/06 05:18:56 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/02/05 17:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/05 17:21:36 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/02/05 17:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/02/05 17:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/02/05 12:12:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/05 12:12:10 | 000,181,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/02/05 11:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/02/05 11:47:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/02/05 11:34:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2010/02/05 11:33:59 | 000,000,000 | ---D | C] -- C:\SDFix
[2010/02/05 11:03:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/05 11:03:32 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/05 11:03:32 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/05 11:03:32 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/05 11:03:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/05 11:03:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/05 11:01:37 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF11127.exe
[2010/02/05 10:18:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gail\Desktop\Computer Defense
[2010/02/04 15:55:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gail\Local Settings\Application Data\Temp
[2010/02/04 15:54:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gail\Local Settings\Application Data\Deployment
[2010/02/04 15:01:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/02/04 15:01:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gail\Application Data\SUPERAntiSpyware.com
[2010/02/04 15:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/02/04 14:26:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/02/01 16:00:07 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/02/01 16:00:06 | 000,163,280 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/02/01 16:00:05 | 000,270,928 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010/02/01 16:00:04 | 000,103,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2010/02/01 15:59:53 | 000,194,640 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2010/02/01 15:59:52 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/02/01 15:59:51 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/02/01 15:59:50 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/02/01 15:59:50 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/02/01 15:59:49 | 000,028,240 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/02/01 15:59:28 | 000,152,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/02/01 15:59:28 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/02/01 15:59:28 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2010/02/01 13:40:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gail\Application Data\Malwarebytes
[2010/02/01 13:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/01 13:40:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/01 13:14:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/01 13:10:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/02/01 12:17:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\LPUEYQBQCG
[2009/09/03 16:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/09/03 16:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/02/11 17:23:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/11 17:23:15 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (SD).job
[2010/02/11 17:23:13 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/11 17:23:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/11 17:22:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/11 17:22:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/11 17:21:54 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Gail\NTUSER.DAT
[2010/02/11 17:21:54 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Gail\ntuser.ini
[2010/02/11 17:21:45 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/02/11 17:14:44 | 000,152,714 | ---- | M] () -- C:\Documents and Settings\Gail\Desktop\tdsskiller.zip
[2010/02/11 10:15:30 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gail\Desktop\OTL.exe
[2010/02/10 16:00:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-606747145-1801674531-1003UA.job
[2010/02/10 16:00:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-606747145-1801674531-1003Core.job
[2010/02/10 15:49:03 | 1610,612,736 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/02/10 14:59:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Gail\defogger_reenable
[2010/02/10 14:22:36 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Gail\Desktop\dds.scr
[2010/02/10 13:02:03 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/10 13:02:03 | 000,432,924 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/10 13:02:03 | 000,067,714 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/10 12:58:51 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/02/10 12:58:51 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/02/10 12:45:32 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Gail\Desktop\HijackThis.lnk
[2010/02/10 12:43:07 | 000,146,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/10 12:38:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/10 12:15:29 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/02/10 12:11:22 | 001,389,856 | ---- | M] () -- C:\Documents and Settings\Gail\Desktop\R114079.EXE
[2010/02/10 12:07:33 | 067,482,800 | ---- | M] (Hewlett Packard) -- C:\Documents and Settings\Gail\Desktop\OJProL7X00_Basic_8.exe
[2010/02/10 11:58:43 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2010/02/10 11:56:56 | 134,737,376 | ---- | M] () -- C:\Documents and Settings\Gail\Desktop\R206978.exe
[2010/02/10 11:56:04 | 004,064,976 | ---- | M] () -- C:\Documents and Settings\Gail\Desktop\RICOH_MULTI-DEVICE_A00_R215879.exe
[2010/02/10 11:53:47 | 100,788,832 | ---- | M] () -- C:\Documents and Settings\Gail\Desktop\R219313.exe
[2010/02/10 11:51:35 | 004,758,792 | ---- | M] () -- C:\Documents and Settings\Gail\Desktop\R154493.exe
[2010/02/10 11:50:43 | 002,428,008 | ---- | M] () -- C:\Documents and Settings\Gail\Desktop\R114200.exe
[2010/02/09 17:55:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/02/09 17:37:55 | 000,000,287 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/02/09 17:32:44 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/02/09 17:32:28 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/02/09 17:31:15 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/02/09 17:31:15 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/02/09 17:31:06 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/02/09 17:31:06 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/02/09 17:31:06 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/02/09 17:31:06 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/02/09 17:31:06 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/02/09 17:31:06 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/02/09 17:30:52 | 000,000,696 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/09 17:29:37 | 000,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/02/09 17:27:33 | 000,000,282 | -HS- | M] () -- C:\boot.ini
[2010/02/09 17:21:12 | 000,000,285 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/09 11:53:51 | 000,199,776 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/02/08 14:17:37 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/02/08 13:36:22 | 005,058,880 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Gail\Desktop\HitmanPro35.exe
[2010/02/08 09:36:09 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/08 09:26:47 | 000,000,211 | -HS- | M] () -- C:\Boot.bak
[2010/02/08 09:17:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/02/08 09:16:22 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/08 08:35:59 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Gail\Desktop\CCleaner.lnk
[2010/02/05 17:23:33 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/04 15:59:02 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/02/04 15:55:43 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Gail\Desktop\Google Chrome.lnk
[2010/02/04 14:25:15 | 000,008,235 | ---- | M] () -- C:\Documents and Settings\Gail\Desktop\bookmark.htm
[2010/02/01 16:00:07 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2010/02/01 15:59:50 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/02/01 13:14:12 | 000,002,780 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100205-165915.backup
[2010/02/01 13:14:12 | 000,002,780 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100205-165853.backup
[2010/02/01 13:02:02 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\License.avastlic
[2010/01/30 08:13:11 | 001,170,812 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\HIGHLAND AGGREGATE.docx
[2010/01/28 19:44:50 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/28 19:44:07 | 000,022,244 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\Price Quotation.docx
[2010/01/28 14:09:46 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/01/28 14:09:26 | 000,152,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/01/28 13:59:21 | 000,103,120 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2010/01/28 13:59:05 | 000,270,928 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010/01/28 13:58:45 | 000,194,640 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2010/01/28 13:57:55 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/01/28 13:57:34 | 000,163,280 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/01/28 13:54:42 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/01/28 13:54:16 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/01/28 13:54:12 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/01/28 13:54:05 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/01/28 13:53:50 | 000,028,240 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/01/27 14:53:54 | 000,021,348 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\Ferguson Price Quotation.docx
[2010/01/27 14:16:39 | 000,014,085 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\COCHRAN Rohl Kitchen.xlsx
[2010/01/27 12:12:17 | 000,115,093 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\Mountain Plumbing Products.docx
[2010/01/22 12:50:42 | 000,484,010 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\farnie plan.sdr
[2010/01/21 12:52:29 | 000,011,354 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\Farnsworth Remodel.docx
[2010/01/21 12:52:10 | 000,011,167 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\Doc1.dotx
[2010/01/18 18:04:35 | 000,747,825 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\casa kitchen.sdr
[2010/01/18 17:25:55 | 000,972,042 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\casa cochran kitchen floorplan.sdr
[2010/01/18 14:39:46 | 000,013,738 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\LABELS.2.docx
[2010/01/18 11:18:42 | 000,012,986 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\BUSINESS FILING LABELS.docx
[2010/01/16 08:48:17 | 000,012,333 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\grohe list.docx
[2010/01/15 16:46:52 | 000,777,155 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\CASA COCHRAN COST COMPARISON.xlsx
[2010/01/14 15:07:11 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\niche @ hallway.doc
[2010/01/14 14:39:06 | 000,217,177 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\niche @ hallway.docx
[2010/01/14 13:22:42 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\window change on so. elev..doc
[2010/01/14 12:25:08 | 000,304,128 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\casa exterior stairwell.doc
[2010/01/14 12:11:38 | 000,001,112 | ---- | M] () -- C:\Documents and Settings\Gail\My Documents\Copy of front entry change.lnk
[2010/01/14 11:12:06 | 000,181,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

========== Files Created - No Company Name ==========

[2010/02/11 17:19:51 | 000,152,714 | ---- | C] () -- C:\Documents and Settings\Gail\Desktop\tdsskiller.zip
[2010/02/10 14:59:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gail\defogger_reenable
[2010/02/10 14:58:47 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Gail\Desktop\dds.scr
[2010/02/10 12:45:32 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Gail\Desktop\HijackThis.lnk
[2010/02/10 12:11:18 | 001,389,856 | ---- | C] () -- C:\Documents and Settings\Gail\Desktop\R114079.EXE
[2010/02/10 11:58:43 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2010/02/10 11:56:47 | 134,737,376 | ---- | C] () -- C:\Documents and Settings\Gail\Desktop\R206978.exe
[2010/02/10 11:55:33 | 004,064,976 | ---- | C] () -- C:\Documents and Settings\Gail\Desktop\RICOH_MULTI-DEVICE_A00_R215879.exe
[2010/02/10 11:54:24 | 000,000,457 | ---- | C] () -- C:\WINDOWS\System32\vcredist_x86.bat
[2010/02/10 11:53:39 | 100,788,832 | ---- | C] () -- C:\Documents and Settings\Gail\Desktop\R219313.exe
[2010/02/10 11:51:19 | 004,758,792 | ---- | C] () -- C:\Documents and Settings\Gail\Desktop\R154493.exe
[2010/02/10 11:50:37 | 002,428,008 | ---- | C] () -- C:\Documents and Settings\Gail\Desktop\R114200.exe
[2010/02/09 17:36:56 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/02/09 17:35:55 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/02/09 17:35:55 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/02/09 17:35:53 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/02/09 17:35:14 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/02/09 17:35:13 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/02/09 17:35:00 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/02/09 17:34:58 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/02/09 17:34:55 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/02/09 17:34:37 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/02/09 17:34:27 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/02/09 17:34:20 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/02/09 17:33:55 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/02/09 17:33:49 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/02/09 17:33:49 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/02/09 17:33:49 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/02/09 17:33:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/02/09 17:33:48 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/02/09 17:33:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/02/09 17:33:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/02/09 17:33:47 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/02/09 17:33:47 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/02/09 17:33:47 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/02/09 17:33:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/02/09 17:33:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/02/09 17:33:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/02/09 17:33:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/02/09 17:33:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/02/09 17:33:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/02/09 17:33:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/02/09 17:33:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/02/09 17:33:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/02/09 17:33:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/02/09 17:33:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/02/09 17:33:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/02/09 17:33:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/02/09 17:33:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/02/09 17:33:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/02/09 17:33:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/02/09 17:33:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/02/09 17:33:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/02/09 17:33:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/02/09 17:33:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/02/09 17:33:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/02/09 17:33:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/02/09 17:33:44 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/02/09 17:33:44 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/02/09 17:33:44 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/02/09 17:33:44 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/02/09 17:33:44 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/02/09 17:33:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/02/09 17:33:43 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/02/09 17:33:43 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/02/09 17:33:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/02/09 17:33:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/02/09 17:33:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/02/09 17:33:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/02/09 17:33:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/02/09 17:33:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/02/09 17:33:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/02/09 17:33:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/02/09 17:33:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/02/09 17:33:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/02/09 17:33:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/02/09 17:33:41 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/02/09 17:33:41 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/02/09 17:33:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/02/09 17:33:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/02/09 17:33:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/02/09 17:33:40 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/02/09 17:33:40 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/02/09 17:33:39 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/02/09 17:33:39 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/02/09 17:31:15 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/02/09 17:31:06 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/02/09 17:31:06 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/02/09 17:31:06 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/02/09 17:31:06 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/02/09 17:31:06 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/02/09 17:20:45 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2010/02/09 09:06:37 | 1610,612,736 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2010/02/08 15:48:39 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/02/08 15:48:39 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/02/08 15:48:39 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/02/08 15:48:39 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/02/08 15:48:39 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/02/08 15:48:39 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/02/08 15:48:39 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/02/08 15:48:39 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/02/08 15:48:39 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/02/08 15:48:39 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/02/08 15:48:39 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/02/08 15:48:39 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/02/08 15:48:38 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/02/08 15:48:38 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/02/08 15:48:38 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/02/08 15:48:38 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/02/08 15:48:38 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/02/08 14:11:09 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/02/08 11:51:40 | 000,000,211 | -HS- | C] () -- C:\Boot.bak
[2010/02/08 11:51:38 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/08 09:36:09 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/08 09:17:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/02/08 09:16:22 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/08 09:01:41 | 000,199,776 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2010/02/08 08:51:14 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/02/08 08:35:59 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Gail\Desktop\CCleaner.lnk
[2010/02/05 17:23:33 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/05 17:18:42 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/05 17:18:41 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/05 11:03:32 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/05 11:03:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/05 11:03:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/05 11:03:32 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/05 11:03:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/04 15:59:02 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/02/04 15:55:43 | 000,002,277 | ---- | C] () -- C:\Documents and Settings\Gail\Desktop\Google Chrome.lnk
[2010/02/04 15:55:15 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-606747145-1801674531-1003UA.job
[2010/02/04 15:55:14 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-606747145-1801674531-1003Core.job
[2010/02/04 14:25:15 | 000,008,235 | ---- | C] () -- C:\Documents and Settings\Gail\Desktop\bookmark.htm
[2010/02/01 16:00:07 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2010/02/01 13:01:58 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\Gail\My Documents\License.avastlic
[2010/01/28 19:44:07 | 000,022,244 | ---- | C] () -- C:\Documents and Settings\Gail\My Documents\Price Quotation.docx
[2010/01/27 14:53:53 | 000,021,348 | ---- | C] () -- C:\Documents and Settings\Gail\My Documents\Ferguson Price Quotation.docx
[2010/01/27 14:16:39 | 000,014,085 | ---- | C] () -- C:\Documents and Settings\Gail\My Documents\COCHRAN Rohl Kitchen.xlsx
[2010/01/27 12:12:17 | 000,115,093 | ---- | C] () -- C:\Documents and Settings\Gail\My Documents\Mountain Plumbing Products.docx
[2010/01/21 12:52:29 | 000,011,354 | ---- | C] () -- C:\Documents and Settings\Gail\My Documents\Farnsworth Remodel.docx
[2010/01/21 12:17:27 | 000,011,167 | ---- | C] () -- C:\Documents and Settings\Gail\My Documents\Doc1.dotx
[2010/01/18 18:04:35 | 000,747,825 | ---- | C] () -- C:\Documents and Settings\Gail\My Documents\casa kitchen.sdr
[2010/01/18 15:59:05 | 000,484,010 | ---- | C] () -- C:\Documents and Settings\Gail\My Documents\farnie plan.sdr
[2010/01/18 11:18:41 | 000,012,986 | ---- | C] () -- C:\Documents and Settings\Gail\My Documents\BUSINESS FILING LABELS.docx
[2010/01/15 10:37:20 | 000,777,155 | ---- | C] () -- C:\Documents and Settings\Gail\My Documents\CASA COCHRAN COST COMPARISON.xlsx
[2010/01/14 14:40:52 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\Gail\My Documents\niche @ hallway.doc
[2010/01/14 14:39:06 | 000,217,177 | ---- | C] () -- C:\Documents and Settings\Gail\My Documents\niche @ hallway.docx
[2010/01/14 13:22:41 | 000,100,864 | ---- | C] () -- C:\Documents and Settings\Gail\My Documents\window change on so. elev..doc
[2010/01/14 12:14:46 | 000,001,112 | ---- | C] () -- C:\Documents and Settings\Gail\My Documents\Copy of front entry change.lnk
[2010/01/14 11:42:10 | 000,304,128 | ---- | C] () -- C:\Documents and Settings\Gail\My Documents\casa exterior stairwell.doc
[2009/10/01 13:36:33 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll
[2009/09/07 16:46:31 | 000,000,156 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2009/09/07 16:45:15 | 000,000,804 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/09/07 16:44:22 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/09/07 16:40:21 | 000,002,101 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/09/03 17:33:54 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/09/03 17:33:53 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/09/29 14:39:00 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
< End of report >



------------


17:30:13:156 3440 TDSS rootkit removing tool 2.2.3 Feb 4 2010 14:34:00
17:30:13:156 3440 ================================================================================
17:30:13:156 3440 SystemInfo:

17:30:13:156 3440 OS Version: 5.1.2600 ServicePack: 3.0
17:30:13:156 3440 Product type: Workstation
17:30:13:156 3440 ComputerName: GAIL-E4DEED3AB4
17:30:13:156 3440 UserName: Gail
17:30:13:156 3440 Windows directory: C:\WINDOWS
17:30:13:156 3440 Processor architecture: Intel x86
17:30:13:156 3440 Number of processors: 2
17:30:13:156 3440 Page size: 0x1000
17:30:13:156 3440 Boot type: Normal boot
17:30:13:156 3440 ================================================================================
17:30:13:187 3440 UnloadDriverW: NtUnloadDriver error 2
17:30:13:187 3440 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
17:30:13:187 3440 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
17:30:13:187 3440 UtilityInit: KLMD drop and load success
17:30:13:187 3440 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010)
17:30:13:187 3440 UtilityInit: KLMD open success
17:30:13:187 3440 UtilityInit: Initialize success
17:30:13:187 3440
17:30:13:187 3440 Scanning Services ...
17:30:13:187 3440 CreateRegParser: Registry parser init started
17:30:13:187 3440 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127
17:30:13:187 3440 CreateRegParser: DisableWow64Redirection error
17:30:13:203 3440 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
17:30:13:203 3440 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043
17:30:13:203 3440 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
17:30:13:203 3440 wfopen_ex: Trying to KLMD file open
17:30:13:203 3440 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system
17:30:13:203 3440 wfopen_ex: File opened ok (Flags 2)
17:30:13:203 3440 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 3848C8
17:30:13:203 3440 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
17:30:13:203 3440 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043
17:30:13:203 3440 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
17:30:13:203 3440 wfopen_ex: Trying to KLMD file open
17:30:13:203 3440 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software
17:30:13:203 3440 wfopen_ex: File opened ok (Flags 2)
17:30:13:203 3440 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 384970
17:30:13:203 3440 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127
17:30:13:203 3440 CreateRegParser: EnableWow64Redirection error
17:30:13:203 3440 CreateRegParser: RegParser init completed
17:30:13:609 3440 GetAdvancedServicesInfo: Raw services enum returned 346 services
17:30:13:625 3440 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
17:30:13:625 3440 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
17:30:13:625 3440
17:30:13:625 3440 Scanning Kernel memory ...
17:30:13:625 3440 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
17:30:13:625 3440 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8A3DE8C8
17:30:13:625 3440 DetectCureTDL3: KLMD_GetDeviceObjectList returned 2 DevObjects
17:30:13:625 3440
17:30:13:625 3440 DetectCureTDL3: DEVICE_OBJECT: 8A3AA9F0
17:30:13:625 3440 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A3AA9F0
17:30:13:625 3440 KLMD_ReadMem: Trying to ReadMemory 0x8A3AA9F0[0x38]
17:30:13:625 3440 DetectCureTDL3: DRIVER_OBJECT: 8A3DE8C8
17:30:13:625 3440 KLMD_ReadMem: Trying to ReadMemory 0x8A3DE8C8[0xA8]
17:30:13:625 3440 KLMD_ReadMem: Trying to ReadMemory 0xE100C9D8[0x18]
17:30:13:625 3440 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
17:30:13:625 3440 DetectCureTDL3: IrpHandler (0) addr: BA90EBB0
17:30:13:625 3440 DetectCureTDL3: IrpHandler (1) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (2) addr: BA90EBB0
17:30:13:625 3440 DetectCureTDL3: IrpHandler (3) addr: BA908D1F
17:30:13:625 3440 DetectCureTDL3: IrpHandler (4) addr: BA908D1F
17:30:13:625 3440 DetectCureTDL3: IrpHandler (5) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (6) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (7) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (8) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (9) addr: BA9092E2
17:30:13:625 3440 DetectCureTDL3: IrpHandler (10) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (11) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (12) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (13) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (14) addr: BA9093BB
17:30:13:625 3440 DetectCureTDL3: IrpHandler (15) addr: BA90CF28
17:30:13:625 3440 DetectCureTDL3: IrpHandler (16) addr: BA9092E2
17:30:13:625 3440 DetectCureTDL3: IrpHandler (17) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (18) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (19) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (20) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (21) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (22) addr: BA90AC82
17:30:13:625 3440 DetectCureTDL3: IrpHandler (23) addr: BA90F99E
17:30:13:625 3440 DetectCureTDL3: IrpHandler (24) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (25) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (26) addr: 804F4562
17:30:13:625 3440 TDL3_FileDetect: Processing driver: Disk
17:30:13:625 3440 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
17:30:13:625 3440 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
17:30:13:625 3440 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
17:30:13:625 3440
17:30:13:625 3440 DetectCureTDL3: DEVICE_OBJECT: 8A3ACAB8
17:30:13:625 3440 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A3ACAB8
17:30:13:625 3440 DetectCureTDL3: DEVICE_OBJECT: 8A3ABD98
17:30:13:625 3440 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A3ABD98
17:30:13:625 3440 KLMD_ReadMem: Trying to ReadMemory 0x8A3ABD98[0x38]
17:30:13:625 3440 DetectCureTDL3: DRIVER_OBJECT: 8A3AEB60
17:30:13:625 3440 KLMD_ReadMem: Trying to ReadMemory 0x8A3AEB60[0xA8]
17:30:13:625 3440 KLMD_ReadMem: Trying to ReadMemory 0xE10173C8[0x1A]
17:30:13:625 3440 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
17:30:13:625 3440 DetectCureTDL3: IrpHandler (0) addr: BA7156F2
17:30:13:625 3440 DetectCureTDL3: IrpHandler (1) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (2) addr: BA7156F2
17:30:13:625 3440 DetectCureTDL3: IrpHandler (3) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (4) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (5) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (6) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (7) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (8) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (9) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (10) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (11) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (12) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (13) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (14) addr: BA715712
17:30:13:625 3440 DetectCureTDL3: IrpHandler (15) addr: BA711852
17:30:13:625 3440 DetectCureTDL3: IrpHandler (16) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (17) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (18) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (19) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (20) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (21) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (22) addr: BA71573C
17:30:13:625 3440 DetectCureTDL3: IrpHandler (23) addr: BA71C336
17:30:13:625 3440 DetectCureTDL3: IrpHandler (24) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (25) addr: 804F4562
17:30:13:625 3440 DetectCureTDL3: IrpHandler (26) addr: 804F4562
17:30:13:625 3440 KLMD_ReadMem: Trying to ReadMemory 0xBA712864[0x400]
17:30:13:625 3440 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
17:30:13:625 3440 TDL3_FileDetect: Processing driver: atapi
17:30:13:625 3440 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
17:30:13:625 3440 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys
17:30:13:656 3440 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean
17:30:13:656 3440
17:30:13:656 3440 Completed
17:30:13:656 3440
17:30:13:656 3440 Results:
17:30:13:656 3440 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
17:30:13:656 3440 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
17:30:13:656 3440 File objects infected / cured / cured on reboot: 0 / 0 / 0
17:30:13:656 3440
17:30:14:343 3440 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
17:30:14:343 3440 UtilityDeinit: KLMD(ARK) unloaded successfully


#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:22 AM

Posted 12 February 2010 - 07:39 AM

How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Jay Callero

Jay Callero
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 12 February 2010 - 02:00 PM

The problem has been resolved. Thank you so much for your assistance Sam you made the day good again.

Go ahead and close this thread.

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:22 AM

Posted 12 February 2010 - 04:42 PM

Sounds good. I'll close the thread.
Here are some final steps and recommendations for you.


Follow these steps to remove OTL and some of the other tools we've used.
  • Double-click OTL.exe to run it.
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



================




Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  1. Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  2. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  3. Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  4. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  5. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  6. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  7. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  8. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

thumbup.gif smile.gif





Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users