Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer lagging / High CPUs Defered Procedure Calls


  • This topic is locked This topic is locked
20 replies to this topic

#1 gtbfl

gtbfl

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 15 February 2010 - 11:44 PM

Symptoms: High CPUs 10%-20% with nothing running as seen in performance tab of Task Manager but normal in Processes Tab. Computer Lagging.

Analysis in the order i tried:
Ran Malwarebytes and Spybot search and Destroy - nothing found
Cleaned up misc errors with Hijack This
Found two locked mystery files AMPing.exe and AMPingLo.evt which I removed using Malwarebytes File Assasin ( exe file was in Docs and Settings /Local/temp but I don't remember the location of the .evt file - sorry but this was pretty early in the attemt to find a solution
Process Explorer shows CPU being used up by Deferred Procedure Calls.
Through trial and error found that disabling Network adapter would immediately return CPUs to normal ( no need to reboot)
Booted in safe mode - problem not evident
Bit the bullet and did an OS repair from original install disk (good grief!) but after reinstalling all the patches problem still exists
Hijack log looks normal
Booting in Safe Mode with Network connection everything is OK with adapter enabled which is why I don't think this is a corrupt file or hardware problem
Took a snapshot of the services running in safe mode then rebooted normally and disabled all services that were not running in safe mode - same result
After working on this for 3 days straight - Opened a bottle of Crown Royal to drown my sorrows and type out this plea for help
Below is my DDS.txt file. Tried to run GMER but got Blue Screen of Death saying File PXTDAPOB.SYS attempted to access memory beyond end of allocation.

Anything you can suggest greatly appreciated .

********************************************************************************
DDS (Ver_09-12-01.01) - NTFSx86
Run by Gord at 20:51:34.39 on Mon 02/15/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.658 [GMT -5:00]

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gord\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
uRun: [TClockEx] c:\documents and settings\gord\desktop\tclockex\TCLOCKEX.EXE
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
DPF: {0E5F73A1-4F7B-4C1F-B61D-CB6A4284CDD3} - hxxps://www.tradestation.com/chatclient/livechat/ClientPlugIn/tschat.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://moneycentral.msn.com/cabs/pmupd806.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259420672921
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146196819953
DPF: {7CEEAB76-D59E-11D3-8394-00C04F7BDF10} - hxxps://www.tradestation.com/tscom/ClientPlugIn/tsTemp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} - hxxp://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/mail/ymmapi.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} - hxxp://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
LSA: Notification Packages = :\windows\system32\srrstr.dll cli scecli scecli
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gord\applic~1\mozilla\firefox\profiles\vaodwwym.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Amazon.com
FF - prefs.js: browser.startup.homepage - hxxp://finviz.com/|http://news.google.com/news|http://mail.yahoo.com
FF - component: c:\documents and settings\gord\application data\mozilla\firefox\profiles\vaodwwym.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\gord\application data\mozilla\firefox\profiles\vaodwwym.default\extensions\lazarus@interclue.com\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npaxctrl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npfemz.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R3 ADM8511;%ADM8511.Service.DispName%;c:\windows\system32\drivers\adm8511.sys [2008-2-6 20160]
S2 OlCamudp;OLYMPUS Digital Camera;c:\windows\system32\drivers\olcamudp.sys [2006-4-30 10379]
S3 cpuz132;cpuz132;\??\c:\docume~1\gord\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\gord\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-3-14 29744]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

=============== Created Last 30 ================

2010-02-15 20:38:26 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-02-15 20:37:08 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-15 20:36:20 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-02-15 20:36:20 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-02-15 20:36:00 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-02-15 20:30:43 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-02-15 20:29:24 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-02-15 20:28:55 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2010-02-15 20:26:30 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-02-15 20:26:30 1206508 -c----w- c:\windows\system32\dllcache\sysmain.sdb
2010-02-15 20:25:37 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2010-02-15 20:24:44 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-02-15 20:24:33 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-02-15 20:24:23 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-02-15 20:23:32 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-02-15 20:22:26 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-15 20:22:19 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-02-15 18:44:03 0 d-----w- c:\windows\ie8updates
2010-02-15 18:38:56 0 dc-h--w- c:\windows\ie8
2010-02-15 18:35:18 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-15 18:35:12 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-15 18:35:11 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-15 18:35:11 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-15 18:35:11 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-02-15 18:35:10 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-15 18:35:10 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-02-15 17:47:00 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-02-15 17:47:00 79872 ------w- c:\windows\system32\msxml6r.dll
2010-02-15 17:47:00 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-02-15 17:47:00 1372672 ----a-w- c:\windows\system32\msxml6.dll
2010-02-15 17:46:40 9728 ------w- c:\windows\system32\rwnh.dll
2010-02-15 17:46:40 10752 ------w- c:\windows\system32\smtpapi.dll
2010-02-15 05:17:09 0 d-----w- c:\program files\MSECACHE
2010-02-15 02:06:47 0 d-----w- c:\windows\system32\wbem\Repository
2010-02-15 02:06:05 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-14 23:14:15 69632 -c--a-w- c:\windows\system32\dllcache\ehresko.dll
2010-02-14 23:14:14 73728 -c--a-w- c:\windows\system32\dllcache\ehresja.dll
2010-02-14 23:14:13 69632 -c--a-w- c:\windows\system32\dllcache\ehresfr.dll
2010-02-14 23:14:13 69632 -c--a-w- c:\windows\system32\dllcache\ehresde.dll
2010-02-14 23:14:00 61440 -c--a-w- c:\windows\system32\dllcache\ehreschs.dll
2010-02-14 23:12:45 76288 -c--a-w- c:\windows\system32\dllcache\uniime.dll
2010-02-14 23:11:53 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2010-02-14 23:10:41 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2010-02-14 23:10:21 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2010-02-14 23:10:21 1875968 -c--a-w- c:\windows\system32\dllcache\msir3jp.lex
2010-02-14 23:08:57 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll
2010-02-14 23:07:56 480256 -c--a-w- c:\windows\system32\dllcache\cintsetp.exe
2010-02-14 23:06:54 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2010-02-14 23:01:46 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-02-14 23:01:30 749 ---ha-r- c:\windows\WindowsShell.Manifest
2010-02-14 23:01:30 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2010-02-14 23:01:30 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2010-02-14 23:01:30 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2010-02-14 23:01:30 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2010-02-14 23:00:38 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-02-14 22:54:19 0 d-----w- c:\program files\Messenger
2010-02-14 16:51:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Driver Whiz
2010-02-14 16:50:04 0 d-----w- c:\program files\Microsoft
2010-02-14 16:49:54 0 d-----w- c:\program files\MSN Toolbar
2010-02-14 05:31:14 0 d-----w- c:\docume~1\alluse~1\applic~1\PCPitstop
2010-02-14 04:45:15 146048 ----a-w- c:\windows\system32\portcls.sys
2010-02-14 04:25:11 23392 ----a-w- c:\windows\system32\nscompat.tlb
2010-02-14 04:25:11 16832 ----a-w- c:\windows\system32\amcompat.tlb
2010-02-13 02:25:46 30601 ----a-w- c:\documents and settings\gord\x.exe
2010-02-09 02:07:05 4194480 ----a-w- c:\windows\pfirewall.log.old
2010-01-18 20:49:27 19856 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-18 16:38:30 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}

==================== Find3M ====================

2010-02-14 22:56:25 34048 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-13 02:25:00 54016 ----a-w- c:\windows\system32\drivers\jsodht.sys
2010-01-13 01:25:41 54016 ----a-w- c:\windows\system32\drivers\uukjurad.sys
2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 18520 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-01-28 01:46:20 152 --sha-r- c:\windows\system32\B18E5F931DGTB.sys
2009-01-28 01:46:22 7050 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 20:53:28.21 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:03 PM

Posted 19 February 2010 - 05:11 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 gtbfl

gtbfl
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 19 February 2010 - 10:13 PM

Yes I am still having the problem as origianally described. I have been trying to reseach this from a hardware/driver angle but while I have seen similar situations none of the fixes seemed to apply to me. Disabling the network adapter causes the problem to go away(but of course so does my internet connection). If i boot in SAFE MODE with NETWORKING ( adapter enabled) there is also no problem which is why I suspect malware. GMER causes BSOD as described originaly. In safe mode no BSOD but computer rebbots on its own and comes up with a text box saying the system has recovered from a serious error. below is my DDS file.

Thanks for helping

*******************************************************************************************************************

DDS (Ver_09-12-01.01) - NTFSx86
Run by Gord at 21:32:08.03 on Fri 02/19/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.622 [GMT -5:00]

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gord\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
uRun: [TClockEx] c:\documents and settings\gord\desktop\tclockex\TCLOCKEX.EXE
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
DPF: {0E5F73A1-4F7B-4C1F-B61D-CB6A4284CDD3} - hxxps://www.tradestation.com/chatclient/livechat/ClientPlugIn/tschat.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://moneycentral.msn.com/cabs/pmupd806.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259420672921
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146196819953
DPF: {7CEEAB76-D59E-11D3-8394-00C04F7BDF10} - hxxps://www.tradestation.com/tscom/ClientPlugIn/tsTemp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} - hxxp://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/mail/ymmapi.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} - hxxp://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
LSA: Notification Packages = :\windows\system32\srrstr.dll cli scecli scecli
IFEO: taskmgr.exe - "c:\documents and settings\gord\desktop\processexplorer\PROCEXP.EXE"
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gord\applic~1\mozilla\firefox\profiles\vaodwwym.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - hxxp://finviz.com/|http://news.google.com/news|http://mail.yahoo.com
FF - component: c:\documents and settings\gord\application data\mozilla\firefox\profiles\vaodwwym.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\gord\application data\mozilla\firefox\profiles\vaodwwym.default\extensions\lazarus@interclue.com\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npaxctrl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npfemz.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 ADM8511;%ADM8511.Service.DispName%;c:\windows\system32\drivers\adm8511.sys [2008-2-6 20160]
S2 OlCamudp;OLYMPUS Digital Camera;c:\windows\system32\drivers\olcamudp.sys [2006-4-30 10379]
S3 cpuz132;cpuz132;\??\c:\docume~1\gord\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\gord\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-3-14 29744]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]

=============== Created Last 30 ================

2010-02-16 19:20:45 44544 ----a-w- c:\windows\system32\hticons.dll
2010-02-15 20:38:26 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-02-15 20:37:08 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-15 20:36:20 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-02-15 20:36:20 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-02-15 20:36:00 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-02-15 20:30:43 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-02-15 20:29:24 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-02-15 20:28:55 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2010-02-15 20:26:30 1206508 -c----w- c:\windows\system32\dllcache\sysmain.sdb
2010-02-15 20:25:37 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2010-02-15 20:24:44 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-02-15 20:24:33 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-02-15 20:24:23 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-02-15 20:23:32 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-02-15 20:22:26 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-15 20:22:19 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-02-15 18:44:03 0 d-----w- c:\windows\ie8updates
2010-02-15 18:38:56 0 dc-h--w- c:\windows\ie8
2010-02-15 18:35:18 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-15 18:35:12 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-15 18:35:11 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-15 18:35:11 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-15 18:35:11 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-02-15 18:35:10 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-15 18:35:10 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-02-15 17:47:02 123392 -c--a-w- c:\windows\system32\dllcache\mplay32.exe
2010-02-15 17:47:02 123392 ----a-w- c:\windows\system32\mplay32.exe
2010-02-15 17:47:00 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-02-15 17:47:00 79872 ------w- c:\windows\system32\msxml6r.dll
2010-02-15 17:47:00 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-02-15 17:47:00 1372672 ----a-w- c:\windows\system32\msxml6.dll
2010-02-15 17:45:02 184320 -c--a-w- c:\windows\system32\dllcache\accwiz.exe
2010-02-15 17:45:02 184320 ----a-w- c:\windows\system32\accwiz.exe
2010-02-15 17:44:52 102912 -c--a-w- c:\windows\system32\dllcache\clipbrd.exe
2010-02-15 17:44:52 102912 ----a-w- c:\windows\system32\clipbrd.exe
2010-02-15 17:43:37 538624 -c--a-w- c:\windows\system32\dllcache\spider.exe
2010-02-15 17:43:37 538624 ----a-w- c:\windows\system32\spider.exe
2010-02-15 17:43:36 281088 -c--a-w- c:\windows\system32\dllcache\pinball.exe
2010-02-15 17:43:30 259072 -c--a-w- c:\windows\system32\dllcache\snmpcl.dll
2010-02-15 17:43:30 259072 ----a-w- c:\windows\system32\wbem\snmpcl.dll
2010-02-15 17:42:40 343040 -c--a-w- c:\windows\system32\dllcache\mspaint.exe
2010-02-15 17:42:40 343040 ----a-w- c:\windows\system32\mspaint.exe
2010-02-15 17:42:33 347136 ----a-w- c:\windows\system32\hypertrm.dll
2010-02-15 17:42:20 131584 -c--a-w- c:\windows\system32\dllcache\sndrec32.exe
2010-02-15 17:42:20 131584 ----a-w- c:\windows\system32\sndrec32.exe
2010-02-15 17:42:17 215552 -c--a-w- c:\windows\system32\dllcache\wordpad.exe
2010-02-15 17:42:16 68608 -c--a-w- c:\windows\system32\dllcache\access.cpl
2010-02-15 17:42:16 68608 ----a-w- c:\windows\system32\access.cpl
2010-02-15 17:41:59 539136 -c--a-w- c:\windows\system32\dllcache\dialer.exe
2010-02-15 17:41:20 39936 -c--a-w- c:\windows\system32\dllcache\snmpthrd.dll
2010-02-15 17:41:20 39936 ----a-w- c:\windows\system32\wbem\snmpthrd.dll
2010-02-15 05:17:09 0 d-----w- c:\program files\MSECACHE
2010-02-15 02:06:47 0 d-----w- c:\windows\system32\wbem\Repository
2010-02-15 02:06:05 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-14 23:14:15 69632 -c--a-w- c:\windows\system32\dllcache\ehresko.dll
2010-02-14 23:14:14 73728 -c--a-w- c:\windows\system32\dllcache\ehresja.dll
2010-02-14 23:14:13 69632 -c--a-w- c:\windows\system32\dllcache\ehresfr.dll
2010-02-14 23:14:13 69632 -c--a-w- c:\windows\system32\dllcache\ehresde.dll
2010-02-14 23:14:00 61440 -c--a-w- c:\windows\system32\dllcache\ehreschs.dll
2010-02-14 23:12:45 76288 -c--a-w- c:\windows\system32\dllcache\uniime.dll
2010-02-14 23:11:53 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2010-02-14 23:10:41 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2010-02-14 23:10:21 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2010-02-14 23:10:21 1875968 -c--a-w- c:\windows\system32\dllcache\msir3jp.lex
2010-02-14 23:08:57 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll
2010-02-14 23:07:56 480256 -c--a-w- c:\windows\system32\dllcache\cintsetp.exe
2010-02-14 23:06:54 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2010-02-14 23:01:46 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-02-14 23:01:30 749 ---ha-r- c:\windows\WindowsShell.Manifest
2010-02-14 23:01:30 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2010-02-14 23:01:30 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2010-02-14 23:01:30 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2010-02-14 23:01:30 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2010-02-14 23:00:38 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-02-14 22:54:19 0 d-----w- c:\program files\Messenger
2010-02-14 16:51:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Driver Whiz
2010-02-14 16:50:04 0 d-----w- c:\program files\Microsoft
2010-02-14 16:49:54 0 d-----w- c:\program files\MSN Toolbar
2010-02-14 05:31:14 0 d-----w- c:\docume~1\alluse~1\applic~1\PCPitstop
2010-02-14 04:45:15 146048 ----a-w- c:\windows\system32\portcls.sys
2010-02-14 04:25:11 23392 ----a-w- c:\windows\system32\nscompat.tlb
2010-02-14 04:25:11 16832 ----a-w- c:\windows\system32\amcompat.tlb
2010-02-13 02:25:46 30601 ----a-w- c:\documents and settings\gord\x.exe
2010-02-09 02:07:05 4198048 ----a-w- c:\windows\pfirewall.log.old

==================== Find3M ====================

2010-02-14 22:56:25 34048 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-18 20:49:27 19856 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-13 02:25:00 54016 ----a-w- c:\windows\system32\drivers\jsodht.sys
2010-01-13 01:25:41 54016 ----a-w- c:\windows\system32\drivers\uukjurad.sys
2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 18520 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26:15 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:51 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-01-28 01:46:20 152 --sha-r- c:\windows\system32\B18E5F931DGTB.sys
2009-01-28 01:46:22 7050 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 21:34:02.78 ===============

Attached Files



#4 gtbfl

gtbfl
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 20 February 2010 - 01:41 AM

After posting the last entry, I played around a bit and was able to produce a GMER log by running in SAFE MODE as administrator with Sections and IAT/EAT unchecked. Log is attached. My regisrty has the folder H8SRTd in HKLM/system/ControlSet001 however there is only a single entry named default with no values . I believe this is a holdover from a prior infection.

Attached Files

  • Attached File  Gmer.log   1.85KB   15 downloads


#5 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:03 PM

Posted 20 February 2010 - 11:21 AM

Hello, gtbfl
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.




Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#6 gtbfl

gtbfl
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 20 February 2010 - 03:49 PM

Since my last post I did not run any tools , however I did install a new wireless network card by Ralink on Feb 20. The network card worked fine but the DCP problem was still there.

Ran Combofix normally but it closed down windows and on the reboot got a popup saying system had recovered from serious error.

Ran combofix in SAFE MODE with NETWORKING. Program seemed to complete then computer shut down. On automatic reboot the combofix box was up and said it was producing a log file but after a few seconds computer shut down again and on auto reboot got the "system had recovered from serious error "message. No cobofix log was produced, also had no network connection with widows saying it could not be configured. I watching combofix run I and saw it deleting that series of c:\windows\system32\_005121_.tmp.dll files ( as shown in log file produced with the next method).

Disconnected all net work adapters(physically pulled them out) then ran Combofix in SAFE MODE which completed and produced the log file shown below. Rebooted with Belkin USB to ethernet installed and DCP problem still there. Combofix log shown below.



**********************************************************************************************************

ComboFix 10-02-20.01 - Administrator 02/20/2010 15:05:56.6.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.821 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\schrauber.exe
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Gord\Application Data\Desktopicon\eBay.ico
c:\documents and settings\Gord\Application Data\Desktopicon\uninst.exe
c:\documents and settings\Gord\My Documents\cc_20100214_135156.reg
c:\documents and settings\Gord\x.exe
c:\windows\system32\_005097_.tmp.dll
c:\windows\system32\_005098_.tmp.dll
c:\windows\system32\_005099_.tmp.dll
c:\windows\system32\_005100_.tmp.dll
c:\windows\system32\_005107_.tmp.dll
c:\windows\system32\_005108_.tmp.dll
c:\windows\system32\_005109_.tmp.dll
c:\windows\system32\_005110_.tmp.dll
c:\windows\system32\_005111_.tmp.dll
c:\windows\system32\_005112_.tmp.dll
c:\windows\system32\_005113_.tmp.dll
c:\windows\system32\_005114_.tmp.dll
c:\windows\system32\_005115_.tmp.dll
c:\windows\system32\_005116_.tmp.dll
c:\windows\system32\_005117_.tmp.dll
c:\windows\system32\_005118_.tmp.dll
c:\windows\system32\_005119_.tmp.dll
c:\windows\system32\_005120_.tmp.dll
c:\windows\system32\_005121_.tmp.dll
c:\windows\system32\_005122_.tmp.dll
c:\windows\system32\_005123_.tmp.dll
c:\windows\system32\_005124_.tmp.dll
c:\windows\system32\_005125_.tmp.dll
c:\windows\system32\_005126_.tmp.dll
c:\windows\system32\_005127_.tmp.dll
c:\windows\system32\_005128_.tmp.dll
c:\windows\system32\_005130_.tmp.dll
c:\windows\system32\_005131_.tmp.dll
c:\windows\system32\_005132_.tmp.dll
c:\windows\system32\_005133_.tmp.dll
c:\windows\system32\_005134_.tmp.dll
c:\windows\system32\_005135_.tmp.dll
c:\windows\system32\_005136_.tmp.dll
c:\windows\system32\_005137_.tmp.dll
c:\windows\system32\_005138_.tmp.dll
c:\windows\system32\_005139_.tmp.dll
c:\windows\system32\_005140_.tmp.dll
c:\windows\system32\_005141_.tmp.dll
c:\windows\system32\_005142_.tmp.dll
c:\windows\system32\_005143_.tmp.dll
c:\windows\system32\_005145_.tmp.dll
c:\windows\system32\_005146_.tmp.dll
c:\windows\system32\_005147_.tmp.dll
c:\windows\system32\_005148_.tmp.dll
c:\windows\system32\_005149_.tmp.dll
c:\windows\system32\_005150_.tmp.dll
c:\windows\system32\_005151_.tmp.dll
c:\windows\system32\_005152_.tmp.dll
c:\windows\system32\_005154_.tmp.dll
c:\windows\system32\_005155_.tmp.dll
c:\windows\system32\_005156_.tmp.dll
c:\windows\system32\_005157_.tmp.dll
c:\windows\system32\_005158_.tmp.dll
c:\windows\system32\_005160_.tmp.dll
c:\windows\system32\_005161_.tmp.dll
c:\windows\system32\_005162_.tmp.dll
c:\windows\system32\_005163_.tmp.dll
c:\windows\system32\_005164_.tmp.dll
c:\windows\system32\_005165_.tmp.dll
c:\windows\system32\_005166_.tmp.dll
c:\windows\system32\_005167_.tmp.dll
c:\windows\system32\_005168_.tmp.dll
c:\windows\system32\_005170_.tmp.dll
c:\windows\system32\_005171_.tmp.dll
c:\windows\system32\_005172_.tmp.dll
c:\windows\system32\_005173_.tmp.dll
c:\windows\system32\_005175_.tmp.dll
c:\windows\system32\_005177_.tmp.dll
c:\windows\system32\_005178_.tmp.dll
c:\windows\system32\_005179_.tmp.dll
c:\windows\system32\_005180_.tmp.dll
c:\windows\system32\_005181_.tmp.dll
c:\windows\system32\_005182_.tmp.dll
c:\windows\system32\_005183_.tmp.dll
c:\windows\system32\_005184_.tmp.dll
c:\windows\system32\_005186_.tmp.dll
c:\windows\system32\_005187_.tmp.dll
c:\windows\system32\_005188_.tmp.dll
c:\windows\system32\_005189_.tmp.dll
c:\windows\system32\_005190_.tmp.dll
c:\windows\system32\_005191_.tmp.dll
c:\windows\system32\_005192_.tmp.dll
c:\windows\system32\_005193_.tmp.dll
c:\windows\system32\_005195_.tmp.dll
c:\windows\system32\_005196_.tmp.dll
c:\windows\system32\_005197_.tmp.dll
c:\windows\system32\_005198_.tmp.dll
c:\windows\system32\_005199_.tmp.dll
c:\windows\system32\_005200_.tmp.dll
c:\windows\system32\_005201_.tmp.dll
c:\windows\system32\_005202_.tmp.dll
c:\windows\system32\_005204_.tmp.dll
c:\windows\system32\_005205_.tmp.dll
c:\windows\system32\_005206_.tmp.dll
c:\windows\system32\_005207_.tmp.dll
c:\windows\system32\_005209_.tmp.dll
c:\windows\system32\_005211_.tmp.dll
c:\windows\system32\_005212_.tmp.dll
c:\windows\system32\_005213_.tmp.dll
c:\windows\system32\_005214_.tmp.dll
c:\windows\system32\_005215_.tmp.dll
c:\windows\system32\_005216_.tmp.dll
c:\windows\system32\_005217_.tmp.dll
c:\windows\system32\_005218_.tmp.dll
c:\windows\system32\_005220_.tmp.dll
c:\windows\system32\_005221_.tmp.dll
c:\windows\system32\_005222_.tmp.dll
c:\windows\system32\_005223_.tmp.dll
c:\windows\system32\_005224_.tmp.dll
c:\windows\system32\_005226_.tmp.dll
c:\windows\system32\_005229_.tmp.dll
c:\windows\system32\_005230_.tmp.dll
c:\windows\system32\_005231_.tmp.dll
c:\windows\system32\_005232_.tmp.dll
c:\windows\system32\_005235_.tmp.dll
c:\windows\system32\_005236_.tmp.dll
c:\windows\system32\_005241_.tmp.dll
c:\windows\system32\_005243_.tmp.dll
c:\windows\system32\_005246_.tmp.dll
c:\windows\system32\_005250_.tmp.dll
c:\windows\system32\_005251_.tmp.dll
c:\windows\system32\_005255_.tmp.dll
c:\windows\system32\_005256_.tmp.dll
c:\windows\system32\_005257_.tmp.dll
c:\windows\system32\_005258_.tmp.dll
c:\windows\system32\_005263_.tmp.dll
c:\windows\system32\_005265_.tmp.dll

.
((((((((((((((((((((((((( Files Created from 2010-01-20 to 2010-02-20 )))))))))))))))))))))))))))))))
.

2010-02-20 18:43 . 2009-08-14 15:20 757852 ----a-w- c:\windows\system32\Scutum.dll
2010-02-20 18:43 . 2009-07-21 15:50 180224 ----a-w- c:\windows\system32\W32N55.dll
2010-02-20 18:43 . 2009-05-11 16:45 147456 ----a-w- c:\windows\system32\DiagFunc.dll
2010-02-20 18:43 . 2009-04-21 20:31 19072 ----a-w- c:\windows\system32\drivers\Scutum50.sys
2010-02-20 18:43 . 2008-12-30 21:55 143459 ----a-w- c:\windows\system32\RalinkGina.dll
2010-02-20 18:42 . 2009-08-03 15:57 724736 ----a-w- c:\windows\system32\drivers\rt2870.sys
2010-02-20 18:42 . 2009-08-03 15:54 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2010-02-20 18:42 . 2009-08-03 15:57 724736 ----a-w- c:\documents and settings\All Users\Application Data\Ralink Driver\RT2870 Wireless LAN Card\Driver\rt2870.sys
2010-02-20 18:42 . 2009-08-03 15:54 13931 ----a-w- c:\windows\system32\RaCoInst.dat
2010-02-20 18:42 . 2009-08-03 15:54 221184 ----a-w- c:\documents and settings\All Users\Application Data\Ralink Driver\RT2870 Wireless LAN Card\Driver\RaCoInst.dll
2010-02-20 18:42 . 2008-08-06 21:31 528384 ----a-w- c:\documents and settings\All Users\Application Data\Ralink Driver\RT2870 Wireless LAN Card\Driver\RaInst.exe
2010-02-20 18:42 . 2010-02-20 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Ralink Driver
2010-02-20 18:42 . 2009-07-13 23:47 323648 ----a-w- c:\documents and settings\All Users\Application Data\Ralink Driver\RT2870 Wireless LAN Card\Driver\difxapi7.dll
2010-02-20 18:42 . 2007-05-17 16:17 192512 ----a-w- c:\documents and settings\All Users\Application Data\Ralink Driver\RT2870 Wireless LAN Card\Driver\CoInstaller.dll
2010-02-20 18:42 . 2006-11-02 12:21 319456 ----a-w- c:\documents and settings\All Users\Application Data\Ralink Driver\RT2870 Wireless LAN Card\Driver\difxapi.dll
2010-02-20 18:42 . 2010-02-20 18:42 -------- d-----w- c:\program files\Ralink
2010-02-20 18:42 . 2010-02-20 18:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-20 18:41 . 2010-02-20 18:41 -------- d-----w- c:\documents and settings\Gord\Application Data\InstallShield
2010-02-18 04:49 . 2010-02-18 04:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-18 04:49 . 2010-02-18 04:49 -------- d-----w- c:\program files\NOS
2010-02-16 19:20 . 2004-08-10 11:00 44544 ----a-w- c:\windows\system32\hticons.dll
2010-02-15 20:38 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-02-15 20:37 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-15 20:36 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-02-15 20:36 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-02-15 20:36 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-02-15 20:30 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-02-15 20:29 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-02-15 20:27 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-02-15 20:27 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-02-15 20:27 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-02-15 20:27 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-02-15 20:27 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2010-02-15 20:27 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-02-15 20:27 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-02-15 20:27 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-02-15 20:27 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-02-15 20:27 . 2009-12-08 19:26 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-15 20:27 . 2009-12-08 19:27 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-15 20:27 . 2009-12-08 18:43 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-15 20:24 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-02-15 20:24 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-02-15 20:24 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-02-15 20:23 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-02-15 20:22 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-15 20:22 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-02-15 19:14 . 2010-02-15 19:14 -------- d-----w- c:\program files\Reference Assemblies
2010-02-15 18:44 . 2010-02-15 20:57 -------- d-----w- c:\windows\ie8updates
2010-02-15 18:38 . 2010-02-15 18:40 -------- dc-h--w- c:\windows\ie8
2010-02-15 18:35 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-15 18:35 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-15 18:35 . 2009-12-21 19:14 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-15 18:35 . 2009-12-21 19:14 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-15 18:35 . 2009-12-21 19:14 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-02-15 18:35 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-15 18:35 . 2009-12-21 19:14 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-02-15 17:47 . 2008-04-14 10:42 123392 -c--a-w- c:\windows\system32\dllcache\mplay32.exe
2010-02-15 17:47 . 2008-04-14 10:42 123392 ----a-w- c:\windows\system32\mplay32.exe
2010-02-15 17:47 . 2009-07-31 15:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-02-15 17:47 . 2009-07-31 15:05 1372672 ----a-w- c:\windows\system32\msxml6.dll
2010-02-15 17:47 . 2008-04-14 03:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-02-15 17:47 . 2008-04-14 03:57 79872 ------w- c:\windows\system32\msxml6r.dll
2010-02-15 17:45 . 2008-04-14 10:42 184320 -c--a-w- c:\windows\system32\dllcache\accwiz.exe
2010-02-15 17:45 . 2008-04-14 10:42 184320 ----a-w- c:\windows\system32\accwiz.exe
2010-02-15 17:44 . 2008-04-14 10:42 102912 -c--a-w- c:\windows\system32\dllcache\clipbrd.exe
2010-02-15 17:44 . 2008-04-14 10:42 102912 ----a-w- c:\windows\system32\clipbrd.exe
2010-02-15 17:43 . 2008-04-14 10:42 538624 -c--a-w- c:\windows\system32\dllcache\spider.exe
2010-02-15 17:43 . 2008-04-14 10:42 538624 ----a-w- c:\windows\system32\spider.exe
2010-02-15 17:43 . 2008-04-14 10:42 281088 -c--a-w- c:\windows\system32\dllcache\pinball.exe
2010-02-15 17:43 . 2008-04-14 10:42 259072 -c--a-w- c:\windows\system32\dllcache\snmpcl.dll
2010-02-15 17:43 . 2008-04-14 10:42 259072 ----a-w- c:\windows\system32\wbem\snmpcl.dll
2010-02-15 17:42 . 2009-12-16 18:43 343040 -c--a-w- c:\windows\system32\dllcache\mspaint.exe
2010-02-15 17:42 . 2009-12-16 18:43 343040 ----a-w- c:\windows\system32\mspaint.exe
2010-02-15 17:42 . 2008-04-14 10:41 347136 ----a-w- c:\windows\system32\hypertrm.dll
2010-02-15 17:42 . 2008-04-14 10:42 131584 -c--a-w- c:\windows\system32\dllcache\sndrec32.exe
2010-02-15 17:42 . 2008-04-14 10:42 131584 ----a-w- c:\windows\system32\sndrec32.exe
2010-02-15 17:42 . 2008-04-21 12:08 215552 -c--a-w- c:\windows\system32\dllcache\wordpad.exe
2010-02-15 17:41 . 2008-04-14 10:42 539136 -c--a-w- c:\windows\system32\dllcache\dialer.exe
2010-02-15 17:41 . 2008-04-14 10:42 39936 -c--a-w- c:\windows\system32\dllcache\snmpthrd.dll
2010-02-15 17:41 . 2008-04-14 10:42 39936 ----a-w- c:\windows\system32\wbem\snmpthrd.dll
2010-02-15 05:17 . 2010-02-15 06:19 -------- d-----w- c:\program files\MSECACHE
2010-02-15 02:06 . 2010-02-15 02:06 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-15 02:06 . 2010-02-15 02:06 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-14 23:14 . 2004-08-10 09:13 69632 -c--a-w- c:\windows\system32\dllcache\ehresko.dll
2010-02-14 23:14 . 2004-08-10 09:13 73728 -c--a-w- c:\windows\system32\dllcache\ehresja.dll
2010-02-14 23:14 . 2004-08-10 09:13 69632 -c--a-w- c:\windows\system32\dllcache\ehresfr.dll
2010-02-14 23:14 . 2004-08-10 09:13 69632 -c--a-w- c:\windows\system32\dllcache\ehresde.dll
2010-02-14 23:14 . 2004-08-10 09:13 61440 -c--a-w- c:\windows\system32\dllcache\ehreschs.dll
2010-02-14 23:13 . 2004-08-10 11:00 221184 -c--a-w- c:\windows\system32\dllcache\wmpns.dll
2010-02-14 23:13 . 2004-08-10 11:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2010-02-14 23:13 . 2004-08-10 11:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2010-02-14 23:13 . 2004-08-10 11:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
2010-02-14 23:13 . 2004-08-10 11:00 5632 -c--a-w- c:\windows\system32\dllcache\w3svapi.dll
2010-02-14 23:13 . 2004-08-10 11:00 73728 -c--a-w- c:\windows\system32\dllcache\w3ext.dll
2010-02-14 23:13 . 2004-08-10 11:00 4608 -c--a-w- c:\windows\system32\dllcache\w3ctrs51.dll
2010-02-14 23:13 . 2004-08-10 11:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2010-02-14 23:13 . 2008-04-14 10:41 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll
2010-02-14 23:13 . 2008-04-14 10:41 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll
2010-02-14 23:11 . 2001-08-18 03:36 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2010-02-14 23:10 . 2004-08-10 11:00 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2010-02-14 23:10 . 2004-08-10 11:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2010-02-14 23:08 . 2008-04-14 10:39 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll
2010-02-14 23:07 . 2004-08-10 11:00 480256 -c--a-w- c:\windows\system32\dllcache\cintsetp.exe
2010-02-14 23:06 . 2001-08-18 03:36 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2010-02-14 23:06 . 2004-08-10 11:00 6144 -c--a-w- c:\windows\system32\dllcache\admxprox.dll
2010-02-14 23:06 . 2004-08-10 11:00 49664 -c--a-w- c:\windows\system32\dllcache\adrot.dll
2010-02-14 23:06 . 2008-04-14 10:42 364544 -c--a-w- c:\windows\system32\dllcache\npdsplay.dll
2010-02-14 23:06 . 2008-04-14 10:42 10240 -c--a-w- c:\windows\system32\dllcache\npwmsdrm.dll
2010-02-14 23:06 . 2008-04-14 10:42 4639 -c--a-w- c:\windows\system32\dllcache\mplayer2.exe
2010-02-14 23:06 . 2004-08-10 11:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2010-02-14 23:06 . 2004-08-10 11:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2010-02-14 23:06 . 2004-08-10 11:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2010-02-14 23:06 . 2004-08-10 11:00 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2010-02-14 23:06 . 2004-08-10 11:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2010-02-14 23:06 . 2004-08-10 11:00 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2010-02-14 23:06 . 2004-08-10 11:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2010-02-14 23:00 . 2004-08-10 11:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-02-14 22:33 . 2004-08-10 11:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-02-14 22:33 . 2004-08-10 11:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-02-14 22:33 . 2004-08-10 11:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-02-14 22:33 . 2004-08-10 11:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-02-14 16:51 . 2010-02-14 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz
2010-02-14 16:50 . 2010-02-15 02:42 -------- d-----w- c:\program files\Microsoft
2010-02-14 16:49 . 2010-02-14 16:49 -------- d-----w- c:\program files\MSN Toolbar
2010-02-14 05:31 . 2010-02-14 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-20 06:47 . 2006-03-14 20:54 -------- d-----w- c:\program files\Dell
2010-02-17 06:24 . 2010-01-03 11:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-17 06:24 . 2009-12-28 08:06 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-16 20:08 . 2006-04-28 01:23 22232 ----a-w- c:\documents and settings\Gord\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-16 03:29 . 2008-08-24 04:27 1 ----a-w- c:\documents and settings\Gord\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-02-16 03:29 . 2006-05-02 03:56 -------- d-----w- c:\documents and settings\Gord\Application Data\OpenOffice.org2
2010-02-15 04:30 . 2006-04-28 01:14 -------- d-----w- c:\program files\HP
2010-02-15 02:49 . 2006-03-14 21:05 -------- d-----w- c:\program files\Roxio
2010-02-15 02:17 . 2009-11-26 02:10 -------- d-----w- c:\program files\Unlocker
2010-02-14 23:58 . 2007-04-24 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-02-14 22:56 . 2005-08-16 10:38 34048 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-14 22:56 . 2010-02-14 22:55 1663 ----a-w- c:\windows\inf\COM337.tmp
2010-02-13 21:04 . 2007-04-25 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-13 02:48 . 2006-05-09 04:09 -------- d-----w- c:\program files\The Weather Channel FW
2010-02-13 02:34 . 2006-03-14 21:05 -------- d-----w- c:\program files\Google
2010-02-13 02:21 . 2010-01-18 16:35 -------- d-----w- c:\program files\Common Files\Apple
2010-02-13 02:13 . 2009-04-05 17:02 -------- d-----w- c:\program files\Windows Live Safety Center
2010-02-06 21:34 . 2007-01-26 23:37 -------- d-----w- c:\program files\Sportsbook Poker
2010-01-30 03:23 . 2006-04-28 18:24 -------- d-----w- c:\program files\PokerStars
2010-01-18 20:49 . 2010-01-18 20:49 19856 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-18 16:45 . 2010-01-18 16:39 -------- d-----w- c:\documents and settings\Gord\Application Data\Apple Computer
2010-01-18 16:39 . 2010-01-18 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-18 16:37 . 2010-01-18 16:37 -------- d-----w- c:\program files\QuickTime
2010-01-18 16:37 . 2010-01-18 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-13 02:25 . 2010-01-13 02:25 54016 ----a-w- c:\windows\system32\drivers\jsodht.sys
2010-01-13 01:25 . 2010-01-13 01:25 54016 ----a-w- c:\windows\system32\drivers\uukjurad.sys
2010-01-07 21:07 . 2009-11-25 17:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-11-25 17:28 18520 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-03 16:38 . 2009-05-31 21:03 -------- d-----w- c:\program files\CCleaner
2010-01-02 16:21 . 2010-01-02 16:09 -------- d-----w- c:\program files\TradeStation 8.7 (Build 3085)
2010-01-01 03:37 . 2008-05-09 01:13 -------- d-----w- c:\program files\Odds Maker
2009-12-31 16:50 . 2004-08-10 11:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-23 13:58 . 2007-07-03 20:24 -------- d-----w- c:\program files\Common Files\Motive
2009-12-21 19:14 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 19:42 . 2009-12-22 04:48 872960 ----a-w- c:\documents and settings\Gord\Application Data\Mozilla\Firefox\Profiles\vaodwwym.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-16 19:42 . 2009-12-22 04:48 43008 ----a-w- c:\documents and settings\Gord\Application Data\Mozilla\Firefox\Profiles\vaodwwym.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-16 19:42 . 2009-12-22 04:48 340480 ----a-w- c:\documents and settings\Gord\Application Data\Mozilla\Firefox\Profiles\vaodwwym.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-16 19:41 . 2009-12-22 04:48 346624 ----a-w- c:\documents and settings\Gord\Application Data\Mozilla\Firefox\Profiles\vaodwwym.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-14 07:08 . 2004-08-10 11:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2005-03-30 01:21 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2005-03-30 01:01 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-10 11:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-30 01:55 . 2005-08-16 10:41 88699 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-27 17:55 . 2009-11-27 17:55 1663 ----a-w- c:\windows\inf\COM1E2.tmp
2009-11-27 17:11 . 2004-08-10 11:00 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2004-08-10 11:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-10 11:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-10 11:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-24 13:44 . 2009-12-31 04:28 79872 ----a-w- c:\documents and settings\Gord\Application Data\Mozilla\Firefox\Profiles\vaodwwym.default\extensions\lazarus@interclue.com\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
2009-11-24 13:44 . 2009-12-31 04:28 33280 ----a-w- c:\documents and settings\Gord\Application Data\Mozilla\Firefox\Profiles\vaodwwym.default\extensions\lazarus@interclue.com\platform\WINCE\components\WeaveCrypto.dll
2008-02-11 00:48 . 2006-12-12 19:48 131584 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-01-28 01:46 . 2006-04-28 05:05 152 --sha-r- c:\windows\system32\B18E5F931DGTB.sys
2009-01-28 01:46 . 2006-04-28 05:05 7050 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
"TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 2247]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-10 44544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2007-6-27 221247]
Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe [2010-2-20 1560576]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk.disabled
backup=c:\windows\pss\Digital Line Detect.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.disabledCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2004-08-10 09:04 59392 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (rootkit-scan)]
2010-01-07 21:07 1394000 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-17 02:51 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=2 (0x2)
"gupdate"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HelpCenter4.1"=c:\program files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe"
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
"BellSouthAlertManager.exe"="c:\program files\BellSouth\AM\BellSouthAlertManager.exe" /AUTORUN
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"SigmatelSysTrayApp"=stsystra.exe
"ehTray"=c:\windows\ehome\ehtray.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe"
"AVG8_TRAY"=c:\progra~1\AVG\AVG8\avgtray.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Odds Maker\\client.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

S2 OlCamudp;OLYMPUS Digital Camera;c:\windows\system32\drivers\olcamudp.sys [4/30/2006 3:31 PM 10379]
S2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\Ralink\Common\RaRegistry.exe [2/20/2010 1:43 PM 185632]
S2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [2/20/2010 1:43 PM 19072]
S3 ADM8511;%ADM8511.Service.DispName%;c:\windows\system32\drivers\adm8511.sys [2/6/2008 3:48 PM 20160]
S3 cpuz132;cpuz132;\??\c:\docume~1\Gord\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\Gord\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [?]
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/14/2006 4:05 PM 29744]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2/20/2010 1:42 PM 724736]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 1:18 PM 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-02-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-04 05:05]

2010-02-06 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-11-29 20:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
DPF: {0E5F73A1-4F7B-4C1F-B61D-CB6A4284CDD3} - hxxps://www.tradestation.com/chatclient/livechat/ClientPlugIn/tschat.cab
DPF: {7CEEAB76-D59E-11D3-8394-00C04F7BDF10} - hxxps://www.tradestation.com/tscom/ClientPlugIn/tsTemp.cab
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-20 15:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1860)
c:\windows\system32\WININET.dll
.
Completion time: 2010-02-20 15:15:58
ComboFix-quarantined-files.txt 2010-02-20 20:15

Pre-Run: 27,403,186,176 bytes free
Post-Run: 27,362,013,184 bytes free

- - End Of File - - F4404A8D4A8427AC464DF49D480117EA



#7 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:03 PM

Posted 20 February 2010 - 04:43 PM

Hi,

Please update your version of Malwarebytes and run a quick scan, post back with the content of the logfile.

  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    safebootminimal
    safebootnetwork
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#8 gtbfl

gtbfl
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 20 February 2010 - 07:59 PM

Thanks for helping me out schrauber,

I ran OTL in normal boot. It ran to completion but only produced 1 txt file ( no "extra.txt"). It took a very long time to complete , I assume because the high CPUs are making everything so slow. Unless you suggest otherwise I will run all future scans in SAFE MODE.

OTL logfile created on: 2/20/2010 5:03:00 PM - Run 2
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Gord\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 773.00 Mb Available Physical Memory | 76.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.79 Gb Total Space | 25.50 Gb Free Space | 36.54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL
Current User Name: Gord
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/20 17:01:45 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gord\Desktop\OTL.exe
PRC - [2009/08/20 17:42:38 | 001,560,576 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaUI.exe
PRC - [2009/07/14 21:53:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaRegistry.exe
PRC - [2008/04/14 05:42:42 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/12 14:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2005/12/12 14:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe


========== Modules (SafeList) ==========

MOD - [2010/02/20 17:01:45 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gord\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/02/06 13:18:57 | 000,135,664 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2010/01/25 10:00:54 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/12/04 00:05:13 | 000,182,768 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/08/14 08:45:34 | 000,319,488 | ---- | M] (Alcatel-Lucent) [Disabled | Stopped] -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)
SRV - [2009/07/14 21:53:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2008/04/14 05:42:38 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2008/02/10 19:48:45 | 000,029,744 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-093007-112848)
SRV - [2005/12/12 14:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2005/08/04 05:02:58 | 000,380,928 | ---- | M] (ATI Technologies Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2004/11/19 12:26:40 | 000,147,456 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2004/02/26 01:18:00 | 000,065,795 | R--- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://zone.msn.com/en-us/home
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "eBay"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://finviz.com/|http://news.google.com/news|http://mail.yahoo.com "
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.0.5
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: {03B08592-E5B4-45ff-A0BE-C1D975458688}:0.6.0.8
FF - prefs.js..extensions.enabledItems: {89f8dde0-010a-11da-8cd6-0800200c9a66}:1.0.0.19
FF - prefs.js..extensions.enabledItems: {36C13C8F-54F1-412e-8177-2E411719162D}:4.0.1


FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\Firefox [2010/02/14 11:49:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 19:02:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/18 19:02:24 | 000,000,000 | ---D | M]

[2008/06/19 00:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gord\Application Data\Mozilla\Extensions
[2010/02/19 11:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gord\Application Data\Mozilla\Firefox\Profiles\vaodwwym.default\extensions
[2009/11/08 08:18:41 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Documents and Settings\Gord\Application Data\Mozilla\Firefox\Profiles\vaodwwym.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2010/02/11 08:48:59 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Gord\Application Data\Mozilla\Firefox\Profiles\vaodwwym.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2009/07/06 18:05:59 | 000,000,000 | ---D | M] (Qute) -- C:\Documents and Settings\Gord\Application Data\Mozilla\Firefox\Profiles\vaodwwym.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2009/10/17 10:08:35 | 000,000,000 | ---D | M] (Yahoo! Mail Notifier) -- C:\Documents and Settings\Gord\Application Data\Mozilla\Firefox\Profiles\vaodwwym.default\extensions\{89f8dde0-010a-11da-8cd6-0800200c9a66}
[2010/01/14 17:58:15 | 000,000,000 | ---D | M] (Interclue) -- C:\Documents and Settings\Gord\Application Data\Mozilla\Firefox\Profiles\vaodwwym.default\extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}
[2009/10/12 18:20:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gord\Application Data\Mozilla\Firefox\Profiles\vaodwwym.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/12/30 23:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gord\Application Data\Mozilla\Firefox\Profiles\vaodwwym.default\extensions\lazarus@interclue.com
[2010/02/14 12:58:49 | 000,002,184 | ---- | M] () -- C:\Documents and Settings\Gord\Application Data\Mozilla\Firefox\Profiles\vaodwwym.default\searchplugins\bing.xml
[2007/01/27 18:12:40 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\Gord\Application Data\Mozilla\Firefox\Profiles\vaodwwym.default\searchplugins\stumbleupon.xml
[2010/02/16 10:24:25 | 000,001,846 | ---- | M] () -- C:\Documents and Settings\Gord\Application Data\Mozilla\Firefox\Profiles\vaodwwym.default\searchplugins\weather.xml
[2010/02/19 11:27:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/04/28 18:45:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2006/05/13 01:21:35 | 000,225,280 | ---- | M] (Asgard Software Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npaxctrl.dll
[2006/09/08 17:05:00 | 000,135,168 | ---- | M] (Fractal Edge Limited) -- C:\Program Files\Mozilla Firefox\plugins\npfemz.dll

O1 HOSTS File: ([2010/02/20 14:55:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKCU..\Run: [TClockEx] C:\Documents and Settings\Gord\Desktop\tclockex\TCLOCKEX.EXE (Dale Nurden)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0E5F73A1-4F7B-4C1F-B61D-CB6A4284CDD3} https://www.tradestation.com/chatclient/liv...ugIn/tschat.cab (TSIntranetGUI Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://moneycentral.msn.com/cabs/pmupd806.exe (MSN Money Charting)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1259420672921 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1146196819953 (MUWebControl Class)
O16 - DPF: {7CEEAB76-D59E-11D3-8394-00C04F7BDF10} https://www.tradestation.com/tscom/ClientPlugIn/tsTemp.cab (Application Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab (MSN Games Hearts)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/mail/ymmapi.cab (YahooYMailTo Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab (ChessControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Gord\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gord\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (zwebauth.dll) - C:\WINDOWS\System32\ZWebAuth.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/14 18:04:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/02/14 18:02:59 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/20 17:01:44 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gord\Desktop\OTL.exe
[2010/02/20 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/02/20 14:32:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/20 13:43:05 | 000,757,852 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\Scutum.dll
[2010/02/20 13:43:05 | 000,180,224 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\W32N55.dll
[2010/02/20 13:43:05 | 000,143,459 | ---- | C] (Ralink Tech) -- C:\WINDOWS\System32\RalinkGina.dll
[2010/02/20 13:43:05 | 000,019,072 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\Scutum50.sys
[2010/02/20 13:42:44 | 000,724,736 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt2870.sys
[2010/02/20 13:42:44 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:\WINDOWS\System32\RaCoInst.dll
[2010/02/20 13:42:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver
[2010/02/20 13:42:31 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/02/20 13:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\Ralink
[2010/02/20 13:41:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gord\Application Data\InstallShield
[2010/02/17 23:49:46 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/02/17 23:49:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/02/16 14:42:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/16 14:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/15 14:14:51 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/02/15 13:44:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/02/15 13:38:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/02/15 13:00:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/02/15 12:43:36 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2010/02/15 12:21:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/02/15 00:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2010/02/14 23:01:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gord\Recent
[2010/02/14 21:06:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/02/14 18:11:46 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/02/14 18:11:46 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/02/14 18:08:27 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010/02/14 18:08:27 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010/02/14 18:08:27 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010/02/14 18:07:47 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/02/14 17:54:19 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/02/14 11:52:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/14 11:51:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2010/02/14 11:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/02/14 11:49:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/02/14 11:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/14 00:31:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/02/13 22:44:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gord\Desktop\ProcessExplorer
[2010/02/06 13:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/06 13:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/12/07 10:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2008/12/07 10:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2007/04/23 18:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2007/04/23 14:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2006/04/28 09:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\GTek
[2006/04/27 22:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[938 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[33 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[24 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[2 C:\Documents and Settings\Gord\*.tmp files -> C:\Documents and Settings\Gord\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/20 17:01:45 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gord\Desktop\OTL.exe
[2010/02/20 15:21:04 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/20 15:20:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/20 15:20:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/20 15:13:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/20 15:01:22 | 027,627,520 | ---- | M] () -- C:\Documents and Settings\Gord\ntuser.dat
[2010/02/20 15:01:22 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Gord\ntuser.ini
[2010/02/20 14:55:30 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/20 14:38:57 | 005,424,412 | -H-- | M] () -- C:\Documents and Settings\Gord\Local Settings\Application Data\IconCache.db
[2010/02/20 14:30:17 | 003,866,210 | R--- | M] () -- C:\Documents and Settings\Gord\Desktop\schrauber.exe
[2010/02/20 13:48:16 | 000,515,302 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/20 13:48:16 | 000,436,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/20 13:48:16 | 000,069,480 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/20 13:43:02 | 000,001,621 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
[2010/02/19 12:31:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/19 12:13:27 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/19 09:35:18 | 000,008,717 | ---- | M] () -- C:\WINDOWS\System32\1.cht
[2010/02/19 08:59:12 | 000,000,043 | ---- | M] () -- C:\WINDOWS\WALLSTRT.INI
[2010/02/18 15:00:29 | 000,017,825 | ---- | M] () -- C:\WINDOWS\System32\4.cht
[2010/02/18 10:56:06 | 000,028,661 | ---- | M] () -- C:\WINDOWS\System32\3.cht
[2010/02/18 10:55:52 | 000,041,453 | ---- | M] () -- C:\WINDOWS\System32\2.cht
[2010/02/16 15:08:17 | 000,022,232 | ---- | M] () -- C:\Documents and Settings\Gord\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/15 21:03:14 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Gord\Desktop\gmer.zip
[2010/02/15 20:51:24 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Gord\Desktop\dds.scr
[2010/02/15 17:45:01 | 000,064,065 | ---- | M] () -- C:\Documents and Settings\Gord\My Documents\CleanInstallServices_2.odt
[2010/02/15 17:41:58 | 000,063,994 | ---- | M] () -- C:\Documents and Settings\Gord\My Documents\CleanInstallServices_1.odt
[2010/02/15 17:30:41 | 000,050,362 | ---- | M] () -- C:\Documents and Settings\Gord\My Documents\SafeModeServices.odt
[2010/02/15 16:55:13 | 000,000,324 | -HS- | M] () -- C:\boot.ini
[2010/02/15 16:46:11 | 000,126,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/15 13:00:42 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/02/15 01:55:03 | 000,000,667 | ---- | M] () -- C:\Documents and Settings\Gord\Desktop\Shortcut to IEXPLORE.EXE.lnk
[2010/02/14 23:48:31 | 000,023,870 | ---- | M] () -- C:\Documents and Settings\Gord\My Documents\cc_20100214_234822.reg
[2010/02/14 23:28:42 | 000,000,575 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/14 21:26:06 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/02/14 19:25:25 | 1071,828,992 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/02/14 18:16:32 | 000,000,264 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/02/14 18:04:24 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/02/14 18:04:07 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/02/14 18:04:07 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/02/14 18:03:42 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/02/14 18:01:46 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/02/14 18:01:46 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/02/14 18:01:30 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/02/14 18:01:30 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/02/14 18:01:30 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/02/14 18:01:30 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/02/14 18:01:30 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/02/14 18:01:30 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/02/14 17:56:25 | 000,034,048 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/02/14 17:41:37 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2010/02/14 15:52:09 | 000,000,672 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/02/14 13:53:50 | 000,003,016 | ---- | M] () -- C:\Documents and Settings\Gord\My Documents\cc_20100214_135300.reg
[2010/02/14 11:13:02 | 000,019,374 | ---- | M] () -- C:\Documents and Settings\Gord\Desktop\f5d5050vista.zip
[2010/02/09 15:56:30 | 000,015,497 | ---- | M] () -- C:\WINDOWS\System32\5.cht
[2010/02/08 22:07:16 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/06 18:00:00 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[938 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[33 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Gord\*.tmp files -> C:\Documents and Settings\Gord\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/20 14:30:16 | 003,866,210 | R--- | C] () -- C:\Documents and Settings\Gord\Desktop\schrauber.exe
[2010/02/20 13:43:05 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2010/02/20 13:43:05 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2010/02/20 13:43:05 | 000,000,480 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2010/02/20 13:43:02 | 000,001,621 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
[2010/02/20 13:42:34 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/02/16 17:10:12 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/16 14:20:29 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/02/16 14:20:28 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/02/16 14:20:28 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/02/16 14:20:28 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/02/16 14:20:28 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/02/16 14:20:28 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/02/16 14:20:28 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/02/16 14:20:28 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/02/16 14:20:27 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/02/16 14:20:27 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/02/16 14:20:27 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/02/16 14:20:26 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2010/02/16 14:20:26 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2010/02/16 14:20:26 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2010/02/16 14:20:26 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2010/02/16 14:20:26 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2010/02/16 14:20:26 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2010/02/16 14:20:25 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2010/02/16 14:20:25 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2010/02/16 14:20:21 | 000,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib
[2010/02/16 14:20:20 | 000,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib
[2010/02/16 14:20:20 | 000,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib
[2010/02/16 14:20:20 | 000,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib
[2010/02/16 14:20:19 | 000,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib
[2010/02/16 14:20:18 | 000,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib
[2010/02/16 14:20:17 | 000,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib
[2010/02/16 14:20:17 | 000,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib
[2010/02/16 14:20:17 | 000,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib
[2010/02/16 14:20:17 | 000,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib
[2010/02/16 14:20:16 | 000,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib
[2010/02/16 14:20:16 | 000,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib
[2010/02/16 14:20:15 | 000,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib
[2010/02/16 14:20:15 | 000,000,698 | ---- | C] () -- C:\WINDOWS\System32\inetsrv.mib
[2010/02/16 14:20:14 | 000,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib
[2010/02/16 14:20:14 | 000,020,079 | ---- | C] () -- C:\WINDOWS\System32\http.mib
[2010/02/16 14:20:13 | 000,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib
[2010/02/16 14:20:13 | 000,006,179 | ---- | C] () -- C:\WINDOWS\System32\ftp.mib
[2010/02/16 14:20:13 | 000,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib
[2010/02/16 14:20:12 | 000,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib
[2010/02/15 21:03:12 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Gord\Desktop\gmer.zip
[2010/02/15 20:51:24 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Gord\Desktop\dds.scr
[2010/02/15 17:45:00 | 000,064,065 | ---- | C] () -- C:\Documents and Settings\Gord\My Documents\CleanInstallServices_2.odt
[2010/02/15 17:41:57 | 000,063,994 | ---- | C] () -- C:\Documents and Settings\Gord\My Documents\CleanInstallServices_1.odt
[2010/02/15 17:30:40 | 000,050,362 | ---- | C] () -- C:\Documents and Settings\Gord\My Documents\SafeModeServices.odt
[2010/02/15 12:30:47 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/02/15 01:55:03 | 000,000,667 | ---- | C] () -- C:\Documents and Settings\Gord\Desktop\Shortcut to IEXPLORE.EXE.lnk
[2010/02/14 23:48:26 | 000,023,870 | ---- | C] () -- C:\Documents and Settings\Gord\My Documents\cc_20100214_234822.reg
[2010/02/14 18:31:03 | 027,627,520 | ---- | C] () -- C:\Documents and Settings\Gord\ntuser.dat
[2010/02/14 18:13:37 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/02/14 18:11:24 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/02/14 18:11:24 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/02/14 18:11:20 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/02/14 18:09:48 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/02/14 18:09:47 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/02/14 18:09:20 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/02/14 18:09:18 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/02/14 18:09:13 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/02/14 18:08:57 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/02/14 18:08:45 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/02/14 18:07:54 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/02/14 18:07:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/02/14 18:07:44 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/02/14 18:07:44 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/02/14 18:07:44 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/02/14 18:07:43 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/02/14 18:07:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/02/14 18:07:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/02/14 18:07:41 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/02/14 18:07:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/02/14 18:07:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/02/14 18:07:40 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/02/14 18:07:40 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/02/14 18:07:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/02/14 18:07:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/02/14 18:07:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/02/14 18:07:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/02/14 18:07:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/02/14 18:07:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/02/14 18:07:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/02/14 18:07:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/02/14 18:07:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/02/14 18:07:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/02/14 18:07:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/02/14 18:07:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/02/14 18:07:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/02/14 18:07:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/02/14 18:07:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/02/14 18:07:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/02/14 18:07:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/02/14 18:07:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/02/14 18:07:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/02/14 18:07:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/02/14 18:07:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/02/14 18:07:34 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/02/14 18:07:34 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/02/14 18:07:34 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/02/14 18:07:34 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/02/14 18:07:33 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/02/14 18:07:33 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/02/14 18:07:33 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/02/14 18:07:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/02/14 18:07:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/02/14 18:07:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/02/14 18:07:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/02/14 18:07:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/02/14 18:07:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/02/14 18:07:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/02/14 18:07:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/02/14 18:07:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/02/14 18:07:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/02/14 18:07:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/02/14 18:07:28 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/02/14 18:07:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/02/14 18:07:27 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/02/14 18:07:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/02/14 18:07:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/02/14 18:07:26 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/02/14 18:07:26 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/02/14 18:07:24 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/02/14 18:07:23 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/02/14 18:04:24 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010/02/14 18:01:46 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/02/14 18:01:30 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/02/14 18:01:30 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/02/14 18:01:30 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/02/14 18:01:30 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/02/14 18:01:30 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/02/14 17:33:42 | 000,077,881 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plus.cat
[2010/02/14 17:33:42 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/02/14 17:33:41 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/02/14 17:33:41 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/02/14 17:33:41 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/02/14 17:33:41 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/02/14 17:33:41 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/02/14 13:53:11 | 000,003,016 | ---- | C] () -- C:\Documents and Settings\Gord\My Documents\cc_20100214_135300.reg
[2010/02/14 11:13:01 | 000,019,374 | ---- | C] () -- C:\Documents and Settings\Gord\Desktop\f5d5050vista.zip
[2010/02/13 23:25:11 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/02/13 23:25:11 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/02/13 21:12:52 | 000,000,629 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
[2010/01/12 21:25:00 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\jsodht.sys
[2010/01/12 20:25:41 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\uukjurad.sys
[2009/08/28 14:44:53 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/05/24 14:20:05 | 000,446,464 | ---- | C] () -- C:\WINDOWS\System32\ELCollections.dll
[2009/03/26 10:07:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2009/03/26 10:03:28 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2009/03/26 10:03:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/11/09 19:26:52 | 000,001,333 | ---- | C] () -- C:\WINDOWS\stock.INI
[2007/08/16 02:00:20 | 000,016,987 | ---- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll
[2007/07/03 19:07:13 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2007/07/03 15:24:16 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2007/07/03 15:24:13 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2006/11/27 12:58:57 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/07/19 12:18:58 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Gord\Application Data\dvd.bmk
[2006/05/25 23:30:24 | 000,000,043 | ---- | C] () -- C:\WINDOWS\WALLSTRT.INI
[2006/05/08 23:09:11 | 000,002,984 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/05/01 10:27:18 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Gord\Application Data\PFP120JPR.{PB
[2006/05/01 10:27:18 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Gord\Application Data\PFP120JCM.{PB
[2006/04/28 00:05:13 | 000,007,050 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/04/28 00:05:13 | 000,000,152 | RHS- | C] () -- C:\WINDOWS\System32\B18E5F931DGTB.sys
[2006/04/27 20:34:16 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Gord\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/27 20:13:24 | 000,014,225 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/04/27 19:14:23 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Gord\Local Settings\Application Data\fusioncache.dat
[2006/03/14 16:07:56 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/14 16:05:21 | 000,000,198 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/14 15:32:42 | 000,000,302 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/09 23:11:42 | 000,185,856 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

========== LOP Check ==========

[2007/07/03 16:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BellSouth
[2010/02/14 11:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2009/02/18 13:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/02/14 00:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/02/20 13:42:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver
[2009/11/25 03:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegAce
[2010/02/14 18:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/11/24 23:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/18 11:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2007/07/03 16:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gord\Application Data\BellSouth
[2009/11/25 21:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gord\Application Data\EMCO
[2006/04/30 14:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gord\Application Data\Leadertech
[2008/03/04 12:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gord\Application Data\RTTNews
[2009/11/24 23:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gord\Application Data\Smart PC Solutions
[2006/05/31 20:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gord\Application Data\Softplicity
[2009/03/27 15:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gord\Application Data\TradeStation Technologies
[2009/04/05 16:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gord\Application Data\True Sword
[2007/04/24 20:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gord\Application Data\Uniblue

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2009/11/28 13:32:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download.old\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:AGP440.sys
[2009/11/28 15:07:59 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download.old\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2009/11/28 13:32:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download.old\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:atapi.sys
[2009/11/28 15:07:59 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download.old\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/10 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download.old\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/10 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2006/04/26 07:23:52 | 000,250,880 | ---- | M] (Intel Corporation) MD5=1C77A81756D4777CCB0425AE8107FE96 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download.old\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download.old\78cf8552430e25a8f24bc1e4dfb1970e\sp2qfe\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download.old\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll
[2004/08/10 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2006/03/16 19:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys
[2006/03/16 19:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\system32\drivers\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/10 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/10 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download.old\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >


#9 gtbfl

gtbfl
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 20 February 2010 - 08:38 PM

Actually it turned out RAUI.exe which was associated with The new wireless adapter I installed, was running CPUs at 66% ( even though the device itself was not connected to the computer ). I used the add/remove programs to uninstall the wireless adapter. I am guessing combo fix changed something. Anyway I will stick with the Belkin adapter til we get through this process. I am going to rerun OTL in safe mode.

#10 gtbfl

gtbfl
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 20 February 2010 - 09:02 PM

OTL ran quickly in SAFE MODE but still no "extra.txt file. OTL_2 shown below

*******************************************************************************************

logfile created on: 2/20/2010 8:43:55 PM - Run 3
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Gord\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 788.00 Mb Available Physical Memory | 77.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.79 Gb Total Space | 25.45 Gb Free Space | 36.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL
Current User Name: Gord
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/20 17:01:45 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gord\Desktop\OTL.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/02/20 17:01:45 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gord\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/02/06 13:18:57 | 000,135,664 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2010/01/25 10:00:54 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/12/04 00:05:13 | 000,182,768 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/08/14 08:45:34 | 000,319,488 | ---- | M] (Alcatel-Lucent) [Disabled | Stopped] -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)
SRV - [2008/04/14 05:42:38 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2008/02/10 19:48:45 | 000,029,744 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-093007-112848)
SRV - [2005/12/12 14:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Stopped] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2005/08/04 05:02:58 | 000,380,928 | ---- | M] (ATI Technologies Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2004/11/19 12:26:40 | 000,147,456 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2004/02/26 01:18:00 | 000,065,795 | R--- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://zone.msn.com/en-us/home
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "eBay"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://finviz.com/|http://news.google.com/news|http://mail.yahoo.com "
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.0.5
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: {03B08592-E5B4-45ff-A0BE-C1D975458688}:0.6.0.8
FF - prefs.js..extensions.enabledItems: {89f8dde0-010a-11da-8cd6-0800200c9a66}:1.0.0.19
FF - prefs.js..extensions.enabledItems: {36C13C8F-54F1-412e-8177-2E411719162D}:4.0.1


FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\Firefox [2010/02/14 11:49:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 19:02:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/18 19:02:24 | 000,000,000 | ---D | M]

[2008/06/19 00:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gord\Application Data\Mozilla\Extensions
[2010/02/19 11:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gord\Application Data\Mozilla\Firefox\Profiles\vaodwwym.default\extensions
[2009/11/08 08:18:41 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Documents and Settings\Gord\Application Data\Mozilla\Firefox\Profiles\vaodwwym.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2010/02/11 08:48:59 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Gord\Application Data\Mozilla\Firefox\Profiles\vaodwwym.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2009/07/06 18:05:59 | 000,000,000 | ---D | M] (Qute) -- C:\Documents and Settings\Gord\Application Data\Mozilla\Firefox\Profiles\vaodwwym.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2009/10/17 10:08:35 | 000,000,000 | ---D | M] (Yahoo! Mail Notifier) -- C:\Documents and Settings\Gord\Application Data\Mozilla\Firefox\Profiles\vaodwwym.default\extensions\{89f8dde0-010a-11da-8cd6-0800200c9a66}
[2010/01/14 17:58:15 | 000,000,000 | ---D | M] (Interclue) -- C:\Documents and Settings\Gord\Application Data\Mozilla\Firefox\Profiles\vaodwwym.default\extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}
[2009/10/12 18:20:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gord\Application Data\Mozilla\Firefox\Profiles\vaodwwym.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/12/30 23:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gord\Application Data\Mozilla\Firefox\Profiles\vaodwwym.default\extensions\lazarus@interclue.com
[2010/02/14 12:58:49 | 000,002,184 | ---- | M] () -- C:\Documents and Settings\Gord\Application Data\Mozilla\Firefox\Profiles\vaodwwym.default\searchplugins\bing.xml
[2007/01/27 18:12:40 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\Gord\Application Data\Mozilla\Firefox\Profiles\vaodwwym.default\searchplugins\stumbleupon.xml
[2010/02/16 10:24:25 | 000,001,846 | ---- | M] () -- C:\Documents and Settings\Gord\Application Data\Mozilla\Firefox\Profiles\vaodwwym.default\searchplugins\weather.xml
[2010/02/19 11:27:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/04/28 18:45:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2006/05/13 01:21:35 | 000,225,280 | ---- | M] (Asgard Software Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npaxctrl.dll
[2006/09/08 17:05:00 | 000,135,168 | ---- | M] (Fractal Edge Limited) -- C:\Program Files\Mozilla Firefox\plugins\npfemz.dll

O1 HOSTS File: ([2010/02/20 14:55:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKCU..\Run: [TClockEx] C:\Documents and Settings\Gord\Desktop\tclockex\TCLOCKEX.EXE (Dale Nurden)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0E5F73A1-4F7B-4C1F-B61D-CB6A4284CDD3} https://www.tradestation.com/chatclient/liv...ugIn/tschat.cab (TSIntranetGUI Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://moneycentral.msn.com/cabs/pmupd806.exe (MSN Money Charting)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1259420672921 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1146196819953 (MUWebControl Class)
O16 - DPF: {7CEEAB76-D59E-11D3-8394-00C04F7BDF10} https://www.tradestation.com/tscom/ClientPlugIn/tsTemp.cab (Application Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab (MSN Games Hearts)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/mail/ymmapi.cab (YahooYMailTo Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab (ChessControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Gord\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gord\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (zwebauth.dll) - C:\WINDOWS\System32\ZWebAuth.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/14 18:04:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/02/14 18:02:59 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 14 Days ==========

[2010/02/20 17:01:44 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gord\Desktop\OTL.exe
[2010/02/20 15:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/02/20 14:32:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/17 23:49:46 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/02/17 23:49:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/02/16 14:42:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/16 14:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/15 14:14:51 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/02/15 13:44:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/02/15 13:38:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/02/15 13:00:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/02/15 12:43:36 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2010/02/15 12:21:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/02/15 00:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2010/02/14 23:01:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gord\Recent
[2010/02/14 21:06:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/02/14 18:11:46 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/02/14 18:11:46 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/02/14 18:08:27 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010/02/14 18:08:27 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010/02/14 18:08:27 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010/02/14 18:07:47 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/02/14 17:54:19 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/02/14 11:52:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/14 11:51:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2010/02/14 11:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/02/14 11:49:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/02/14 11:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/14 00:31:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/02/13 22:44:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gord\Desktop\ProcessExplorer
[2010/02/06 13:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/06 13:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/12/07 10:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2008/12/07 10:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2007/04/23 18:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2007/04/23 14:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2006/04/28 09:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\GTek
[2006/04/27 22:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[938 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[33 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[24 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[2 C:\Documents and Settings\Gord\*.tmp files -> C:\Documents and Settings\Gord\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/20 20:40:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/20 20:39:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/20 20:39:14 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Gord\ntuser.ini
[2010/02/20 20:39:13 | 027,627,520 | ---- | M] () -- C:\Documents and Settings\Gord\ntuser.dat
[2010/02/20 20:29:26 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/20 20:13:06 | 004,847,660 | -H-- | M] () -- C:\Documents and Settings\Gord\Local Settings\Application Data\IconCache.db
[2010/02/20 18:00:01 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010/02/20 17:01:45 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gord\Desktop\OTL.exe
[2010/02/20 15:13:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/20 14:55:30 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/20 14:30:17 | 003,866,210 | R--- | M] () -- C:\Documents and Settings\Gord\Desktop\schrauber.exe
[2010/02/20 13:48:16 | 000,515,302 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/20 13:48:16 | 000,436,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/20 13:48:16 | 000,069,480 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/19 12:31:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/19 12:13:27 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/19 09:35:18 | 000,008,717 | ---- | M] () -- C:\WINDOWS\System32\1.cht
[2010/02/19 08:59:12 | 000,000,043 | ---- | M] () -- C:\WINDOWS\WALLSTRT.INI
[2010/02/18 15:00:29 | 000,017,825 | ---- | M] () -- C:\WINDOWS\System32\4.cht
[2010/02/18 10:56:06 | 000,028,661 | ---- | M] () -- C:\WINDOWS\System32\3.cht
[2010/02/18 10:55:52 | 000,041,453 | ---- | M] () -- C:\WINDOWS\System32\2.cht
[2010/02/16 15:08:17 | 000,022,232 | ---- | M] () -- C:\Documents and Settings\Gord\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/15 21:03:14 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Gord\Desktop\gmer.zip
[2010/02/15 20:51:24 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Gord\Desktop\dds.scr
[2010/02/15 17:45:01 | 000,064,065 | ---- | M] () -- C:\Documents and Settings\Gord\My Documents\CleanInstallServices_2.odt
[2010/02/15 17:41:58 | 000,063,994 | ---- | M] () -- C:\Documents and Settings\Gord\My Documents\CleanInstallServices_1.odt
[2010/02/15 17:30:41 | 000,050,362 | ---- | M] () -- C:\Documents and Settings\Gord\My Documents\SafeModeServices.odt
[2010/02/15 16:55:13 | 000,000,324 | -HS- | M] () -- C:\boot.ini
[2010/02/15 16:46:11 | 000,126,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/15 13:00:42 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/02/15 01:55:03 | 000,000,667 | ---- | M] () -- C:\Documents and Settings\Gord\Desktop\Shortcut to IEXPLORE.EXE.lnk
[2010/02/14 23:48:31 | 000,023,870 | ---- | M] () -- C:\Documents and Settings\Gord\My Documents\cc_20100214_234822.reg
[2010/02/14 23:28:42 | 000,000,575 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/14 21:26:06 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/02/14 19:25:25 | 1071,828,992 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/02/14 18:16:32 | 000,000,264 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/02/14 18:04:24 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/02/14 18:04:07 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/02/14 18:04:07 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/02/14 18:03:42 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/02/14 18:01:46 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/02/14 18:01:46 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/02/14 18:01:30 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/02/14 18:01:30 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/02/14 18:01:30 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/02/14 18:01:30 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/02/14 18:01:30 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/02/14 18:01:30 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/02/14 17:56:25 | 000,034,048 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/02/14 17:41:37 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2010/02/14 15:52:09 | 000,000,672 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/02/14 13:53:50 | 000,003,016 | ---- | M] () -- C:\Documents and Settings\Gord\My Documents\cc_20100214_135300.reg
[2010/02/14 11:13:02 | 000,019,374 | ---- | M] () -- C:\Documents and Settings\Gord\Desktop\f5d5050vista.zip
[2010/02/09 15:56:30 | 000,015,497 | ---- | M] () -- C:\WINDOWS\System32\5.cht
[2010/02/08 22:07:16 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[938 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[33 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Gord\*.tmp files -> C:\Documents and Settings\Gord\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/20 14:30:16 | 003,866,210 | R--- | C] () -- C:\Documents and Settings\Gord\Desktop\schrauber.exe
[2010/02/16 17:10:12 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/16 14:20:29 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/02/16 14:20:28 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/02/16 14:20:28 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/02/16 14:20:28 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/02/16 14:20:28 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/02/16 14:20:28 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/02/16 14:20:28 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/02/16 14:20:28 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/02/16 14:20:27 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/02/16 14:20:27 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/02/16 14:20:27 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/02/16 14:20:26 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2010/02/16 14:20:26 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2010/02/16 14:20:26 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2010/02/16 14:20:26 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2010/02/16 14:20:26 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2010/02/16 14:20:26 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2010/02/16 14:20:25 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2010/02/16 14:20:25 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2010/02/16 14:20:21 | 000,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib
[2010/02/16 14:20:20 | 000,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib
[2010/02/16 14:20:20 | 000,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib
[2010/02/16 14:20:20 | 000,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib
[2010/02/16 14:20:19 | 000,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib
[2010/02/16 14:20:18 | 000,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib
[2010/02/16 14:20:17 | 000,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib
[2010/02/16 14:20:17 | 000,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib
[2010/02/16 14:20:17 | 000,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib
[2010/02/16 14:20:17 | 000,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib
[2010/02/16 14:20:16 | 000,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib
[2010/02/16 14:20:16 | 000,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib
[2010/02/16 14:20:15 | 000,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib
[2010/02/16 14:20:15 | 000,000,698 | ---- | C] () -- C:\WINDOWS\System32\inetsrv.mib
[2010/02/16 14:20:14 | 000,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib
[2010/02/16 14:20:14 | 000,020,079 | ---- | C] () -- C:\WINDOWS\System32\http.mib
[2010/02/16 14:20:13 | 000,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib
[2010/02/16 14:20:13 | 000,006,179 | ---- | C] () -- C:\WINDOWS\System32\ftp.mib
[2010/02/16 14:20:13 | 000,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib
[2010/02/16 14:20:12 | 000,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib
[2010/02/15 21:03:12 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Gord\Desktop\gmer.zip
[2010/02/15 20:51:24 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Gord\Desktop\dds.scr
[2010/02/15 17:45:00 | 000,064,065 | ---- | C] () -- C:\Documents and Settings\Gord\My Documents\CleanInstallServices_2.odt
[2010/02/15 17:41:57 | 000,063,994 | ---- | C] () -- C:\Documents and Settings\Gord\My Documents\CleanInstallServices_1.odt
[2010/02/15 17:30:40 | 000,050,362 | ---- | C] () -- C:\Documents and Settings\Gord\My Documents\SafeModeServices.odt
[2010/02/15 12:30:47 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/02/15 01:55:03 | 000,000,667 | ---- | C] () -- C:\Documents and Settings\Gord\Desktop\Shortcut to IEXPLORE.EXE.lnk
[2010/02/14 23:48:26 | 000,023,870 | ---- | C] () -- C:\Documents and Settings\Gord\My Documents\cc_20100214_234822.reg
[2010/02/14 18:31:03 | 027,627,520 | ---- | C] () -- C:\Documents and Settings\Gord\ntuser.dat
[2010/02/14 18:13:37 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/02/14 18:11:24 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/02/14 18:11:24 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/02/14 18:11:20 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/02/14 18:09:48 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/02/14 18:09:47 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/02/14 18:09:20 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/02/14 18:09:18 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/02/14 18:09:13 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/02/14 18:08:57 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/02/14 18:08:45 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/02/14 18:07:54 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/02/14 18:07:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/02/14 18:07:44 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/02/14 18:07:44 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/02/14 18:07:44 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/02/14 18:07:43 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/02/14 18:07:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/02/14 18:07:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/02/14 18:07:41 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/02/14 18:07:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/02/14 18:07:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/02/14 18:07:40 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/02/14 18:07:40 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/02/14 18:07:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/02/14 18:07:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/02/14 18:07:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/02/14 18:07:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/02/14 18:07:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/02/14 18:07:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/02/14 18:07:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/02/14 18:07:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/02/14 18:07:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/02/14 18:07:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/02/14 18:07:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/02/14 18:07:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/02/14 18:07:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/02/14 18:07:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/02/14 18:07:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/02/14 18:07:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/02/14 18:07:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/02/14 18:07:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/02/14 18:07:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/02/14 18:07:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/02/14 18:07:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/02/14 18:07:34 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/02/14 18:07:34 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/02/14 18:07:34 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/02/14 18:07:34 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/02/14 18:07:33 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/02/14 18:07:33 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/02/14 18:07:33 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/02/14 18:07:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/02/14 18:07:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/02/14 18:07:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/02/14 18:07:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/02/14 18:07:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/02/14 18:07:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/02/14 18:07:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/02/14 18:07:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/02/14 18:07:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/02/14 18:07:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/02/14 18:07:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/02/14 18:07:28 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/02/14 18:07:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/02/14 18:07:27 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/02/14 18:07:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/02/14 18:07:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/02/14 18:07:26 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/02/14 18:07:26 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/02/14 18:07:24 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/02/14 18:07:23 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/02/14 18:04:24 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010/02/14 18:01:46 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/02/14 18:01:30 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/02/14 18:01:30 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/02/14 18:01:30 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/02/14 18:01:30 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/02/14 18:01:30 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/02/14 17:33:42 | 000,077,881 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plus.cat
[2010/02/14 17:33:42 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/02/14 17:33:41 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/02/14 17:33:41 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/02/14 17:33:41 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/02/14 17:33:41 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/02/14 17:33:41 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/02/14 13:53:11 | 000,003,016 | ---- | C] () -- C:\Documents and Settings\Gord\My Documents\cc_20100214_135300.reg
[2010/02/14 11:13:01 | 000,019,374 | ---- | C] () -- C:\Documents and Settings\Gord\Desktop\f5d5050vista.zip
[2010/02/13 23:25:11 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/02/13 23:25:11 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/02/13 21:12:52 | 000,000,629 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
[2010/01/12 21:25:00 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\jsodht.sys
[2010/01/12 20:25:41 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\uukjurad.sys
[2009/08/28 14:44:53 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/05/24 14:20:05 | 000,446,464 | ---- | C] () -- C:\WINDOWS\System32\ELCollections.dll
[2009/03/26 10:07:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2009/03/26 10:03:28 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2009/03/26 10:03:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/11/09 19:26:52 | 000,001,333 | ---- | C] () -- C:\WINDOWS\stock.INI
[2007/08/16 02:00:20 | 000,016,987 | ---- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll
[2007/07/03 19:07:13 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2007/07/03 15:24:16 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2007/07/03 15:24:13 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2006/11/27 12:58:57 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/07/19 12:18:58 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Gord\Application Data\dvd.bmk
[2006/05/25 23:30:24 | 000,000,043 | ---- | C] () -- C:\WINDOWS\WALLSTRT.INI
[2006/05/08 23:09:11 | 000,002,984 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/05/01 10:27:18 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Gord\Application Data\PFP120JPR.{PB
[2006/05/01 10:27:18 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Gord\Application Data\PFP120JCM.{PB
[2006/04/28 00:05:13 | 000,007,050 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/04/28 00:05:13 | 000,000,152 | RHS- | C] () -- C:\WINDOWS\System32\B18E5F931DGTB.sys
[2006/04/27 20:34:16 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Gord\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/27 20:13:24 | 000,014,225 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/04/27 19:14:23 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Gord\Local Settings\Application Data\fusioncache.dat
[2006/03/14 16:07:56 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/14 16:05:21 | 000,000,198 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/14 15:32:42 | 000,000,302 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/09 23:11:42 | 000,185,856 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

========== LOP Check ==========

[2007/07/03 16:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BellSouth
[2010/02/14 11:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2009/02/18 13:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/02/14 00:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2009/11/25 03:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegAce
[2010/02/14 18:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/11/24 23:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/18 11:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2007/07/03 16:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gord\Application Data\BellSouth
[2009/11/25 21:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gord\Application Data\EMCO
[2006/04/30 14:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gord\Application Data\Leadertech
[2008/03/04 12:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gord\Application Data\RTTNews
[2009/11/24 23:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gord\Application Data\Smart PC Solutions
[2006/05/31 20:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gord\Application Data\Softplicity
[2009/03/27 15:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gord\Application Data\TradeStation Technologies
[2009/04/05 16:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gord\Application Data\True Sword
[2007/04/24 20:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gord\Application Data\Uniblue

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2009/11/28 13:32:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download.old\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:AGP440.sys
[2009/11/28 15:07:59 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download.old\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2009/11/28 13:32:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download.old\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:atapi.sys
[2009/11/28 15:07:59 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download.old\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/10 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download.old\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/10 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2006/04/26 07:23:52 | 000,250,880 | ---- | M] (Intel Corporation) MD5=1C77A81756D4777CCB0425AE8107FE96 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download.old\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download.old\78cf8552430e25a8f24bc1e4dfb1970e\sp2qfe\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download.old\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll
[2004/08/10 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2006/03/16 19:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys
[2006/03/16 19:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\system32\drivers\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/10 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/10 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download.old\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >


#11 gtbfl

gtbfl
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 20 February 2010 - 11:21 PM

full scan Malwarebytes log show below - no infections found

************************************************************************************

Malwarebytes' Anti-Malware 1.43
Database version: 3768
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

2/20/2010 11:09:43 PM
mbam-log-2010-02-20 (23-09-43).txt

Scan type: Full Scan (C:\|)
Objects scanned: 233415
Time elapsed: 1 hour(s), 38 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attached Files



#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:03 PM

Posted 21 February 2010 - 11:44 AM

Hi,

http://technet.microsoft.com/en-us/sysinte...s/bb896653.aspx

Please download Process Explorer and install it, open the tool and have look which process is taken the high cpu.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 gtbfl

gtbfl
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 21 February 2010 - 11:49 AM

They are taken up by Deferred Procedure Calls

#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:03 PM

Posted 21 February 2010 - 12:07 PM

Can you please post the service/process names? Also you can click these entries and see a sub-menu to check which files are taking this high usage.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 gtbfl

gtbfl
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 21 February 2010 - 12:24 PM

There are no threads or handles associated with the deferred procedure calls. The following text file was produced by highlighting DCPs and using the save icon:

********************************************************************************************************************************
Process Description CPU User Name Command Line PID Threads Handles
alg.exe Application Layer Gateway Service NT AUTHORITY\LOCAL SERVICE C:\WINDOWS\System32\alg.exe 992 5 104
apcsystray.exe PowerChute system tray power icon DELL\Gord "C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe" 1432 1 83
csrss.exe Client Server Runtime Process 1 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 784 10 344
dmadmin.exe Logical Disk Manager service process NT AUTHORITY\SYSTEM C:\WINDOWS\System32\dmadmin.exe /com 200 7 105
DPCs Deferred Procedure Calls 21 n/a 0 0
explorer.exe Windows Explorer DELL\Gord C:\WINDOWS\Explorer.EXE 1856 12 382
firefox.exe Firefox DELL\Gord "C:\Program Files\Mozilla Firefox\firefox.exe" 1488 24 429
Interrupts Hardware Interrupts n/a 0 0
locator.exe Rpc Locator NT AUTHORITY\NETWORK SERVICE C:\WINDOWS\system32\locator.exe 1880 3 48
lsass.exe LSA Shell (Export Version) NT AUTHORITY\SYSTEM C:\WINDOWS\system32\lsass.exe 868 21 351
mainserv.exe Battery backup management service NT AUTHORITY\SYSTEM "C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe" 1688 2 73
mcrdsvc.exe MCRD Device Service NT AUTHORITY\LOCAL SERVICE C:\WINDOWS\ehome\mcrdsvc.exe 312 5 121
procexp.exe Sysinternals Process Explorer 4 DELL\Gord "C:\Documents and Settings\Gord\Desktop\ProcessExplorer\procexp.exe" 3596 7 278
services.exe Services and Controller app 1 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\services.exe 856 15 280
smss.exe Windows NT Session Manager NT AUTHORITY\SYSTEM \SystemRoot\System32\smss.exe 580 3 19
spoolsv.exe Spooler SubSystem App NT AUTHORITY\SYSTEM C:\WINDOWS\system32\spoolsv.exe 1608 11 122
svchost.exe Generic Host Process for Win32 Services NT AUTHORITY\SYSTEM C:\WINDOWS\system32\svchost -k DcomLaunch 1084 14 192
svchost.exe Generic Host Process for Win32 Services NT AUTHORITY\NETWORK SERVICE C:\WINDOWS\system32\svchost -k rpcss 1148 8 245
svchost.exe Generic Host Process for Win32 Services NT AUTHORITY\SYSTEM C:\WINDOWS\system32\svchost.exe -k netsvcs 1312 62 1,364
svchost.exe Generic Host Process for Win32 Services NT AUTHORITY\NETWORK SERVICE C:\WINDOWS\system32\svchost.exe -k NetworkService 1376 6 91
svchost.exe Generic Host Process for Win32 Services NT AUTHORITY\LOCAL SERVICE C:\WINDOWS\system32\svchost.exe -k LocalService 1496 10 151
System 1 NT AUTHORITY\SYSTEM 4 61 294
System Idle Process 72 NT AUTHORITY\SYSTEM 0 2 0
winlogon.exe Windows NT Logon Application NT AUTHORITY\SYSTEM winlogon.exe 812 19 525
wscntfy.exe Windows Security Center Notification App DELL\Gord C:\WINDOWS\system32\wscntfy.exe 1876 1 29

Process: procexp.exe Pid: 3596

Type Name Handle
Desktop \Default 0x30
Directory \KnownDlls 0x8
Directory \Windows 0x14
Directory \BaseNamedObjects 0x4C
Event 0x2C
Event 0x3C
Event 0x64
Event 0x70
Event 0x74
Event 0x78
Event 0x7C
Event 0x84
Event 0x1C4
Event 0x1D0
Event 0x1D4
Event \BaseNamedObjects\CLR_PerfMon_DoneEnumEvent 0x1E4
Event \BaseNamedObjects\CLR_PerfMon_StartEnumEvent 0x1EC
Event 0x1F0
Event 0x1F4
Event 0x1FC
Event 0x200
Event 0x204
Event 0x208
Event 0x20C
Event 0x21C
Event 0x228
Event 0x234
Event 0x23C
Event 0x240
Event 0x24C
Event 0x254
Event 0x258
Event 0x260
Event 0x26C
Event 0x284
Event \BaseNamedObjects\crypt32LogoffEvent 0x29C
Event 0x2B4
Event 0x2C0
Event 0x2C8
Event 0x2D4
Event 0x2D8
Event 0x2E0
Event 0x2F0
Event 0x2F8
Event 0x300
Event 0x308
Event 0x310
Event 0x318
Event 0x320
Event 0x328
Event 0x330
Event 0x338
Event 0x340
Event 0x348
Event 0x350
Event 0x358
Event 0x360
Event 0x36C
Event 0x370
Event 0x37C
Event 0x384
Event 0x3AC
Event 0x3B0
Event 0x3B4
Event 0x3B8
Event 0x3C0
Event 0x3C4
Event 0x3CC
Event 0x3D4
Event \BaseNamedObjects\userenv: User Profile setup event 0x3E8
Event 0x408
Event 0x410
Event 0x428
Event 0x430
Event 0x43C
Event 0x454
Event 0x45C
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83 0x10
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83 0x54
File \Device\KsecDD 0x58
File C:\Documents and Settings\Gord\Local Settings\temp\Perflib_Perfdata_e0c.dat 0x68
File \Device\PROCEXP113 0x17C
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83 0x194
File \Device\Tcp 0x198
File \Device\Tcp 0x19C
File \Device\Ip 0x1A0
File \Device\Ip 0x1A4
File \Device\Ip 0x1A8
File C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca 0x1E0
File C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca 0x1E8
File 0x220
File \Device\WMIDataDevice 0x224
File \Device\WMIDataDevice 0x230
File \Device\NamedPipe\ntsvcs 0x264
File \Device\NamedPipe\ROUTER 0x268
File \Device\NamedPipe\ROUTER 0x288
File C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca 0x298
File C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca 0x2A8
File C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca 0x364
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83 0x3A4
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83 0x3DC
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83 0x3E0
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83 0x438
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83 0x458
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83 0x460
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83 0x464
File C:\Documents and Settings\Gord\Desktop\ProcessExplorer 0x478
IoCompletion 0x180
IoCompletion 0x184
IoCompletion 0x188
IoCompletion 0x18C
IoCompletion 0x190
IoCompletion 0x418
Key HKLM 0x24
Key HKLM\SYSTEM\ControlSet003\Control\NetworkProvider\HwOrder 0x40
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib 0x5C
Key HKCU 0x8C
Key HKCU\Software\Sysinternals\Process Explorer 0x90
Key HKLM\SYSTEM\ControlSet003\Services\.NET CLR Data\Performance 0x94
Key HKLM\SYSTEM\ControlSet003\Services\.NET CLR Networking\Performance 0x9C
Key HKLM\SYSTEM\ControlSet003\Services\.NET Data Provider for Oracle\Performance 0xA4
Key HKLM\SYSTEM\ControlSet003\Services\.NET Data Provider for SqlServer\Performance 0xAC
Key HKLM\SYSTEM\ControlSet003\Services\.NETFramework\Performance 0xB4
Key HKLM\SYSTEM\ControlSet003\Services\ASP.NET\Performance 0xBC
Key HKLM\SYSTEM\ControlSet003\Services\ASP.NET_2.0.50727\Performance 0xC4
Key HKLM\SYSTEM\ControlSet003\Services\aspnet_state\Performance 0xCC
Key HKLM\SYSTEM\ControlSet003\Services\ContentFilter\Performance 0xD4
Key HKLM\SYSTEM\ControlSet003\Services\ContentIndex\Performance 0xDC
Key HKLM\SYSTEM\ControlSet003\Services\ISAPISearch\Performance 0xE4
Key HKLM\SYSTEM\ControlSet003\Services\MSDTC\Performance 0xEC
Key HKLM\SYSTEM\ControlSet003\Services\PerfDisk\Performance 0xF4
Key HKLM\SYSTEM\ControlSet003\Services\PerfNet\Performance 0xFC
Key HKLM\SYSTEM\ControlSet003\Services\PerfOS\Performance 0x104
Key HKLM\SYSTEM\ControlSet003\Services\PerfProc\Performance 0x10C
Key HKLM\SYSTEM\ControlSet003\Services\PSched\Performance 0x114
Key HKLM\SYSTEM\ControlSet003\Services\RemoteAccess\Performance 0x11C
Key HKLM\SYSTEM\ControlSet003\Services\RSVP\Performance 0x124
Key HKLM\SYSTEM\ControlSet003\Services\ServiceModelEndpoint 3.0.0.0\Performance 0x12C
Key HKLM\SYSTEM\ControlSet003\Services\ServiceModelOperation 3.0.0.0\Performance 0x134
Key HKLM\SYSTEM\ControlSet003\Services\ServiceModelService 3.0.0.0\Performance 0x13C
Key HKLM\SYSTEM\ControlSet003\Services\SMSvcHost 3.0.0.0\Performance 0x144
Key HKLM\SYSTEM\ControlSet003\Services\Spooler\Performance 0x14C
Key HKLM\SYSTEM\ControlSet003\Services\TapiSrv\Performance 0x154
Key HKLM\SYSTEM\ControlSet003\Services\Tcpip\Performance 0x15C
Key HKLM\SYSTEM\ControlSet003\Services\TermService\Performance 0x164
Key HKLM\SYSTEM\ControlSet003\Services\Windows Workflow Foundation 3.0.0.0\Performance 0x16C
Key HKLM\SYSTEM\ControlSet003\Services\WmiApRpl\Performance 0x174
Key HKLM\SYSTEM\ControlSet003\Services\Tcpip\Linkage 0x1B4
Key HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters 0x1B8
Key HKLM\SYSTEM\ControlSet003\Services\NetBT\Parameters\Interfaces 0x1BC
Key HKLM\SYSTEM\ControlSet003\Services\NetBT\Parameters 0x1C0
Key HKLM\SYSTEM\ControlSet003\Services\ASP.NET_2.0.50727\Names 0x218
Key HKLM\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9 0x2BC
Key HKLM\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5 0x2C4
Key HKCU\Software\Classes 0x2E8
Key HKCR 0x2EC
Key HKCU\Software\Classes 0x2F4
Key HKLM\SOFTWARE\Microsoft\COM3 0x2FC
Key HKU 0x304
Key HKCR 0x30C
Key HKU 0x314
Key HKLM\SOFTWARE\Microsoft\COM3 0x31C
Key HKLM\SOFTWARE\Microsoft\COM3 0x324
Key HKCR\CLSID 0x32C
Key HKCR 0x334
Key HKLM\SOFTWARE\Microsoft\COM3 0x33C
Key HKU 0x344
Key HKLM\SOFTWARE\Microsoft\COM3 0x34C
Key HKLM\SOFTWARE\Microsoft\COM3 0x354
Key HKCR\CLSID 0x35C
Key HKCU\Software\Classes 0x368
Key HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer 0x390
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer 0x398
Key HKCU\Software\Classes 0x39C
Key HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts 0x3A8
Key HKCU\Software\Classes 0x3D0
Key HKCU\Software\Classes 0x3D8
Key HKCU\Software\Microsoft\Windows\ShellNoRoam 0x3EC
Key HKCU\Software\Microsoft\Windows\Shell 0x3F0
Key HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache 0x3F4
Key HKU 0x3F8
Key HKCU\Software\Classes 0x3FC
Key HKCU\Software\Classes 0x404
Key HKCU\Software\Classes 0x434
Key HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN 0x440
Key HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings 0x444
Key HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK 0x448
Key HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\187\Shell 0x468
Key HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\187\Shell 0x46C
KeyedEvent \KernelObjects\CritSecOutOfMemoryEvent 0x4
Mutant 0x60
Mutant \BaseNamedObjects\.NET CLR Data_Perf_Library_Lock_PID_e0c 0x98
Mutant \BaseNamedObjects\.NET CLR Networking_Perf_Library_Lock_PID_e0c 0xA0
Mutant \BaseNamedObjects\.NET Data Provider for Oracle_Perf_Library_Lock_PID_e0c 0xA8
Mutant \BaseNamedObjects\.NET Data Provider for SqlServer_Perf_Library_Lock_PID_e0c 0xB0
Mutant \BaseNamedObjects\.NETFramework_Perf_Library_Lock_PID_e0c 0xB8
Mutant \BaseNamedObjects\ASP.NET_Perf_Library_Lock_PID_e0c 0xC0
Mutant \BaseNamedObjects\ASP.NET_2.0.50727_Perf_Library_Lock_PID_e0c 0xC8
Mutant \BaseNamedObjects\aspnet_state_Perf_Library_Lock_PID_e0c 0xD0
Mutant \BaseNamedObjects\ContentFilter_Perf_Library_Lock_PID_e0c 0xD8
Mutant \BaseNamedObjects\ContentIndex_Perf_Library_Lock_PID_e0c 0xE0
Mutant \BaseNamedObjects\ISAPISearch_Perf_Library_Lock_PID_e0c 0xE8
Mutant \BaseNamedObjects\MSDTC_Perf_Library_Lock_PID_e0c 0xF0
Mutant \BaseNamedObjects\PerfDisk_Perf_Library_Lock_PID_e0c 0xF8
Mutant \BaseNamedObjects\PerfNet_Perf_Library_Lock_PID_e0c 0x100
Mutant \BaseNamedObjects\PerfOS_Perf_Library_Lock_PID_e0c 0x108
Mutant \BaseNamedObjects\PerfProc_Perf_Library_Lock_PID_e0c 0x110
Mutant \BaseNamedObjects\PSched_Perf_Library_Lock_PID_e0c 0x118
Mutant \BaseNamedObjects\RemoteAccess_Perf_Library_Lock_PID_e0c 0x120
Mutant \BaseNamedObjects\RSVP_Perf_Library_Lock_PID_e0c 0x128
Mutant \BaseNamedObjects\ServiceModelEndpoint 3.0.0.0_Perf_Library_Lock_PID_e0c 0x130
Mutant \BaseNamedObjects\ServiceModelOperation 3.0.0.0_Perf_Library_Lock_PID_e0c 0x138
Mutant \BaseNamedObjects\ServiceModelService 3.0.0.0_Perf_Library_Lock_PID_e0c 0x140
Mutant \BaseNamedObjects\SMSvcHost 3.0.0.0_Perf_Library_Lock_PID_e0c 0x148
Mutant \BaseNamedObjects\Spooler_Perf_Library_Lock_PID_e0c 0x150
Mutant \BaseNamedObjects\TapiSrv_Perf_Library_Lock_PID_e0c 0x158
Mutant \BaseNamedObjects\Tcpip_Perf_Library_Lock_PID_e0c 0x160
Mutant \BaseNamedObjects\TermService_Perf_Library_Lock_PID_e0c 0x168
Mutant \BaseNamedObjects\Windows Workflow Foundation 3.0.0.0_Perf_Library_Lock_PID_e0c 0x170
Mutant \BaseNamedObjects\WmiApRpl_Perf_Library_Lock_PID_e0c 0x178
Mutant 0x1CC
Mutant 0x1D8
Mutant 0x28C
Mutant 0x2A0
Mutant \BaseNamedObjects\__PDH_PLA_MUTEX__ 0x2A4
Mutant \BaseNamedObjects\ShimCacheMutex 0x2AC
Mutant 0x2CC
Mutant 0x2D0
Mutant 0x378
Mutant 0x380
Mutant 0x388
Mutant 0x3A0
Port 0x18
Port 0x88
Port 0x1C8
Port 0x270
Port 0x2DC
Process procexp.exe(3596) 0x238
Section \BaseNamedObjects\Perflib_Perfdata_e0c 0x6C
Section \BaseNamedObjects\RSVP_STATS 0x290
Section \BaseNamedObjects\MSIDLPM_STATS 0x294
Section \BaseNamedObjects\ShimSharedMemory 0x2B0
Semaphore 0x1C
Semaphore 0x20
Semaphore 0x38
Semaphore 0x44
Semaphore 0x48
Semaphore \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1} 0x50
Semaphore 0x1AC
Semaphore 0x1B0
Semaphore 0x274
Semaphore 0x278
Semaphore 0x27C
Semaphore 0x280
Semaphore \BaseNamedObjects\PowerProfileRegistrySemaphore 0x2E4
Semaphore \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1} 0x374
Semaphore \BaseNamedObjects\shell.{090851A5-EB96-11D2-8BE4-00C04FA31A66} 0x38C
Semaphore \BaseNamedObjects\shell.{7CB834F0-527B-11D2-9D1F-0000F805CA57} 0x394
Semaphore \BaseNamedObjects\shell.{210A4BA0-3AEA-1069-A2D9-08002B30309D} 0x3E4
Thread procexp.exe(3596): 3600 0x80
Thread procexp.exe(3596): 3612 0x1DC
Thread procexp.exe(3596): 3616 0x1F8
Thread procexp.exe(3596): 3620 0x210
Thread procexp.exe(3596): 3624 0x214
Thread procexp.exe(3596): 3632 0x250
Thread procexp.exe(3596): 3600 0x2B8
Thread procexp.exe(3596): 3648 0x3BC
Thread procexp.exe(3596): 3648 0x3C8
Thread procexp.exe(3596): 712 0x414
Timer 0x40C
WindowStation \Windows\WindowStations\WinSta0 0x28
WindowStation \Windows\WindowStations\WinSta0 0x34
WmiGuid 0x22C
WmiGuid 0x244
WmiGuid 0x248
WmiGuid 0x25C
WmiGuid 0x44C
WmiGuid 0x450





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users