Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

mutliple virus trojans -cant go anywhere


  • This topic is locked This topic is locked
30 replies to this topic

#1 serenity_Ash

serenity_Ash

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 18 April 2010 - 05:09 PM

hello sadly i am back with a real nasty situation

laptop has SW protector displayed on it wont let me go anywhere - not even in safe mode

i did get safe mode with command prompt to work and went to regedit current user to try to find the file delete disabled manager but couldnt find the file in the path i was told to do

i cant run malwarebytes or anything right now as i dont know to get to program

also when i do the ctrl alt del thing it says task mgr disabled

when i logged into safe mode with c prompt unless it was admin i got errors of not geing able to run regedit


the cd rom is not working either -

OS is xp home sp3 i believe has been loaded on as well

any help on this would be greatly appreciated

thank you in advance

serenity

Edited by Budapest, 18 April 2010 - 05:35 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~BP


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:17 PM

Posted 22 April 2010 - 10:59 PM

Hi, serenity_Ash smile.gif

welcome.gif

If you still need some help, we can give it a try. You will need a flash drive to move information from the sick computer to a working computer. It is the only way we can see the progress of our actions. Save these instructions in your flash drive as a text file (use notepad) so you can have access to these while in an external environment (PE).

Here is what you need to do.

Two programs to download

First

Download ISOBurner. Click Here for ISOBurner Instructions. Install the program, and follow the next set of steps.

Second
  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 276.7MB in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Boot the Non working computer using the boot CD you just created.
  • In order to do so, the computer must be set to boot from the CD first
    Note : For information click here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standart Registry to All
    • Under the Custom Scan box paste this in

      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      userinit.exe
      explorer.exe
      ntoskrnl.exe
      /md5stop
      %SYSTEMDRIVE%\*.*
      %systemroot%\*. /mp /s
      %systemroot%\System32\config\*.sav
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 serenity_Ash

serenity_Ash
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 25 April 2010 - 10:59 AM

hello sorry for not being on - i got this nasty flu going around in my area - went and got a flash drive and will be doing this in a few minutes
hope it works *crosses fingers
im hoping that i can get that program onto the flash drive as the cdrom is not being recognized can you boot from a flash drive ? thats what i will try to do if i cant will be back on to ask

serenity

Edited by serenity_Ash, 25 April 2010 - 11:34 AM.


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:17 PM

Posted 25 April 2010 - 11:30 AM

thumbup2.gif

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 serenity_Ash

serenity_Ash
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 26 April 2010 - 04:27 PM

ok i am not able to get the iso file to copy over to the flash drive - how do i do this or is it possible? i have not really used .iso files

#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:17 PM

Posted 26 April 2010 - 05:25 PM

The instructions are here:

http://www.ntfs.com/iso_burner_free.htm

You must download ISOBurner and burn, not copy, the .iso file to a CD.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 serenity_Ash

serenity_Ash
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 26 April 2010 - 06:39 PM

ok so after i burn it then i can copy it to the flash drive? im sorry im normally intelligent but not getting this cause the cd-rom is not working - cant access anything but safemode with command prompt - no drives nothing - when i went into safemode without prompt - i got this big security defense thing and it wouldnt let me do anything

Edited by serenity_Ash, 26 April 2010 - 07:03 PM.


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:17 PM

Posted 26 April 2010 - 07:09 PM

Copy and paste the contents of Post Num. 2 into a Notepad document and save it in the flash drive.

Insert the flash drive in the sick computer as well as the OTLPE CD created with ISOBurner. Restart the sick computer. It should boot to the Reatogo-XP-PE environment. Then follow the instructions above to produce the report.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 serenity_Ash

serenity_Ash
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 27 April 2010 - 06:22 PM

ok her laptop must be possessed or something smile.gif was able to get it up and running - did a malwarebyte scan and a hijackthis report - but the cdrom will not even open so shes gonna have to get that taken care of

here are the 2 reports

malwarebytes

Malwarebytes' Anti-Malware 1.44
Database version: 3874
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/26/2010 9:30:45 PM
mbam-log-2010-04-26 (21-30-45).txt

Scan type: Full Scan (C:\|)
Objects scanned: 269508
Time elapsed: 42 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


---hijackthis report

Logfile of Advanced SystemCare 3 Security Analyzer
Scan saved at 7:18:10 PM, on 4/27/2010
Platform: Windows XP (WinNT 5.1)
MSIE: Internet Explorer v8.0 (8.0.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TPSBattM.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: DriveLetterAccess - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DriveLetterAccess - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Tahiti%20Hidden%20Pearls/Images/stg_drm.ocx
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://gamerival.oberon-media.com/gameshel...Web.1.0.0.8.cab
O16 - DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} (CPlayFirstNightshiftControl Object) - http://games.bigfishgames.com/en_nightshif...Web.1.0.0.9.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1143505285505
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_18) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - http://clubgames.pogo.com/online2/pogo/zen...eb.1.0.0.10.cab
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} (Java Plug-in 1.6.0_18) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_18) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Detective%20Stories%20-%20Hollywood/Images/armhelper.ocx
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamerival.oberon-media.com/Gameshel...ronGameHost.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown - C:\WINDOWS\system32\ACS.exe
O23 - Service: (Ati HotKey Poller) - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Update Service (gupdate1cab0223c07f1d0) (gupdate1cab0223c07f1d0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Swupdtmr - Unknown - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe


again thank you for being patient

#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:17 PM

Posted 27 April 2010 - 07:23 PM

That is great.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
    • Under File Scans, change File age to 30
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
    • Please post the contents of these files in your next reply.

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click GMER.exe.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)

      Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 serenity_Ash

serenity_Ash
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 05 May 2010 - 05:22 PM

sorry i havent gotten back - my cold went to pneumonia and was bedridden - but am a bit better

here are the txts you wanted


otl
OTL logfile created on: 5/5/2010 4:05:56 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Pearl\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 207.00 Mb Available Physical Memory | 46.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 18.81 Gb Free Space | 50.48% Space Free | Partition Type: NTFS
Drive D: | 7.45 Gb Total Space | 7.45 Gb Free Space | 99.98% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PETRAROAMING
Current User Name: Pearl
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/04 20:31:54 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pearl\Desktop\OTL.exe
PRC - [2010/03/29 14:54:52 | 002,343,120 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/04/28 23:08:34 | 000,675,840 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\Toshiba\E-KEY\CeEKey.exe
PRC - [2005/04/15 19:51:48 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/04/05 19:25:34 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Tvs\TvsTray.exe
PRC - [2005/03/28 16:19:34 | 000,024,576 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Accessibility\FnKeyHook.exe
PRC - [2004/12/30 03:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/12/28 19:02:46 | 000,270,336 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2004/12/28 19:02:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2004/12/22 20:50:04 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2004/11/30 00:06:26 | 000,053,248 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\Toshiba\TouchPad\TPTray.exe
PRC - [2004/09/07 17:03:20 | 001,077,301 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Touch and Launch\PadExe.exe
PRC - [2004/08/27 18:37:18 | 000,155,648 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/27 18:33:32 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2004/05/13 16:46:02 | 000,053,248 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2003/09/05 22:16:30 | 000,184,320 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe


========== Modules (SafeList) ==========

MOD - [2010/05/04 20:31:54 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pearl\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2009/12/08 16:27:51 | 000,125,952 | ---- | M] (H+BEDV Datentechnik GmbH) [Auto | Running] -- C:\WINDOWS\system32\imm32oko.dll -- (dpti3o)
SRV - [2004/12/22 20:50:04 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2004/08/27 18:33:32 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2004/05/13 16:46:02 | 000,053,248 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | System | Stopped] -- -- (vspf_hk)
DRV - File not found [Kernel | System | Stopped] -- -- (vspf)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ultra)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (TosIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc810)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_hi)
DRV - File not found [Kernel | System | Stopped] -- -- (StickyMesger)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1280)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1240)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql12160)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1080)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (mraid35x)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (IntelIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ini910u)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (i2omp)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpn)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (CmdIde)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (cd20xrnt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3550)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (amsint)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (AliIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)
DRV - [2009/12/31 12:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2009/12/08 16:27:51 | 000,032,768 | ---- | M] (SAP AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\okomoh.sys -- (afwoko)
DRV - [2009/12/04 14:22:22 | 000,455,424 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2009/10/20 12:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/06/24 07:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/04/13 20:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2008/04/13 20:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/13 20:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/13 20:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 15:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 15:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 15:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/13 15:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 15:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 15:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 15:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup)
DRV - [2008/04/13 15:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 15:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 15:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 15:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 15:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 14:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 14:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/04/13 14:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 14:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/04/13 14:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 14:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 14:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 14:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/13 14:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/13 14:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 14:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 14:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 14:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2008/04/13 14:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR)
DRV - [2008/04/13 14:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/13 14:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/13 14:45:35 | 000,017,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci)
DRV - [2008/04/13 14:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2008/04/13 14:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 14:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/13 14:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/13 14:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 14:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2008/04/13 14:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 14:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 14:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 14:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/13 14:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 14:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\disk.sys -- (Disk)
DRV - [2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2008/04/13 14:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 14:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/13 14:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 14:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 14:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/13 14:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 14:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 14:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 14:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 14:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 14:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/13 14:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 14:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr)
DRV - [2008/04/13 14:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 14:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pci.sys -- (PCI)
DRV - [2008/04/13 14:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 14:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2008/04/13 14:36:37 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmbatt.sys -- (CmBatt)
DRV - [2008/04/13 14:36:37 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\compbatt.sys -- (Compbatt)
DRV - [2008/04/13 14:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ACPI.sys -- (ACPI)
DRV - [2008/04/13 14:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 14:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/13 14:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 14:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 14:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 14:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 14:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/04/13 12:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2007/11/13 06:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/09/28 19:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/28 18:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2006/03/27 21:40:43 | 000,015,890 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/04/29 01:37:50 | 001,132,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/04/19 13:40:52 | 002,317,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/15 16:46:04 | 000,029,056 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/03/15 18:32:00 | 000,008,704 | ---- | M] (TOSHIBA ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav)
DRV - [2005/03/04 17:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/02/25 03:33:26 | 000,102,320 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/01/14 05:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2005/01/14 05:05:00 | 000,099,098 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2005/01/14 05:05:00 | 000,087,706 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2005/01/14 05:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2005/01/14 05:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2005/01/14 05:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2005/01/14 05:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2005/01/14 05:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2005/01/14 05:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/23 06:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/12/22 20:45:36 | 000,393,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/12/02 15:04:20 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/12/02 15:04:10 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/11/15 19:22:08 | 000,101,874 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/10/21 05:03:00 | 000,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/08/17 07:21:00 | 000,087,168 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/04 08:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV - [2004/08/04 08:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/08/04 08:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/08/04 08:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2004/08/04 08:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 08:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2004/08/04 08:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/04 08:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/08/04 08:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ACPIEC.sys -- (ACPIEC)
DRV - [2004/08/04 08:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/08/04 08:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/08/04 08:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2004/08/04 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004/08/04 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004/08/04 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\beep.sys -- (Beep)
DRV - [2004/08/04 08:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pciide.sys -- (PCIIde)
DRV - [2004/08/04 08:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\null.sys -- (Null)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/07/30 02:05:08 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSIOMngr.sys -- (SrvcSSIOMngr)
DRV - [2004/07/30 02:05:04 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EKIOMngr.sys -- (SrvcEKIOMngr)
DRV - [2004/07/22 12:36:16 | 000,042,240 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2plms.sys -- (ser2plms)
DRV - [2004/06/28 13:35:24 | 000,069,760 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2003/10/27 19:59:00 | 000,013,842 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2003/10/22 23:15:02 | 000,067,024 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2003/10/22 23:15:02 | 000,024,698 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2003/09/19 19:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/06/11 11:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2001/08/17 13:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2001/08/17 09:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..browser.startup.homepage: "http://www.runescape.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="


FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 09:37:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/08 15:39:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/01 14:04:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/01 14:04:58 | 000,000,000 | ---D | M]

[2008/07/02 06:37:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pearl\Application Data\Mozilla\Extensions
[2008/07/02 06:37:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pearl\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/04/27 20:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pearl\Application Data\Mozilla\Firefox\Profiles\vsbi7a43.default\extensions
[2009/09/08 19:58:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Pearl\Application Data\Mozilla\Firefox\Profiles\vsbi7a43.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/08/25 00:47:10 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Documents and Settings\Pearl\Application Data\Mozilla\Firefox\Profiles\vsbi7a43.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2008/08/25 00:47:06 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Pearl\Application Data\Mozilla\Firefox\Profiles\vsbi7a43.default\searchplugins\sweetim.xml
[2010/04/27 20:56:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/01 14:04:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/21 18:49:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/03/22 20:06:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/07/08 15:40:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/04 20:28:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/18 19:04:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/01/27 05:06:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010/05/01 14:04:37 | 000,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/05/01 14:04:37 | 000,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/12/17 18:14:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2010/05/01 14:04:46 | 000,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2010/04/03 19:43:36 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/04/23 23:52:50 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/04/23 23:52:51 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/04/23 23:52:51 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/04/23 23:52:51 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/04/23 23:52:51 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/04/23 23:52:51 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/04/23 23:52:51 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/07/02 12:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2010/05/01 14:04:49 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/05/01 14:04:49 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/08/25 09:32:38 | 000,001,340 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
[2010/05/01 14:04:49 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/05/01 14:04:49 | 000,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/05/01 14:04:49 | 000,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/05/01 14:04:49 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/05/01 14:04:49 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml
[2009/04/07 14:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober22696686.gif
[2010/02/22 16:25:20 | 000,000,202 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober22696686.src

O1 HOSTS File: ([2010/04/13 08:19:21 | 000,000,766 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 85.13.206.115 u07012010u.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\agrsmmsg.exe (Agere Systems)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\Toshiba\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TOSHIBA Accessibility] C:\Program Files\Toshiba\Accessibility\FnKeyHook.exe (TOSHIBA)
O4 - HKLM..\Run: [TPNF] C:\Program Files\Toshiba\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Tahiti%20Hidden%20Pearls/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} http://gamerival.oberon-media.com/gameshel...Web.1.0.0.8.cab (CPlayFirstmsiControl Object)
O16 - DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} http://games.bigfishgames.com/en_nightshif...Web.1.0.0.9.cab (CPlayFirstNightshiftControl Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1143505285505 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} http://clubgames.pogo.com/online2/pogo/zen...eb.1.0.0.10.cab (CPlayFirstzenerchiControl Object)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} https://disney.go.com/games/downloads/gamem...GameManager.cab (CGameManagerCtrl Object)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Detective%20Stories%20-%20Hollywood/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://gamerival.oberon-media.com/Gameshel...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 72.240.13.5 72.240.13.6
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (afFuyfKuU.dll) - C:\WINDOWS\System32\afFuyfKuU.dll (Quixotic Yawl Studio)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Pearl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Pearl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (stera) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/05/13 22:04:26 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "ose"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: ZoomingHook - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17465059307421696)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/05 15:59:56 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pearl\Desktop\OTL.exe
[2010/04/17 17:49:15 | 001,434,735 | ---- | C] (Quixotic Yawl Studio) -- C:\WINDOWS\YBNVmxpc.exe
[2010/04/17 17:49:15 | 001,434,735 | ---- | C] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\drivers\xNIDFPhC.dll
[2010/04/17 17:49:15 | 001,434,735 | ---- | C] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\XIGep.dll
[2010/04/17 17:49:15 | 001,434,735 | ---- | C] (Quixotic Yawl Studio) -- C:\WINDOWS\WTuvE.exe
[2010/04/17 17:49:15 | 001,434,735 | ---- | C] (Quixotic Yawl Studio) -- C:\WINDOWS\WHMqcW.dll
[2010/04/17 17:49:15 | 001,434,735 | ---- | C] (Quixotic Yawl Studio) -- C:\WINDOWS\utGNWE.dll
[2010/04/17 17:49:15 | 001,434,735 | ---- | C] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\drivers\UbuRlqd.dll
[2010/04/17 17:49:15 | 001,434,735 | ---- | C] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\svmFaBjXq.exe
[2010/04/17 17:49:15 | 001,434,735 | ---- | C] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\drivers\SDVrwwRUM.exe
[2010/04/17 17:49:15 | 001,434,735 | ---- | C] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\drivers\rsMXmvDD.dll
[2010/04/17 17:49:15 | 001,434,735 | ---- | C] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\rbnMG.exe
[2010/04/17 17:49:15 | 001,434,735 | ---- | C] (Quixotic Yawl Studio) -- C:\WINDOWS\qufLbycb.exe
[2010/04/17 17:49:15 | 001,434,735 | ---- | C] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\OLpdIe.dll
[2010/04/17 17:49:15 | 001,434,735 | ---- | C] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\OAoqj.dll
[2010/04/17 17:49:15 | 001,434,735 | ---- | C] (Quixotic Yawl Studio) -- C:\WINDOWS\NYvJWlpv.dll
[2010/04/17 17:49:15 | 001,434,735 | ---- | C] (Quixotic Yawl Studio) -- C:\WINDOWS\nCTHArQ.exe
[2010/04/17 17:49:15 | 001,434,735 | ---- | C] (Quixotic Yawl Studio) -- C:\WINDOWS\ncopTU.dll
[2010/04/17 17:49:15 | 001,434,735 | ---- | C] (Quixotic Yawl Studio) -- C:\WINDOWS\lJUhJcahq.dll
[2010/04/17 17:49:15 | 001,434,735 | ---- | C] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\drivers\jlyAThMY.exe
[2010/04/17 17:49:15 | 001,434,735 | ---- | C] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\INxWl.exe
[2010/04/17 17:49:15 | 001,434,735 | ---- | C] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\hxlkPVy.exe
[2010/04/17 17:49:15 | 001,434,735 | ---- | C] (Quixotic Yawl Studio) -- C:\WINDOWS\hTRUNE.dll
[2010/04/17 17:49:15 | 001,434,735 | ---- | C] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\drivers\feWGXOV.exe
[2010/04/17 17:49:15 | 001,434,735 | ---- | C] (Quixotic Yawl Studio) -- C:\WINDOWS\dTihX.exe
[2010/04/17 17:49:15 | 001,434,735 | ---- | C] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\drivers\dIART.exe
[2010/04/17 17:49:15 | 001,434,735 | ---- | C] (Quixotic Yawl Studio) -- C:\WINDOWS\cWIgPaN.dll
[2010/04/17 17:49:15 | 001,434,735 | ---- | C] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\drivers\COEbYhm.exe
[2010/04/17 17:49:15 | 001,434,735 | ---- | C] (Quixotic Yawl Studio) -- C:\WINDOWS\clXVf.dll
[2010/04/17 17:49:15 | 001,434,735 | ---- | C] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\BjiIF.dll
[2010/04/17 17:49:15 | 001,434,735 | ---- | C] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\drivers\aPkvucSF.exe
[2010/04/17 17:49:15 | 001,434,735 | ---- | C] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\ApECY.dll
[2010/04/17 17:49:15 | 001,434,735 | ---- | C] (Quixotic Yawl Studio) -- C:\WINDOWS\aiocb.exe
[2010/04/17 17:49:15 | 001,434,735 | ---- | C] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\aDbfTCF.exe
[2010/04/17 17:49:15 | 001,434,112 | ---- | C] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\afFuyfKuU.dll
[2010/04/13 08:19:40 | 000,000,000 | ---D | C] -- C:\Program Files\webserver
[2010/04/12 00:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pearl\Application Data\Alawar Entertainment
[2010/04/12 00:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alawar Entertainment
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/05 16:04:57 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\Pearl\ntuser.dat
[2010/05/05 16:04:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/05 15:59:11 | 000,001,230 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/05 15:58:53 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/05 15:58:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/05 15:58:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/05 15:58:40 | 468,242,432 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/05 15:56:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Pearl\ntuser.ini
[2010/05/05 15:56:40 | 008,541,950 | -H-- | M] () -- C:\Documents and Settings\Pearl\Local Settings\Application Data\IconCache.db
[2010/05/05 15:51:22 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Pearl\Desktop\gmer.zip
[2010/05/04 20:31:54 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pearl\Desktop\OTL.exe
[2010/04/19 18:38:11 | 000,000,012 | ---- | M] () -- C:\WINDOWS\dirsaver.ini
[2010/04/17 17:49:11 | 001,434,735 | ---- | M] (Quixotic Yawl Studio) -- C:\WINDOWS\YBNVmxpc.exe
[2010/04/17 17:49:11 | 001,434,735 | ---- | M] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\drivers\xNIDFPhC.dll
[2010/04/17 17:49:11 | 001,434,735 | ---- | M] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\XIGep.dll
[2010/04/17 17:49:11 | 001,434,735 | ---- | M] (Quixotic Yawl Studio) -- C:\WINDOWS\WTuvE.exe
[2010/04/17 17:49:11 | 001,434,735 | ---- | M] (Quixotic Yawl Studio) -- C:\WINDOWS\WHMqcW.dll
[2010/04/17 17:49:11 | 001,434,735 | ---- | M] (Quixotic Yawl Studio) -- C:\WINDOWS\utGNWE.dll
[2010/04/17 17:49:11 | 001,434,735 | ---- | M] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\drivers\UbuRlqd.dll
[2010/04/17 17:49:11 | 001,434,735 | ---- | M] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\svmFaBjXq.exe
[2010/04/17 17:49:11 | 001,434,735 | ---- | M] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\drivers\SDVrwwRUM.exe
[2010/04/17 17:49:11 | 001,434,735 | ---- | M] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\drivers\rsMXmvDD.dll
[2010/04/17 17:49:11 | 001,434,735 | ---- | M] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\rbnMG.exe
[2010/04/17 17:49:11 | 001,434,735 | ---- | M] (Quixotic Yawl Studio) -- C:\WINDOWS\qufLbycb.exe
[2010/04/17 17:49:11 | 001,434,735 | ---- | M] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\OLpdIe.dll
[2010/04/17 17:49:11 | 001,434,735 | ---- | M] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\OAoqj.dll
[2010/04/17 17:49:11 | 001,434,735 | ---- | M] (Quixotic Yawl Studio) -- C:\WINDOWS\NYvJWlpv.dll
[2010/04/17 17:49:11 | 001,434,735 | ---- | M] (Quixotic Yawl Studio) -- C:\WINDOWS\nCTHArQ.exe
[2010/04/17 17:49:11 | 001,434,735 | ---- | M] (Quixotic Yawl Studio) -- C:\WINDOWS\ncopTU.dll
[2010/04/17 17:49:11 | 001,434,735 | ---- | M] (Quixotic Yawl Studio) -- C:\WINDOWS\lJUhJcahq.dll
[2010/04/17 17:49:11 | 001,434,735 | ---- | M] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\drivers\jlyAThMY.exe
[2010/04/17 17:49:11 | 001,434,735 | ---- | M] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\INxWl.exe
[2010/04/17 17:49:11 | 001,434,735 | ---- | M] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\hxlkPVy.exe
[2010/04/17 17:49:11 | 001,434,735 | ---- | M] (Quixotic Yawl Studio) -- C:\WINDOWS\hTRUNE.dll
[2010/04/17 17:49:11 | 001,434,735 | ---- | M] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\drivers\feWGXOV.exe
[2010/04/17 17:49:11 | 001,434,735 | ---- | M] (Quixotic Yawl Studio) -- C:\WINDOWS\dTihX.exe
[2010/04/17 17:49:11 | 001,434,735 | ---- | M] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\drivers\dIART.exe
[2010/04/17 17:49:11 | 001,434,735 | ---- | M] (Quixotic Yawl Studio) -- C:\WINDOWS\cWIgPaN.dll
[2010/04/17 17:49:11 | 001,434,735 | ---- | M] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\drivers\COEbYhm.exe
[2010/04/17 17:49:11 | 001,434,735 | ---- | M] (Quixotic Yawl Studio) -- C:\WINDOWS\clXVf.dll
[2010/04/17 17:49:11 | 001,434,735 | ---- | M] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\BjiIF.dll
[2010/04/17 17:49:11 | 001,434,735 | ---- | M] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\drivers\aPkvucSF.exe
[2010/04/17 17:49:11 | 001,434,735 | ---- | M] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\ApECY.dll
[2010/04/17 17:49:11 | 001,434,735 | ---- | M] (Quixotic Yawl Studio) -- C:\WINDOWS\aiocb.exe
[2010/04/17 17:49:11 | 001,434,735 | ---- | M] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\aDbfTCF.exe
[2010/04/17 17:49:11 | 001,434,112 | ---- | M] (Quixotic Yawl Studio) -- C:\WINDOWS\System32\afFuyfKuU.dll
[2010/04/16 19:52:00 | 000,001,885 | ---- | M] () -- C:\Documents and Settings\Pearl\Desktop\Penny Dreadfuls - Sweeney Todd.lnk
[2010/04/13 08:19:21 | 000,000,766 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/11 22:06:11 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/04/10 10:09:44 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Pearl\Desktop\Treasure Seekers Visions Of Gold.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/05 15:59:49 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Pearl\Desktop\gmer.zip
[2010/04/26 20:23:51 | 468,242,432 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/16 19:51:59 | 000,001,885 | ---- | C] () -- C:\Documents and Settings\Pearl\Desktop\Penny Dreadfuls - Sweeney Todd.lnk
[2010/04/10 10:09:43 | 000,001,919 | ---- | C] () -- C:\Documents and Settings\Pearl\Desktop\Treasure Seekers Visions Of Gold.lnk
[2010/04/06 21:18:45 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2009/05/03 15:06:45 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2009/04/13 10:21:18 | 000,000,135 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009/04/13 09:08:56 | 000,000,068 | ---- | C] () -- C:\WINDOWS\gsp_wsrc.ini
[2009/03/03 10:04:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI
[2009/01/03 19:45:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\game.INI
[2007/08/01 13:46:40 | 000,001,640 | ---- | C] () -- C:\WINDOWS\yahtzee.ini
[2007/04/05 17:21:19 | 000,000,099 | ---- | C] () -- C:\WINDOWS\Ultisoft.ini
[2007/04/05 17:21:19 | 000,000,009 | ---- | C] () -- C:\WINDOWS\Collida.ini
[2007/04/05 17:21:19 | 000,000,009 | ---- | C] () -- C:\WINDOWS\Brick.ini
[2006/04/18 13:49:30 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2006/03/27 21:45:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/27 21:45:36 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/27 21:40:19 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/03/27 21:40:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/03/27 21:40:19 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/03/27 21:40:19 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/03/27 20:38:14 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2005/05/14 00:19:52 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/14 00:19:52 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/14 00:19:52 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/14 00:19:52 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/14 00:19:52 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/14 00:19:52 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/13 23:26:39 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2005/05/13 23:25:25 | 000,034,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005/05/13 23:25:25 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/05/13 23:24:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/05/13 23:20:59 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/05/13 22:27:48 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/05/13 22:11:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/13 22:01:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/05/13 21:10:10 | 000,000,347 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/05/13 21:04:55 | 000,071,279 | ---- | C] () -- C:\WINDOWS\System32\XhHykysDQ.dll
[2005/05/13 21:04:55 | 000,071,279 | ---- | C] () -- C:\WINDOWS\System32\uOihK.dll
[2005/05/13 21:04:55 | 000,071,279 | ---- | C] () -- C:\WINDOWS\System32\tUWRHgj.dll
[2005/05/13 21:04:55 | 000,071,279 | ---- | C] () -- C:\WINDOWS\tNyYcp.dll
[2005/05/13 21:04:55 | 000,071,279 | ---- | C] () -- C:\WINDOWS\PlhHx.dll
[2005/05/13 21:04:55 | 000,071,279 | ---- | C] () -- C:\WINDOWS\JqkHq.dll
[2005/05/13 21:04:55 | 000,071,279 | ---- | C] () -- C:\WINDOWS\System32\drivers\hpPhkhEj.dll
[2005/05/13 21:04:55 | 000,071,279 | ---- | C] () -- C:\WINDOWS\System32\EQrNGs.dll
[2005/05/13 21:04:55 | 000,071,279 | ---- | C] () -- C:\WINDOWS\System32\drivers\aEsvcK.dll
[2005/03/28 18:59:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll
[2005/03/28 18:44:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2005/03/25 12:59:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/03/15 13:50:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2005/02/28 18:28:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/11/05 14:07:08 | 000,057,856 | R--- | C] () -- C:\WINDOWS\System32\Dxver.dll
[1999/03/03 00:26:02 | 000,080,896 | R--- | C] () -- C:\WINDOWS\System32\GETINFO.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/03/28 19:01:10 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/04/13 09:31:01 | 000,005,630 | ---- | M] () -- C:\fb20100413.log
[2010/05/05 15:58:40 | 468,242,432 | -HS- | M] () -- C:\hiberfil.sys
[2005/05/13 22:05:05 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/05/13 22:05:05 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/03/04 13:50:14 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/05 15:58:39 | 704,643,072 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/05/13 14:56:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/05/13 14:56:00 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/05/13 14:56:00 | 000,868,352 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42CCBD47
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2032CC2B
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC6FE71D
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4009933
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:814B9485
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EAB1AD1B
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93C48025
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3930F74
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BBD1F9A
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A0A894A
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F22DA14
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26140299
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C44E62F1
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42CAFB06
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3CA18B6B
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DCF53BE
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51003EF4
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E66EE85
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:104EF12D
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C0CBD4C
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A077D87
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7CCB616
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1069F99
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD992026
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F7ECF6A
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:64FABDFB
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26EE282C
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14168AA3
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDD78BE5
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7123C4C
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92610EA3
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E341035
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE8D8202
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80A452DD
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5856B2C0
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA983230
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8A39657
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA7BE830
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E660858
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:86F2D5A9
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D305706A
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4FDEF97
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FF962C6
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7220DEE
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D4E73D7F
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B156F3F2
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A118E9A3
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E23BF4AD
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3FFFBA9
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA6C7C38
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8D8F3340
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81B52FA6
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD6B3FC3
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F854B030
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F84F494D
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A0405560
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9B06E3D
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69B9AAE7
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B7E916D
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D4B1B5B
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:06754597
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F878F14A
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51C0853C
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CD2ECCEC
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE3E263A
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ABD3B354
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B7E5A07
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FC9D9C0
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD831FA6
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F925134
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D066AD2
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CD14F7E
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D60AEC3
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25DEF972
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2085D07D
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A724744F
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AEF2555
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C819E94
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:671AABFB
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5925E400
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C1C3561E
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B9828AE
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5930D84
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9CD61266
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:46045D7C
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D7D575C
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E11E400
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B885D7E
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1BC99E01
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DEC7E19B
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:956EC010
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7D49B96B
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D1D6B2D
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:726A7C8D
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63A71C6F
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:49F896E9
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48529647
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EEA9E7B
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7124EAF
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7C89011
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8207BE2
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0F51BEA
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8E9D804
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:902B3C72
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E60033F
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CD2D817
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0207454C
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CCBF0D67
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CBB8846C
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9C7B545
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3095BD69
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:798F4CE4
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E0A3B1D
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAB275B8
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AB56A06
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91CF76E3
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52A42F4C
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:933FD10F
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:860D9052
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A51C9924
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97692F61
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9A9573A
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F55478C5
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8437DC46
< End of report >


extras
OTL Extras logfile created on: 5/5/2010 4:05:56 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Pearl\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 207.00 Mb Available Physical Memory | 46.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 18.81 Gb Free Space | 50.48% Space Free | Partition Type: NTFS
Drive D: | 7.45 Gb Total Space | 7.45 Gb Free Space | 99.98% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PETRAROAMING
Current User Name: Pearl
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"UacDisableNotify" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Svc]
"AntiVirusDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Svc\Svc]
"FirewallDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Svc\Svc\Svc]
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Svc\Svc\Svc\Svc]
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Svc\Svc\Svc\Svc\Svc]
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"8085:TCP" = 8085:TCP:*:Enabled:Berezovsky
"926:TCP" = 926:TCP:*:Enabled:webserver
"53:TCP" = 53:TCP:*:Enabled:webserver

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{02EED746-8C5A-43C8-BB3D-D29C8B363A4D}" = TOSHIBA Zooming Utility
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 18
"{29B2BDE5-3585-11D5-888A-005004D128A9}" = Activision Value Casino
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{428102E6-8A39-48B9-8389-847F5A44A600}" = MSXML 4.0
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{54BB0384-1C33-488F-A95B-877E480D3EDC}" = MSXML 4.0
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{67E4EE98-59F4-4210-89A6-A20AF5BEC689}" = Microsoft Streets and Trips 2005 with USB GPS
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}" = Atheros Client Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113644907}" = Gold Miner Vegas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117897550}" = 1912 Titanic Mystery
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11797443}" = Insider Tales Casanova
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118076927}" = National Geographic Traveler Italy
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118179400}" = Mystery Case Files Return to Ravenhearst
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118206773}" = 1001 Nights The Adventures of Sindbad
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118232510}" = Gotcha Celebrity Secrets
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118269867}" = Treasure Seekers Visions Of Gold
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118274990}" = Nora Roberts - Vision In White
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118291513}" = Shutter Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118295220}" = Born into Darkness
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118437157}" = Joan Jade And The Gates Of Xibalba
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118495940}" = Annies Millions
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118503620}" = Mindís Eye The Secrets Of Forgotten
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118534117}" = Penny Dreadfuls - Sweeney Todd
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}" = Roxio Burn Engine
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A38D57D1-5F29-4691-B3DD-FE4B3A7B3AFE}" = TOSHIBA Power Saver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{BA561482-C49D-4687-A61C-96236C1688F0}" = ArcSoft Software Suite
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ED6772B0-393B-428D-BBCF-5E77A0ECFCF5}" = 48johnsonscreensaver
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"All ATI Software" = ATI - Software Uninstall Utility
"America Online us" = America Online (Choose which version to remove)
"AOL Spyware Protection" = AOL Spyware Protection
"ATI Display Driver" = ATI Display Driver
"CleanUp!" = CleanUp!
"Fn-esse" = TOSHIBA Fn-esse
"HijackThis" = HijackThis 1.99.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{02EED746-8C5A-43C8-BB3D-D29C8B363A4D}" = TOSHIBA Zooming Utility
"InstallShield_{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"InstallShield_{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"InstallShield_{A38D57D1-5F29-4691-B3DD-FE4B3A7B3AFE}" = TOSHIBA Power Saver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.3)" = Mozilla Firefox (3.0.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notebook_Maximizer" = Notebook Maximizer
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"sat_screensaver_30mb.scr" = sat_screensaver_30mb
"Slingo" = Slingo
"Smart Defrag_is1" = Smart Defrag
"Solitaire Master 3" = Solitaire Master 3
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"Web Games Player Plugin" = Web Games Player Plugin
"WGA" = Windows Genuine Advantage Validation Tool
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahtzeev1" = Yahtzee

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/17/2010 1:05:55 PM | Computer Name = PETRAROAMING | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18854, fault address 0x000d6a3b.

Error - 1/23/2010 9:39:34 PM | Computer Name = PETRAROAMING | Source = ESENT | ID = 452
Description = wlcomm (3424) C:\Documents and Settings\Pearl\Local Settings\Application
Data\Microsoft\Windows Live Contacts\{b76353d1-07b0-4614-8cd5-762cd805b0be}\: Database
C:\Documents and Settings\Pearl\Local Settings\Application Data\Microsoft\Windows
Live Contacts\{b76353d1-07b0-4614-8cd5-762cd805b0be}\DBStore\contacts.edb requires
logfiles 17-18 in order to recover successfully. Recovery could only locate logfiles
starting at 18.

Error - 1/23/2010 9:39:34 PM | Computer Name = PETRAROAMING | Source = ESENT | ID = 454
Description = wlcomm (3424) Database recovery/restore failed with unexpected error
-543.

Error - 1/27/2010 4:34:40 AM | Computer Name = PETRAROAMING | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18876, fault address 0x000d676b.

Error - 1/28/2010 1:12:12 PM | Computer Name = PETRAROAMING | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18876, fault address 0x000d676b.

Error - 1/31/2010 7:08:27 PM | Computer Name = PETRAROAMING | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18876, fault address 0x000d676b.

Error - 2/2/2010 2:49:21 PM | Computer Name = PETRAROAMING | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18876, fault address 0x000d676b.

Error - 2/3/2010 4:34:16 PM | Computer Name = PETRAROAMING | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18876, fault address 0x000d676b.

Error - 2/7/2010 11:58:55 PM | Computer Name = PETRAROAMING | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module jvm.dll, version 16.0.0.13, fault address 0x000c7cf2.

Error - 2/12/2010 12:29:25 AM | Computer Name = PETRAROAMING | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module jvm.dll, version 16.0.0.13, fault address 0x000c7cf2.

[ System Events ]
Error - 4/19/2010 10:28:28 AM | Computer Name = PETRAROAMING | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 4/19/2010 10:28:28 AM | Computer Name = PETRAROAMING | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD afwoko Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SrvcEKIOMngr SrvcSSIOMngr
Tcpip
TPwSav
vspf
vspf_hk

Error - 4/19/2010 6:38:57 PM | Computer Name = PETRAROAMING | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/26/2010 8:24:09 PM | Computer Name = PETRAROAMING | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
vspf vspf_hk

Error - 4/26/2010 8:24:58 PM | Computer Name = PETRAROAMING | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 4/28/2010 8:24:59 PM | Computer Name = PETRAROAMING | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 4/30/2010 8:25:00 PM | Computer Name = PETRAROAMING | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 5/2/2010 8:25:01 PM | Computer Name = PETRAROAMING | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 5/4/2010 8:25:02 PM | Computer Name = PETRAROAMING | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 5/5/2010 3:58:55 PM | Computer Name = PETRAROAMING | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
vspf vspf_hk


< End of report >

ark.txt
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-05 18:18:10
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Pearl\LOCALS~1\Temp\uxlyrpog.sys


---- Devices - GMER 1.0.15 ----

Device \FileSystem\Udfs \UdfsCdRom tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

AttachedDevice \Driver\Tcpip \Device\Ip okomoh.sys (Service Driver Shield Handler Options Agnitum Monitor/SAP AG)
AttachedDevice \Driver\Tcpip \Device\Tcp okomoh.sys (Service Driver Shield Handler Options Agnitum Monitor/SAP AG)
AttachedDevice \Driver\Tcpip \Device\Udp okomoh.sys (Service Driver Shield Handler Options Agnitum Monitor/SAP AG)
AttachedDevice \Driver\Tcpip \Device\RawIp okomoh.sys (Service Driver Shield Handler Options Agnitum Monitor/SAP AG)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Game Rival\Mind\x2019s Eye The Secrets Of Forgotten\Uninstall.exe 1

---- EOF - GMER 1.0.15 ----





#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:17 PM

Posted 05 May 2010 - 06:52 PM

  • Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    QUOTE
    :OTL
    SRV - [2009/12/08 16:27:51 | 000,125,952 | ---- | M] (H+BEDV Datentechnik GmbH) [Auto | Running] -- C:\WINDOWS\system32\imm32oko.dll -- (dpti3o)
    DRV - [2009/12/08 16:27:51 | 000,032,768 | ---- | M] (SAP AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\okomoh.sys -- (afwoko)
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
    O20 - AppInit_DLLs: (afFuyfKuU.dll) - C:\WINDOWS\System32\afFuyfKuU.dll (Quixotic Yawl Studio)
    @Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42CCBD47
    @Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2032CC2B
    @Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC6FE71D
    @Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4009933
    @Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:814B9485
    @Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EAB1AD1B
    @Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93C48025
    @Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3930F74
    @Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BBD1F9A
    @Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A0A894A
    @Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F22DA14
    @Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26140299
    @Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C44E62F1
    @Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42CAFB06
    @Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3CA18B6B
    @Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DCF53BE
    @Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51003EF4
    @Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E66EE85
    @Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:104EF12D
    @Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C0CBD4C
    @Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A077D87
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7CCB616
    @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1069F99
    @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD992026
    @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F7ECF6A
    @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:64FABDFB
    @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26EE282C
    @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14168AA3
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDD78BE5
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7123C4C
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92610EA3
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E341035
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE8D8202
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80A452DD
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5856B2C0
    @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA983230
    @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8A39657
    @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA7BE830
    @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E660858
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:86F2D5A9
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D305706A
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4FDEF97
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FF962C6
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7220DEE
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D4E73D7F
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B156F3F2
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A118E9A3
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E23BF4AD
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3FFFBA9
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA6C7C38
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8D8F3340
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81B52FA6
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD6B3FC3
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F854B030
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F84F494D
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A0405560
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9B06E3D
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69B9AAE7
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B7E916D
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D4B1B5B
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:06754597
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F878F14A
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51C0853C
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CD2ECCEC
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE3E263A
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ABD3B354
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B7E5A07
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FC9D9C0
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD831FA6
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F925134
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D066AD2
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CD14F7E
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D60AEC3
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25DEF972
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2085D07D
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A724744F
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AEF2555
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C819E94
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:671AABFB
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5925E400
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C1C3561E
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B9828AE
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5930D84
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9CD61266
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:46045D7C
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D7D575C
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E11E400
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B885D7E
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1BC99E01
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DEC7E19B
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:956EC010
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7D49B96B
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D1D6B2D
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:726A7C8D
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63A71C6F
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:49F896E9
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48529647
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EEA9E7B
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7124EAF
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7C89011
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8207BE2
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0F51BEA
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8E9D804
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:902B3C72
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E60033F
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CD2D817
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0207454C
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CCBF0D67
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CBB8846C
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9C7B545
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3095BD69
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:798F4CE4
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E0A3B1D
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAB275B8
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AB56A06
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91CF76E3
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52A42F4C
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:933FD10F
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:860D9052
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A51C9924
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97692F61
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9A9573A
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F55478C5
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8437DC46

    :files
    C:\WINDOWS\YBNVmxpc.exe
    C:\WINDOWS\System32\drivers\xNIDFPhC.dll
    C:\WINDOWS\System32\XIGep.dll
    C:\WINDOWS\WTuvE.exe
    C:\WINDOWS\WHMqcW.dll
    C:\WINDOWS\utGNWE.dll
    C:\WINDOWS\System32\drivers\UbuRlqd.dll
    C:\WINDOWS\System32\svmFaBjXq.exe
    C:\WINDOWS\System32\drivers\SDVrwwRUM.exe
    C:\WINDOWS\System32\drivers\rsMXmvDD.dll
    C:\WINDOWS\System32\rbnMG.exe
    C:\WINDOWS\qufLbycb.exe
    C:\WINDOWS\System32\OLpdIe.dll
    C:\WINDOWS\System32\OAoqj.dll
    C:\WINDOWS\NYvJWlpv.dll
    C:\WINDOWS\nCTHArQ.exe
    C:\WINDOWS\ncopTU.dll
    C:\WINDOWS\lJUhJcahq.dll
    C:\WINDOWS\System32\drivers\jlyAThMY.exe
    C:\WINDOWS\System32\INxWl.exe
    C:\WINDOWS\System32\hxlkPVy.exe
    C:\WINDOWS\hTRUNE.dll
    C:\WINDOWS\System32\drivers\feWGXOV.exe
    C:\WINDOWS\dTihX.exe
    C:\WINDOWS\System32\drivers\dIART.exe
    C:\WINDOWS\cWIgPaN.dll
    C:\WINDOWS\System32\drivers\COEbYhm.exe
    C:\WINDOWS\clXVf.dll
    C:\WINDOWS\System32\BjiIF.dll
    C:\WINDOWS\System32\drivers\aPkvucSF.exe
    C:\WINDOWS\System32\ApECY.dll
    C:\WINDOWS\aiocb.exe
    C:\WINDOWS\System32\aDbfTCF.exe
    C:\WINDOWS\System32\afFuyfKuU.dll
    C:\WINDOWS\System32\XhHykysDQ.dll
    C:\WINDOWS\System32\uOihK.dll
    C:\WINDOWS\System32\tUWRHgj.dll
    C:\WINDOWS\tNyYcp.dll
    C:\WINDOWS\PlhHx.dll
    C:\WINDOWS\JqkHq.dll
    C:\WINDOWS\System32\drivers\hpPhkhEj.dll
    C:\WINDOWS\System32\EQrNGs.dll
    C:\WINDOWS\System32\drivers\aEsvcK.dll

    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Svc]

    :Commands
    [EMPTYTEMP]
    [RESETHOSTS]
    [REBOOT]

  • Return to OTL, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • The computer will restart
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder. Open that report and post its contents in a reply.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    -----------------------------------------------------------
  4. Double click on combofix.exe & follow the prompts.
  5. Install the Recovery Console if prompted.
  6. When finished, it will produce a report for you.
  7. Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 serenity_Ash

serenity_Ash
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 06 May 2010 - 12:40 AM

otl fixed

All processes killed
========== OTL ==========
Error: Unable to stop service dpti3o!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dpti3o deleted successfully.
C:\WINDOWS\system32\imm32oko.dll moved successfully.
Error: Unable to stop service afwoko!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\afwoko deleted successfully.
C:\WINDOWS\system32\drivers\okomoh.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:afFuyfKuU.dll deleted successfully.
C:\WINDOWS\system32\afFuyfKuU.dll moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:42CCBD47 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2032CC2B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BC6FE71D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A4009933 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:814B9485 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EAB1AD1B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:93C48025 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D3930F74 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8BBD1F9A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7A0A894A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3F22DA14 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:26140299 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C44E62F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:42CAFB06 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3CA18B6B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8DCF53BE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:51003EF4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1E66EE85 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:104EF12D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7C0CBD4C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4A077D87 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D7CCB616 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E1069F99 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AD992026 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8F7ECF6A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:64FABDFB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:26EE282C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:14168AA3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FDD78BE5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E7123C4C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:92610EA3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0E341035 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AE8D8202 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:80A452DD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5856B2C0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EA983230 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E8A39657 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AA7BE830 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0E660858 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:86F2D5A9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D305706A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B4FDEF97 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8FF962C6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E7220DEE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D4E73D7F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B156F3F2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A118E9A3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E23BF4AD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D3FFFBA9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AA6C7C38 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8D8F3340 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:81B52FA6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FD6B3FC3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F854B030 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F84F494D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A0405560 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D9B06E3D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:69B9AAE7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1B7E916D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0D4B1B5B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:06754597 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F878F14A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:51C0853C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CD2ECCEC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BE3E263A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:ABD3B354 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7B7E5A07 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2FC9D9C0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DD831FA6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8F925134 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4D066AD2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2CD14F7E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1D60AEC3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:25DEF972 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2085D07D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A724744F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8AEF2555 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7C819E94 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:671AABFB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5925E400 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C1C3561E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6B9828AE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A5930D84 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9CD61266 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:46045D7C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2D7D575C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0E11E400 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2B885D7E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1BC99E01 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DEC7E19B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:956EC010 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7D49B96B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4D1D6B2D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:726A7C8D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:63A71C6F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:49F896E9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:48529647 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2EEA9E7B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F7124EAF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E7C89011 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D8207BE2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D0F51BEA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C8E9D804 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:902B3C72 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8E60033F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4CD2D817 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0207454C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CCBF0D67 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CBB8846C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A9C7B545 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3095BD69 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:798F4CE4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2E0A3B1D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FAB275B8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9AB56A06 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:91CF76E3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:52A42F4C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:933FD10F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:860D9052 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A51C9924 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:97692F61 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F9A9573A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F55478C5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8437DC46 deleted successfully.
========== FILES ==========
C:\WINDOWS\YBNVmxpc.exe moved successfully.
C:\WINDOWS\System32\drivers\xNIDFPhC.dll moved successfully.
C:\WINDOWS\System32\XIGep.dll moved successfully.
C:\WINDOWS\WTuvE.exe moved successfully.
C:\WINDOWS\WHMqcW.dll moved successfully.
C:\WINDOWS\utGNWE.dll moved successfully.
C:\WINDOWS\System32\drivers\UbuRlqd.dll moved successfully.
C:\WINDOWS\System32\svmFaBjXq.exe moved successfully.
C:\WINDOWS\System32\drivers\SDVrwwRUM.exe moved successfully.
C:\WINDOWS\System32\drivers\rsMXmvDD.dll moved successfully.
C:\WINDOWS\System32\rbnMG.exe moved successfully.
C:\WINDOWS\qufLbycb.exe moved successfully.
C:\WINDOWS\System32\OLpdIe.dll moved successfully.
C:\WINDOWS\System32\OAoqj.dll moved successfully.
C:\WINDOWS\NYvJWlpv.dll moved successfully.
C:\WINDOWS\nCTHArQ.exe moved successfully.
C:\WINDOWS\ncopTU.dll moved successfully.
C:\WINDOWS\lJUhJcahq.dll moved successfully.
C:\WINDOWS\System32\drivers\jlyAThMY.exe moved successfully.
C:\WINDOWS\System32\INxWl.exe moved successfully.
C:\WINDOWS\System32\hxlkPVy.exe moved successfully.
C:\WINDOWS\hTRUNE.dll moved successfully.
C:\WINDOWS\System32\drivers\feWGXOV.exe moved successfully.
C:\WINDOWS\dTihX.exe moved successfully.
C:\WINDOWS\System32\drivers\dIART.exe moved successfully.
C:\WINDOWS\cWIgPaN.dll moved successfully.
C:\WINDOWS\System32\drivers\COEbYhm.exe moved successfully.
C:\WINDOWS\clXVf.dll moved successfully.
C:\WINDOWS\System32\BjiIF.dll moved successfully.
C:\WINDOWS\System32\drivers\aPkvucSF.exe moved successfully.
C:\WINDOWS\System32\ApECY.dll moved successfully.
C:\WINDOWS\aiocb.exe moved successfully.
C:\WINDOWS\System32\aDbfTCF.exe moved successfully.
File\Folder C:\WINDOWS\System32\afFuyfKuU.dll not found.
C:\WINDOWS\System32\XhHykysDQ.dll moved successfully.
C:\WINDOWS\System32\uOihK.dll moved successfully.
C:\WINDOWS\System32\tUWRHgj.dll moved successfully.
C:\WINDOWS\tNyYcp.dll moved successfully.
C:\WINDOWS\PlhHx.dll moved successfully.
C:\WINDOWS\JqkHq.dll moved successfully.
C:\WINDOWS\System32\drivers\hpPhkhEj.dll moved successfully.
C:\WINDOWS\System32\EQrNGs.dll moved successfully.
C:\WINDOWS\System32\drivers\aEsvcK.dll moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Svc\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 469 bytes
->Flash cache emptied: 300 bytes

User: Administrator.PETRAROAMING
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 469 bytes
->Flash cache emptied: 300 bytes

User: Administrator.PETRAROAMING.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 469 bytes
->Flash cache emptied: 300 bytes

User: Administrator.PETRAROAMING.001
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 469 bytes
->Flash cache emptied: 300 bytes

User: Administrator.PETRAROAMING.002
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 469 bytes
->Flash cache emptied: 300 bytes

User: Administrator.PETRAROAMING.003
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 469 bytes
->Flash cache emptied: 300 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 469 bytes
->Flash cache emptied: 300 bytes

User: LocalService
->Temp folder emptied: 547 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: NetworkService
->Temp folder emptied: 66083 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: Pearl
->Temp folder emptied: 9250 bytes
->Temporary Internet Files folder emptied: 59861 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54776702 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23940418 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 8600 bytes

Total Files Cleaned = 75.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error: Unable to interpret <[REBOOT]:OTL> in the current context!
Error: Unable to interpret <SRV - [2009/12/08 16:27:51 | 000,125,952 | ---- | M] (H+BEDV Datentechnik GmbH) [Auto | Running] -- C:\WINDOWS\system32\imm32oko.dll -- (dpti3o)> in the current context!
Error: Unable to interpret <DRV - [2009/12/08 16:27:51 | 000,032,768 | ---- | M] (SAP AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\okomoh.sys -- (afwoko)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.> in the current context!
Error: Unable to interpret <O20 - AppInit_DLLs: (afFuyfKuU.dll) - C:\WINDOWS\System32\afFuyfKuU.dll (Quixotic Yawl Studio)> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42CCBD47> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2032CC2B> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC6FE71D> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4009933> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:814B9485> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EAB1AD1B> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93C48025> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3930F74> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BBD1F9A> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A0A894A> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F22DA14> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26140299> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C44E62F1> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42CAFB06> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3CA18B6B> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DCF53BE> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51003EF4> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E66EE85> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:104EF12D> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C0CBD4C> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A077D87> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7CCB616> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1069F99> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD992026> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F7ECF6A> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:64FABDFB> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26EE282C> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14168AA3> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDD78BE5> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7123C4C> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92610EA3> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E341035> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE8D8202> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80A452DD> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5856B2C0> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA983230> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8A39657> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA7BE830> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E660858> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:86F2D5A9> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D305706A> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4FDEF97> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FF962C6> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7220DEE> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D4E73D7F> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B156F3F2> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A118E9A3> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E23BF4AD> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3FFFBA9> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA6C7C38> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8D8F3340> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81B52FA6> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD6B3FC3> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F854B030> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F84F494D> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A0405560> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9B06E3D> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69B9AAE7> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B7E916D> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D4B1B5B> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:06754597> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F878F14A> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51C0853C> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CD2ECCEC> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE3E263A> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ABD3B354> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B7E5A07> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FC9D9C0> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD831FA6> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F925134> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D066AD2> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CD14F7E> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D60AEC3> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25DEF972> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2085D07D> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A724744F> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AEF2555> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C819E94> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:671AABFB> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5925E400> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C1C3561E> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B9828AE> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5930D84> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9CD61266> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:46045D7C> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D7D575C> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E11E400> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B885D7E> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1BC99E01> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DEC7E19B> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:956EC010> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7D49B96B> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D1D6B2D> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:726A7C8D> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63A71C6F> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:49F896E9> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48529647> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EEA9E7B> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7124EAF> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7C89011> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8207BE2> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0F51BEA> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8E9D804> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:902B3C72> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E60033F> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CD2D817> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0207454C> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CCBF0D67> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CBB8846C> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9C7B545> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3095BD69> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:798F4CE4> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E0A3B1D> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAB275B8> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AB56A06> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91CF76E3> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52A42F4C> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:933FD10F> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:860D9052> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A51C9924> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97692F61> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9A9573A> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F55478C5> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8437DC46> in the current context!
========== FILES ==========
File\Folder C:\WINDOWS\YBNVmxpc.exe not found.
File\Folder C:\WINDOWS\System32\drivers\xNIDFPhC.dll not found.
File\Folder C:\WINDOWS\System32\XIGep.dll not found.
File\Folder C:\WINDOWS\WTuvE.exe not found.
File\Folder C:\WINDOWS\WHMqcW.dll not found.
File\Folder C:\WINDOWS\utGNWE.dll not found.
File\Folder C:\WINDOWS\System32\drivers\UbuRlqd.dll not found.
File\Folder C:\WINDOWS\System32\svmFaBjXq.exe not found.
File\Folder C:\WINDOWS\System32\drivers\SDVrwwRUM.exe not found.
File\Folder C:\WINDOWS\System32\drivers\rsMXmvDD.dll not found.
File\Folder C:\WINDOWS\System32\rbnMG.exe not found.
File\Folder C:\WINDOWS\qufLbycb.exe not found.
File\Folder C:\WINDOWS\System32\OLpdIe.dll not found.
File\Folder C:\WINDOWS\System32\OAoqj.dll not found.
File\Folder C:\WINDOWS\NYvJWlpv.dll not found.
File\Folder C:\WINDOWS\nCTHArQ.exe not found.
File\Folder C:\WINDOWS\ncopTU.dll not found.
File\Folder C:\WINDOWS\lJUhJcahq.dll not found.
File\Folder C:\WINDOWS\System32\drivers\jlyAThMY.exe not found.
File\Folder C:\WINDOWS\System32\INxWl.exe not found.
File\Folder C:\WINDOWS\System32\hxlkPVy.exe not found.
File\Folder C:\WINDOWS\hTRUNE.dll not found.
File\Folder C:\WINDOWS\System32\drivers\feWGXOV.exe not found.
File\Folder C:\WINDOWS\dTihX.exe not found.
File\Folder C:\WINDOWS\System32\drivers\dIART.exe not found.
File\Folder C:\WINDOWS\cWIgPaN.dll not found.
File\Folder C:\WINDOWS\System32\drivers\COEbYhm.exe not found.
File\Folder C:\WINDOWS\clXVf.dll not found.
File\Folder C:\WINDOWS\System32\BjiIF.dll not found.
File\Folder C:\WINDOWS\System32\drivers\aPkvucSF.exe not found.
File\Folder C:\WINDOWS\System32\ApECY.dll not found.
File\Folder C:\WINDOWS\aiocb.exe not found.
File\Folder C:\WINDOWS\System32\aDbfTCF.exe not found.
File\Folder C:\WINDOWS\System32\afFuyfKuU.dll not found.
File\Folder C:\WINDOWS\System32\XhHykysDQ.dll not found.
File\Folder C:\WINDOWS\System32\uOihK.dll not found.
File\Folder C:\WINDOWS\System32\tUWRHgj.dll not found.
File\Folder C:\WINDOWS\tNyYcp.dll not found.
File\Folder C:\WINDOWS\PlhHx.dll not found.
File\Folder C:\WINDOWS\JqkHq.dll not found.
File\Folder C:\WINDOWS\System32\drivers\hpPhkhEj.dll not found.
File\Folder C:\WINDOWS\System32\EQrNGs.dll not found.
File\Folder C:\WINDOWS\System32\drivers\aEsvcK.dll not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Svc\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator.PETRAROAMING
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator.PETRAROAMING.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator.PETRAROAMING.001
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator.PETRAROAMING.002
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator.PETRAROAMING.003
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: Pearl
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.4.1 log created on 05062010_001524

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


============

combofix file

ComboFix 10-05-05.04 - Pearl 05/06/2010 0:31.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.200 [GMT -4:00]
Running from: c:\documents and settings\Pearl\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\companion wizard
c:\program files\Common Files\Companion Wizard\compwiz.exe
c:\program files\Common Files\Companion Wizard\WapCHK.dll
c:\program files\Common Files\Companion Wizard\WaPChk{ee91389f-e616-4cd9-b3d6-328cf0be056b}.dll
c:\program files\webserver
c:\recycler\S-1-5-21-1390067357-842925246-1343024091-1003
c:\recycler\S-1-5-21-2139898565-21905198-2536133903-1003
c:\windows\Aadras.exe
c:\windows\acnevxe.exe
c:\windows\aCyDp.dll
c:\windows\adXgh.dll
c:\windows\afunoa.dll
c:\windows\alHreUNvR.exe
c:\windows\aRtvQp.exe
c:\windows\ArUIaawDq.dll
c:\windows\atSjHlUR.dll
c:\windows\aVpipS.exe
c:\windows\AWpTSGkxT.dll
c:\windows\BCCxLG.dll
c:\windows\BclXfOH.dll
c:\windows\BdkOVIkg.exe
c:\windows\BePjjNw.exe
c:\windows\BIpSnyT.dll
c:\windows\BjVjVaay.dll
c:\windows\bjyfPi.exe
c:\windows\BpvhLLm.exe
c:\windows\brJGpiv.dll
c:\windows\bRtNA.exe
c:\windows\BuNbmLqnX.exe
c:\windows\cBWerUdp.exe
c:\windows\Cdcxj.exe
c:\windows\cgQVYBqjI.exe
c:\windows\ChgaQBq.exe
c:\windows\CKFGWDlT.exe
c:\windows\crcuaOhVE.dll
c:\windows\cRgFciT.exe
c:\windows\DaCtefur.exe
c:\windows\dDVfMGe.dll
c:\windows\DFqtrpqdg.exe
c:\windows\dGHDfl.exe
c:\windows\DJAfibif.dll
c:\windows\dLCIqwlE.dll
c:\windows\dxLCahOL.exe
c:\windows\DypCqbr.dll
c:\windows\EaJFmiNHN.dll
c:\windows\EePdyI.dll
c:\windows\EgedfxulL.dll
c:\windows\EIuUyYxwi.exe
c:\windows\elMmXiR.dll
c:\windows\EmrxiM.dll
c:\windows\ePiIn.dll
c:\windows\eQXqYKf.dll
c:\windows\EWpdkg.dll
c:\windows\EyLsMJo.dll
c:\windows\Eyowt.dll
c:\windows\FflaGFe.dll
c:\windows\fgmAnXTAs.exe
c:\windows\fLNFcAtld.dll
c:\windows\FlRqsUGh.exe
c:\windows\FOHfHQsEh.exe
c:\windows\gjEWo.dll
c:\windows\gmHXrjDOD.dll
c:\windows\gNbomOw.exe
c:\windows\GnRkLfNR.exe
c:\windows\GwtdHYssw.dll
c:\windows\hEttvALm.exe
c:\windows\hkSvn.dll
c:\windows\hmgImkwGI.dll
c:\windows\hPEIKr.dll
c:\windows\hQKdsTuMW.exe
c:\windows\HTflBiTS.exe
c:\windows\hYrwl.dll
c:\windows\iAvolTur.dll
c:\windows\iKaKB.exe
c:\windows\ikMSXY.exe
c:\windows\ILJwoIBy.exe
c:\windows\iNhpWQBDK.dll
c:\windows\IPfCq.dll
c:\windows\IspqJX.exe
c:\windows\IsRelAUdH.exe
c:\windows\iyphUDrxE.dll
c:\windows\jArFPS.exe
c:\windows\JcnYflE.dll
c:\windows\JCUpTAHA.dll
c:\windows\jkicwAoa.dll
c:\windows\JQMeyJ.dll
c:\windows\jRtORb.dll
c:\windows\jSPtXiiS.dll
c:\windows\jujssG.exe
c:\windows\JvWITUn.exe
c:\windows\kFqhaPxGS.dll
c:\windows\KGFbaa.exe
c:\windows\KnrJmwY.exe
c:\windows\kOdpwxUhe.dll
c:\windows\KPYNW.dll
c:\windows\KrHpxaxMp.dll
c:\windows\KrmYANBtG.dll
c:\windows\KyeBnVNU.dll
c:\windows\LDyUTRcrv.dll
c:\windows\lGJNToJ.exe
c:\windows\ljLnJ.exe
c:\windows\LlmHCTFpq.exe
c:\windows\LoLQX.exe
c:\windows\lWnghW.exe
c:\windows\mIxhtWxRT.exe
c:\windows\mkgDQ.dll
c:\windows\MlCqTd.dll
c:\windows\MNkOCSUSH.dll
c:\windows\mPGCrV.dll
c:\windows\MQSXIwd.dll
c:\windows\MtdNEg.dll
c:\windows\muCqhKx.dll
c:\windows\NckyPHvxo.exe
c:\windows\nCsowNghp.dll
c:\windows\NfVidCAPG.dll
c:\windows\ngicTIqvo.dll
c:\windows\NgiTEc.exe
c:\windows\nNsgi.exe
c:\windows\nwGqqoX.exe
c:\windows\oeABoD.dll
c:\windows\OeWcsiNV.exe
c:\windows\oFXdTqjq.exe
c:\windows\OfxhtVVSq.exe
c:\windows\OghIuDRa.exe
c:\windows\OIMAO.exe
c:\windows\oLfRun.exe
c:\windows\OnSVmpPF.exe
c:\windows\OPCfePMMo.dll
c:\windows\oPOPJY.exe
c:\windows\oXppAYJ.exe
c:\windows\OYmsTppO.exe
c:\windows\PGkPgi.exe
c:\windows\pkvwPCcw.dll
c:\windows\PMIBpUiMl.exe
c:\windows\POdkk.exe
c:\windows\PpFiuH.dll
c:\windows\pvXbrk.exe
c:\windows\QCAJRH.dll
c:\windows\QJuBd.dll
c:\windows\QKveBipB.exe
c:\windows\QQcaan.dll
c:\windows\qQlLQQWeH.exe
c:\windows\QwIkGOS.exe
c:\windows\rBhtf.exe
c:\windows\rbSWGPGca.exe
c:\windows\riHQPv.dll
c:\windows\RLaxt.dll
c:\windows\RSRluappA.exe
c:\windows\rtCAIDG.dll
c:\windows\rYhMFNJt.exe
c:\windows\sBbBqD.exe
c:\windows\sFHGMKp.exe
c:\windows\sFoRRv.exe
c:\windows\shlYwswDU.exe
c:\windows\sKGPqeqY.dll
c:\windows\SLHJxOH.exe
c:\windows\SMTCsDio.dll
c:\windows\snRKPB.dll
c:\windows\SPMjJDvM.dll
c:\windows\SRMRyPh.exe
c:\windows\sTbxm.dll
c:\windows\SWDqC.exe
c:\windows\SWyNJR.exe
c:\windows\system32\abwQPHR.dll
c:\windows\system32\ACtygYcXu.dll
c:\windows\system32\AcuoJOg.exe
c:\windows\system32\adAEny.exe
c:\windows\system32\aFxqCqM.exe
c:\windows\system32\AiFaW.exe
c:\windows\system32\AJLBH.dll
c:\windows\system32\aqpuask.dll
c:\windows\system32\aRsloHR.exe
c:\windows\system32\audkrw.dll
c:\windows\system32\aUDToUa.dll
c:\windows\system32\BbjThyrn.dll
c:\windows\system32\bEtMDMF.dll
c:\windows\system32\bINAItVv.exe
c:\windows\system32\BkwhGBJv.dll
c:\windows\system32\BPNgkCJS.exe
c:\windows\system32\bqWEhhuO.exe
c:\windows\system32\cBdwR.dll
c:\windows\system32\Cfepn.dll
c:\windows\system32\cLovY.dll
c:\windows\system32\cQRQK.exe
c:\windows\system32\crEqP.dll
c:\windows\system32\cSMMjAhJ.exe
c:\windows\system32\cvmLUJP.dll
c:\windows\system32\CXmgKIG.exe
c:\windows\system32\cYwFvOF.dll
c:\windows\system32\drivers\AgChTTVn.dll
c:\windows\system32\drivers\aJJiLtX.exe
c:\windows\system32\drivers\apjtp.dll
c:\windows\system32\drivers\aYIjMq.dll
c:\windows\system32\drivers\BcNbwlgt.dll
c:\windows\system32\drivers\bdQJWRio.exe
c:\windows\system32\drivers\bdqYXlWU.dll
c:\windows\system32\drivers\BDury.dll
c:\windows\system32\drivers\bifFPI.dll
c:\windows\system32\drivers\bkmTGOAr.exe
c:\windows\system32\drivers\bMVjGGSw.dll
c:\windows\system32\drivers\BPakl.dll
c:\windows\system32\drivers\buBRJPpPt.exe
c:\windows\system32\drivers\bwexYe.dll
c:\windows\system32\drivers\cAmLAml.dll
c:\windows\system32\drivers\cFnxvpr.exe
c:\windows\system32\drivers\cIUsDa.dll
c:\windows\system32\drivers\ClrOX.dll
c:\windows\system32\drivers\CoscF.exe
c:\windows\system32\drivers\cpETA.dll
c:\windows\system32\drivers\CWVbOTNlb.dll
c:\windows\system32\drivers\CxfpncC.exe
c:\windows\system32\drivers\DiCikw.exe
c:\windows\system32\drivers\DLVbSH.exe
c:\windows\system32\drivers\DmrCM.dll
c:\windows\system32\drivers\dwNMeYfp.dll
c:\windows\system32\drivers\dxYXhitO.dll
c:\windows\system32\drivers\EfsTyTkPI.exe
c:\windows\system32\drivers\EhtCyk.exe
c:\windows\system32\drivers\EJxSrAxgP.dll
c:\windows\system32\drivers\emsGHuq.exe
c:\windows\system32\drivers\eoGJAgwN.exe
c:\windows\system32\drivers\epcyI.dll
c:\windows\system32\drivers\EPnsOoK.dll
c:\windows\system32\drivers\EpUUTJf.exe
c:\windows\system32\drivers\evXKHesb.exe
c:\windows\system32\drivers\eWHwug.exe
c:\windows\system32\drivers\eydEy.exe
c:\windows\system32\drivers\fbRFByeCM.exe
c:\windows\system32\drivers\FgFqQH.dll
c:\windows\system32\drivers\FkBFD.exe
c:\windows\system32\drivers\fmilSeEC.dll
c:\windows\system32\drivers\FPGKdMj.dll
c:\windows\system32\drivers\FwajyVC.exe
c:\windows\system32\drivers\fXqMTSs.dll
c:\windows\system32\drivers\FyCcGLvsb.exe
c:\windows\system32\drivers\gaDXPp.exe
c:\windows\system32\drivers\GEmCRDuCp.exe
c:\windows\system32\drivers\ggdysHP.exe
c:\windows\system32\drivers\GHsYixFc.dll
c:\windows\system32\drivers\gPOXbqB.exe
c:\windows\system32\drivers\GQNPrBGW.exe
c:\windows\system32\drivers\GTCpRTt.exe
c:\windows\system32\drivers\GxJmYLm.exe
c:\windows\system32\drivers\hCjaBpyGQ.exe
c:\windows\system32\drivers\hHhDEqa.dll
c:\windows\system32\drivers\hlJUWpGc.exe
c:\windows\system32\drivers\hMHavrrN.exe
c:\windows\system32\drivers\hObpUrNR.exe
c:\windows\system32\drivers\HOiNLoF.dll
c:\windows\system32\drivers\HrBCuFg.exe
c:\windows\system32\drivers\iFQIItLqA.dll
c:\windows\system32\drivers\IlegcyX.dll
c:\windows\system32\drivers\inCkie.dll
c:\windows\system32\drivers\inJnYhXMj.exe
c:\windows\system32\drivers\iPcPaGUj.dll
c:\windows\system32\drivers\IpUXoWegH.exe
c:\windows\system32\drivers\isFiepYuA.exe
c:\windows\system32\drivers\IsidyfU.dll
c:\windows\system32\drivers\IUgHjEh.exe
c:\windows\system32\drivers\IvrRgiiLb.dll
c:\windows\system32\drivers\iWRMu.dll
c:\windows\system32\drivers\IxDHWU.dll
c:\windows\system32\drivers\jDlOxLB.exe
c:\windows\system32\drivers\JipbVPwu.exe
c:\windows\system32\drivers\jpnkM.exe
c:\windows\system32\drivers\jsevyGsXV.exe
c:\windows\system32\drivers\jURbBixdC.dll
c:\windows\system32\drivers\jvPlaax.exe
c:\windows\system32\drivers\JydaboVv.exe
c:\windows\system32\drivers\jydNyLXay.dll
c:\windows\system32\drivers\kbItYnpjn.exe
c:\windows\system32\drivers\kboBVbT.exe
c:\windows\system32\drivers\kQChMPKT.exe
c:\windows\system32\drivers\lKkjh.dll
c:\windows\system32\drivers\LoKwDMQuB.dll
c:\windows\system32\drivers\LqrsDkK.dll
c:\windows\system32\drivers\lSexDUuP.exe
c:\windows\system32\drivers\LYrXehSM.dll
c:\windows\system32\drivers\Mafkk.dll
c:\windows\system32\drivers\MLpTIqMu.dll
c:\windows\system32\drivers\MvAWBxGLY.exe
c:\windows\system32\drivers\mYNrQILr.dll
c:\windows\system32\drivers\NdDrCMu.exe
c:\windows\system32\drivers\ndRhwE.exe
c:\windows\system32\drivers\NnSsB.exe
c:\windows\system32\drivers\oBNyYMUi.dll
c:\windows\system32\drivers\oKCliH.dll
c:\windows\system32\drivers\OwhEHK.dll
c:\windows\system32\drivers\paoVa.exe
c:\windows\system32\drivers\PBsPQY.dll
c:\windows\system32\drivers\pHJEe.dll
c:\windows\system32\drivers\piaAYcqGG.exe
c:\windows\system32\drivers\PLIVm.dll
c:\windows\system32\drivers\PluiSAsJX.dll
c:\windows\system32\drivers\qjAlSO.dll
c:\windows\system32\drivers\QTheqRf.dll
c:\windows\system32\drivers\qvVGglU.dll
c:\windows\system32\drivers\QxBViTo.exe
c:\windows\system32\drivers\RTgJodeXI.exe
c:\windows\system32\drivers\rXQLkHbjQ.exe
c:\windows\system32\drivers\rXtyOiXJV.exe
c:\windows\system32\drivers\SaPeywAI.exe
c:\windows\system32\drivers\sFHyCwi.exe
c:\windows\system32\drivers\SgrOSMq.dll
c:\windows\system32\drivers\SGYex.exe
c:\windows\system32\drivers\sInbN.exe
c:\windows\system32\drivers\sjTnVOlV.dll
c:\windows\system32\drivers\sMlfEYHoa.dll
c:\windows\system32\drivers\SnyJCCSTN.exe
c:\windows\system32\drivers\SovgkL.dll
c:\windows\system32\drivers\SQbBfnPQY.dll
c:\windows\system32\drivers\svgKNxX.exe
c:\windows\system32\drivers\tbVDREi.exe
c:\windows\system32\drivers\tdFHOY.dll
c:\windows\system32\drivers\TEMCD.dll
c:\windows\system32\drivers\ThrVkw.dll
c:\windows\system32\drivers\tjOjya.exe
c:\windows\system32\drivers\tQrXggdj.dll
c:\windows\system32\drivers\tyPmGQ.dll
c:\windows\system32\drivers\ucqycMcF.dll
c:\windows\system32\drivers\UdUMT.dll
c:\windows\system32\drivers\UJxAl.exe
c:\windows\system32\drivers\uKdYAtp.exe
c:\windows\system32\drivers\uTdXL.exe
c:\windows\system32\drivers\VKLPvB.dll
c:\windows\system32\drivers\VoFiDyU.dll
c:\windows\system32\drivers\vtIiH.exe
c:\windows\system32\drivers\vtuACoVvx.exe
c:\windows\system32\drivers\VuBLAQ.exe
c:\windows\system32\drivers\WJqHNsG.dll
c:\windows\system32\drivers\WNJatESwl.dll
c:\windows\system32\drivers\wNwgha.dll
c:\windows\system32\drivers\WPrHNHQ.dll
c:\windows\system32\drivers\wPwVx.exe
c:\windows\system32\drivers\wuTekQMaR.exe
c:\windows\system32\drivers\wxqQQ.exe
c:\windows\system32\drivers\xgLcTvDXk.dll
c:\windows\system32\drivers\xGoWjtEy.dll
c:\windows\system32\drivers\XJClK.exe
c:\windows\system32\drivers\xKiOEIX.dll
c:\windows\system32\drivers\XMLwvLN.exe
c:\windows\system32\drivers\xMvCg.dll
c:\windows\system32\drivers\xRTGCdpTb.dll
c:\windows\system32\drivers\XVLrbBuEe.dll
c:\windows\system32\drivers\xVVGlb.exe
c:\windows\system32\drivers\YfQBiiIGa.dll
c:\windows\system32\drivers\YHeQH.exe
c:\windows\system32\drivers\yjrimnC.exe
c:\windows\system32\drivers\yNMwKN.dll
c:\windows\system32\drivers\YTfgT.dll
c:\windows\system32\drivers\yTYOR.exe
c:\windows\system32\drivers\YWbBALI.dll
c:\windows\system32\DUYMJ.dll
c:\windows\system32\EGnbu.exe
c:\windows\system32\eGyLtofgH.exe
c:\windows\system32\EhUjD.dll
c:\windows\system32\EjldYsB.dll
c:\windows\system32\EkiWQ.dll
c:\windows\system32\eNvVX.exe
c:\windows\system32\erTONCkfu.exe
c:\windows\system32\ExjPycNqC.exe
c:\windows\system32\eXVtoXcX.exe
c:\windows\system32\FdkmWIvJ.dll
c:\windows\system32\fgvpcA.exe
c:\windows\system32\FLACTciMG.exe
c:\windows\system32\fLOrM.exe
c:\windows\system32\fvAQX.exe
c:\windows\system32\FVCWtW.dll
c:\windows\system32\FvkKsT.exe
c:\windows\system32\fWbCKyI.exe
c:\windows\system32\FxVvy.dll
c:\windows\system32\gcIKJM.dll
c:\windows\system32\GGRyTf.dll
c:\windows\system32\GhglBP.dll
c:\windows\system32\gHYoXwVTo.exe
c:\windows\system32\gKBOKJW.dll
c:\windows\system32\gKrRq.exe
c:\windows\system32\GMyjgsy.dll
c:\windows\system32\grhmTPe.dll
c:\windows\system32\Gsgywjk.exe
c:\windows\system32\guWYDl.dll
c:\windows\system32\gYHMQdJac.dll
c:\windows\system32\HBbtulaS.exe
c:\windows\system32\hEhSoDT.exe
c:\windows\system32\HGPebAQpL.dll
c:\windows\system32\HopgtvUrM.exe
c:\windows\system32\htyOB.dll
c:\windows\system32\HUWAWR.dll
c:\windows\system32\hWHeuv.dll
c:\windows\system32\iMoWlldLT.exe
c:\windows\system32\INUSM.dll
c:\windows\system32\iRHmA.dll
c:\windows\system32\ixOjl.dll
c:\windows\system32\IySeAlq.dll
c:\windows\system32\JliPoRoc.exe
c:\windows\system32\jNAwtuBx.exe
c:\windows\system32\JpMdflv.dll
c:\windows\system32\jQbPNTTe.exe
c:\windows\system32\jtBbIP.exe
c:\windows\system32\JteBeHR.dll
c:\windows\system32\KFXsxsjvq.dll
c:\windows\system32\kIQhELGCN.exe
c:\windows\system32\KpNlaAA.exe
c:\windows\system32\KQJjj.exe
c:\windows\system32\KsPUvo.dll
c:\windows\system32\KYMXFUCMH.dll
c:\windows\system32\lAVDK.dll
c:\windows\system32\LCXoR.exe
c:\windows\system32\lmhBeP.dll
c:\windows\system32\lPYGlWsBK.dll
c:\windows\system32\lRDKyvIR.dll
c:\windows\system32\lxuhMgRI.exe
c:\windows\system32\MdWHGlRUp.exe
c:\windows\system32\MfOWViDtk.dll
c:\windows\system32\moAmrNxvO.dll
c:\windows\system32\MpeLMdMnt.dll
c:\windows\system32\MqtfvxQr.exe
c:\windows\system32\mrJqlLDbA.dll
c:\windows\system32\mwGuaP.dll
c:\windows\system32\NNeCxX.exe
c:\windows\system32\nrJTPi.dll
c:\windows\system32\oDDMIxOf.dll
c:\windows\system32\OdKFbYY.dll
c:\windows\system32\oFmOKr.exe
c:\windows\system32\OLAVFJ.dll
c:\windows\system32\OrUBHk.dll
c:\windows\system32\oSltF.dll
c:\windows\system32\OxMhi.dll
c:\windows\system32\PHIDKjy.dll
c:\windows\system32\pNTnoadm.exe
c:\windows\system32\PotJSy.exe
c:\windows\system32\pTlql.dll
c:\windows\system32\puFMIpAp.exe
c:\windows\system32\pYeRI.exe
c:\windows\system32\pyqDS.dll
c:\windows\system32\QcCahgCi.exe
c:\windows\system32\qFmiy.exe
c:\windows\system32\qjULFb.exe
c:\windows\system32\QNxDMEyd.dll
c:\windows\system32\QorTNCF.dll
c:\windows\system32\REWLDD.dll
c:\windows\system32\RIVfDkdqK.exe
c:\windows\system32\rJyGgN.exe
c:\windows\system32\RnQFrxyk.exe
c:\windows\system32\RPHjSiQJx.exe
c:\windows\system32\RrmLa.exe
c:\windows\system32\rskxSYB.exe
c:\windows\system32\sCaGtG.dll
c:\windows\system32\ShyYa.exe
c:\windows\system32\SnaqsVa.exe
c:\windows\system32\ssoMPJ.dll
c:\windows\system32\TaUatd.exe
c:\windows\system32\TFxyHuim.dll
c:\windows\system32\tiNOBnfqV.dll
c:\windows\system32\tkNQS.dll
c:\windows\system32\tPQDec.dll
c:\windows\system32\UawYOf.exe
c:\windows\system32\uEAVFDLff.exe
c:\windows\system32\uNmgUftwy.exe
c:\windows\system32\UWKqe.dll
c:\windows\system32\UXymO.dll
c:\windows\system32\uYHePa.exe
c:\windows\system32\VaakJM.dll
c:\windows\system32\vEQcq.dll
c:\windows\system32\VGQJtM.dll
c:\windows\system32\VHCpkPl.exe
c:\windows\system32\vIjeKJ.dll
c:\windows\system32\vqWDaAu.dll
c:\windows\system32\VRhEFvRHD.exe
c:\windows\system32\VsLil.dll
c:\windows\system32\VvhwdAE.dll
c:\windows\system32\VxaorJoJy.dll
c:\windows\system32\vyxbA.exe
c:\windows\system32\WfiWWvXmX.exe
c:\windows\system32\wFWCrrayu.exe
c:\windows\system32\WKnXY.exe
c:\windows\system32\wmyOsMpg.exe
c:\windows\system32\WpNyjGiKD.dll
c:\windows\system32\WtiGnFDaS.dll
c:\windows\system32\WUrvQe.dll
c:\windows\system32\wwsAp.exe
c:\windows\system32\wxEckUK.dll
c:\windows\system32\XAgfDxIC.exe
c:\windows\system32\XFvlPbqxo.dll
c:\windows\system32\XHjguL.dll
c:\windows\system32\xLJxaTUE.exe
c:\windows\system32\XmvBPlv.exe
c:\windows\system32\xThbEAyy.dll
c:\windows\system32\xuyKuTX.exe
c:\windows\system32\xYreo.exe
c:\windows\system32\ybsBwh.dll
c:\windows\system32\YCpHn.exe
c:\windows\system32\yDKoaTbfK.exe
c:\windows\system32\yFSkctA.exe
c:\windows\system32\YLIJhHQpo.dll
c:\windows\system32\YmiCMlgIt.exe
c:\windows\system32\YngYwvg.dll
c:\windows\system32\yoPjRUr.exe
c:\windows\system32\yosQmi.exe
c:\windows\system32\yPaQxX.exe
c:\windows\system32\yrFvRRf.exe
c:\windows\system32\YSarnipnP.dll
c:\windows\system32\YTPFgVx.exe
c:\windows\system32\YtxhXOgY.dll
c:\windows\system32\yveQbA.exe
c:\windows\SyVLQ.exe
c:\windows\Tbbxi.exe
c:\windows\tBlOt.exe
c:\windows\TbSDt.exe
c:\windows\TdACE.dll
c:\windows\TFJFxSFJC.exe
c:\windows\TfQgSKHm.exe
c:\windows\tNGiyLr.dll
c:\windows\TpoYpys.exe
c:\windows\TSLwLMvpb.dll
c:\windows\TWAiEIY.exe
c:\windows\TWxXWxqpC.dll
c:\windows\UCRKY.exe
c:\windows\UduKq.dll
c:\windows\UEcDCAM.dll
c:\windows\vKysJ.dll
c:\windows\VOukfgT.exe
c:\windows\vULbAM.exe
c:\windows\vumtRa.exe
c:\windows\wABtVWNJO.dll
c:\windows\wpalsLM.exe
c:\windows\WpquudBXi.exe
c:\windows\wtpLLU.dll
c:\windows\WVhmb.dll
c:\windows\wYbAUdVk.exe
c:\windows\XBemBt.dll
c:\windows\XGAYUEAf.dll
c:\windows\XGtEr.exe
c:\windows\xlmxH.exe
c:\windows\xoEYPt.dll
c:\windows\xvdhr.exe
c:\windows\YAHJsydBj.exe
c:\windows\YdiTEIpi.dll
c:\windows\YiBsN.exe
c:\windows\yUkbJO.exe
c:\windows\YVFrbeuqr.exe
c:\windows\yWfUFA.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN
-------\Legacy_VSPF
-------\Legacy_VSPF_HK
-------\Legacy_WEBSERVER
-------\Service_dpti3o
-------\Service_vspf
-------\Service_vspf_hk


((((((((((((((((((((((((( Files Created from 2010-04-06 to 2010-05-06 )))))))))))))))))))))))))))))))
.

2010-05-06 04:15 . 2010-05-06 04:15 -------- dc----w- C:\_OTL
2010-04-19 03:45 . 2010-04-19 03:45 -------- d-----w- c:\documents and settings\Administrator.PETRAROAMING.003\Application Data\Malwarebytes
2010-04-19 03:45 . 2010-04-19 03:45 -------- d-sh--w- c:\documents and settings\Administrator.PETRAROAMING.003\IETldCache
2010-04-18 22:29 . 2010-04-18 22:29 -------- d-sh--w- c:\documents and settings\Administrator.PETRAROAMING.002\IETldCache
2010-04-18 20:32 . 2010-04-18 20:32 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-04-12 04:35 . 2010-04-12 04:35 -------- d-----w- c:\documents and settings\Pearl\Application Data\Alawar Entertainment
2010-04-12 04:35 . 2010-04-12 04:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Alawar Entertainment
2010-04-09 23:16 . 2010-04-09 23:16 1245321 ----a-w- c:\documents and settings\All Users\Application Data\NeoEdge Networks\Yahoo_SuperCollapse3\IAF.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 04:16 . 2009-05-14 01:40 125952 ----a-w- c:\windows\system32\imm32oko.dll
2010-04-17 22:37 . 2005-05-14 04:02 -------- d-----w- c:\program files\Google
2010-04-17 11:12 . 2009-08-04 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-16 23:50 . 2006-07-25 03:47 -------- d-----w- c:\program files\Oberon Media
2010-04-16 23:50 . 2009-04-26 23:54 -------- d-----w- c:\program files\Game Rival
2010-04-12 05:36 . 2009-03-26 02:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-09 23:16 . 2009-08-15 16:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NeoEdge Networks
2010-03-30 19:01 . 2010-03-30 19:01 -------- d-----w- c:\documents and settings\Pearl\Application Data\Artifex Mundi
2010-03-27 12:10 . 2009-03-29 01:06 -------- d-----w- c:\documents and settings\Pearl\Application Data\Big Fish Games
2010-03-25 14:31 . 2009-12-01 15:57 -------- d-----w- c:\documents and settings\Pearl\Application Data\PoBros
2010-03-25 14:31 . 2009-12-01 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\PoBros
2010-03-25 04:34 . 2010-03-25 04:34 -------- d-----w- c:\documents and settings\Pearl\Application Data\Silverback Productions
2010-03-17 04:31 . 2009-05-03 12:59 -------- d-----w- c:\program files\RealArcade
2010-03-17 03:29 . 2009-12-20 21:32 -------- d-----w- c:\documents and settings\Pearl\Application Data\iMaxGen
2010-03-17 00:58 . 2010-03-17 00:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-13 17:42 . 2010-03-13 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Fenomen Games
2010-03-09 14:51 . 2010-03-09 14:47 -------- d-----w- c:\documents and settings\Pearl\Application Data\TitanicMystery
2010-03-09 13:44 . 2009-09-19 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Merscom
2010-03-09 13:44 . 2009-09-19 19:02 -------- d-----w- c:\documents and settings\Pearl\Application Data\Merscom
2010-03-08 03:25 . 2009-08-31 20:29 -------- d-----w- c:\documents and settings\Pearl\Application Data\Flood Light Games
2010-03-08 03:25 . 2009-08-31 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Flood Light Games
2010-03-08 02:21 . 2010-03-08 02:21 -------- d-----w- c:\documents and settings\Pearl\Application Data\YoudaGames
2010-02-25 06:24 . 2005-05-14 01:06 916480 ----a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-03-29 2343120]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2003-09-06 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-21 88358]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-01-14 122939]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-29 344064]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 73728]
"TOSHIBA Accessibility"="c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe" [2005-03-28 24576]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-04-29 675840]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 1077301]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-15 122880]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-30 53248]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 65536]
"TPSMain"="TPSMain.exe" [2004-12-28 270336]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-12-24 28672]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-5-13 155648]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 20:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoomingHook]
2004-05-01 20:49 24576 ----a-w- c:\windows\system32\ZoomingHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:Berezovsky

S2 gupdate1cab0223c07f1d0;Google Update Service (gupdate1cab0223c07f1d0);c:\program files\Google\Update\GoogleUpdate.exe [2/17/2010 6:40 PM 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
termsv REG_MULTI_SZ dpti3o

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 22:40]

2010-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 22:40]

2010-04-12 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-07-14 20:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://gamerival.oberon-media.com/gameshell/games/channel--110371637/lc--en/room--86763256-f32e-4b0e-b6d6-b89ca8d7b375/online/mystery_of_shark_island/en/MysteryOfSharkIslandWeb.1.0.0.8.cab
DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} - hxxp://games.bigfishgames.com/en_nightshift-legacy-the-jaguars-eye/online/Nightshift2Web.1.0.0.9.cab
FF - ProfilePath - c:\documents and settings\Pearl\Application Data\Mozilla\Firefox\Profiles\vsbi7a43.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxp://www.runescape.com/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-06 00:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\Pearl\LOCALS~1\Temp\Perflib_Perfdata_fac.dat 16384 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,54,4e,fd,b4,43,e2,88,4b,86,61,94,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,54,4e,fd,b4,43,e2,88,4b,86,61,94,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2528)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\ACS.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\DVDRAMSV.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\TPSMain.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Apoint2K\Apntex.exe
.
**************************************************************************
.
Completion time: 2010-05-06 00:49:36 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-06 04:49

Pre-Run: 20,139,216,896 bytes free
Post-Run: 19,957,428,224 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 8D5B2F958E6DA8CD85344EE117291C2B




#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:17 PM

Posted 06 May 2010 - 01:21 AM

  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop
CODE
http://www.bleepingcomputer.com/forums/index.php?act=ST&f=22&t=310834

Collect::[4]
c:\windows\system32\imm32oko.dll

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"termsv"=-

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]




Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.


Please run the F-Secure Online Scanner
  • For information click Here.
  • Allow the installation of the Add-ons and Accept the License Agreement.
  • Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

Edited by JSntgRvr, 06 May 2010 - 01:22 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 serenity_Ash

serenity_Ash
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 06 May 2010 - 01:50 PM

the combofix is too big for post so am breaking it up


---

ComboFix 10-05-05.07 - Pearl 05/06/2010 5:59.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.110 [GMT -4:00]
Running from: c:\documents and settings\Pearl\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Pearl\Desktop\cfscript.txt

file zipped: c:\windows\system32\imm32oko.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system\olepro32.dll
c:\windows\system32\imm32oko.dll

.
((((((((((((((((((((((((( Files Created from 2010-04-06 to 2010-05-06 )))))))))))))))))))))))))))))))
.

2010-05-06 09:52 . 2010-05-06 09:52 -------- d-----w- c:\windows\LastGood
2010-05-06 04:15 . 2010-05-06 04:15 -------- dc----w- C:\_OTL
2010-04-19 03:45 . 2010-04-19 03:45 -------- d-----w- c:\documents and settings\Administrator.PETRAROAMING.003\Application Data\Malwarebytes
2010-04-19 03:45 . 2010-04-19 03:45 -------- d-sh--w- c:\documents and settings\Administrator.PETRAROAMING.003\IETldCache
2010-04-18 22:29 . 2010-04-18 22:29 -------- d-sh--w- c:\documents and settings\Administrator.PETRAROAMING.002\IETldCache
2010-04-18 20:32 . 2010-04-18 20:32 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-04-12 04:35 . 2010-04-12 04:35 -------- d-----w- c:\documents and settings\Pearl\Application Data\Alawar Entertainment
2010-04-12 04:35 . 2010-04-12 04:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Alawar Entertainment
2010-04-09 23:16 . 2010-04-09 23:16 1245321 ----a-w- c:\documents and settings\All Users\Application Data\NeoEdge Networks\Yahoo_SuperCollapse3\IAF.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 22:37 . 2005-05-14 04:02 -------- d-----w- c:\program files\Google
2010-04-17 11:12 . 2009-08-04 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-16 23:50 . 2006-07-25 03:47 -------- d-----w- c:\program files\Oberon Media
2010-04-16 23:50 . 2009-04-26 23:54 -------- d-----w- c:\program files\Game Rival
2010-04-12 05:36 . 2009-03-26 02:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-09 23:16 . 2009-08-15 16:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NeoEdge Networks
2010-03-30 19:01 . 2010-03-30 19:01 -------- d-----w- c:\documents and settings\Pearl\Application Data\Artifex Mundi
2010-03-27 12:10 . 2009-03-29 01:06 -------- d-----w- c:\documents and settings\Pearl\Application Data\Big Fish Games
2010-03-25 14:31 . 2009-12-01 15:57 -------- d-----w- c:\documents and settings\Pearl\Application Data\PoBros
2010-03-25 14:31 . 2009-12-01 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\PoBros
2010-03-25 04:34 . 2010-03-25 04:34 -------- d-----w- c:\documents and settings\Pearl\Application Data\Silverback Productions
2010-03-17 04:31 . 2009-05-03 12:59 -------- d-----w- c:\program files\RealArcade
2010-03-17 03:29 . 2009-12-20 21:32 -------- d-----w- c:\documents and settings\Pearl\Application Data\iMaxGen
2010-03-17 00:58 . 2010-03-17 00:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-13 17:42 . 2010-03-13 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Fenomen Games
2010-03-10 06:15 . 2005-05-14 01:06 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 14:51 . 2010-03-09 14:47 -------- d-----w- c:\documents and settings\Pearl\Application Data\TitanicMystery
2010-03-09 13:44 . 2009-09-19 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Merscom
2010-03-09 13:44 . 2009-09-19 19:02 -------- d-----w- c:\documents and settings\Pearl\Application Data\Merscom
2010-03-08 03:25 . 2009-08-31 20:29 -------- d-----w- c:\documents and settings\Pearl\Application Data\Flood Light Games
2010-03-08 03:25 . 2009-08-31 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Flood Light Games
2010-03-08 02:21 . 2010-03-08 02:21 -------- d-----w- c:\documents and settings\Pearl\Application Data\YoudaGames
2010-02-25 06:24 . 2005-05-14 01:06 916480 ----a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-05-06_04.44.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-27 07:45 . 2008-04-14 00:12 57344 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcirt.dll
+ 2005-05-13 18:56 . 2004-08-04 12:00 54784 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcirt.dll
+ 2005-05-14 01:07 . 2004-08-04 12:00 50688 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcirt.dll
+ 2006-12-02 04:46 . 2006-12-02 04:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 04:26 . 2006-12-02 04:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 04:25 . 2006-12-02 04:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 02:56 . 2006-12-02 02:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2009-07-11 23:41 . 2009-07-11 23:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2008-08-27 07:45 . 2008-04-14 00:12 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
+ 2005-05-14 01:07 . 2004-08-04 12:00 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\atl.dll
+ 2008-09-30 21:45 . 2008-09-30 21:45 91656 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2008-06-08 02:25 . 2008-06-08 02:25 82432 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2005-05-14 01:07 . 2004-08-04 12:00 18944 c:\windows\vmmreg32.dll
+ 2005-05-14 01:10 . 2004-08-04 12:00 65536 c:\windows\VALUEADD\MSFT\USMT\UNCTRN_A.DLL
+ 2005-05-14 01:10 . 2004-08-04 12:00 80384 c:\windows\VALUEADD\MSFT\USMT\UNCTRN.DLL
+ 2005-05-14 01:10 . 2004-08-04 12:00 25088 c:\windows\VALUEADD\MSFT\USMT\SHFOLDER.DLL
+ 2005-05-14 01:10 . 2004-08-04 12:00 28160 c:\windows\VALUEADD\MSFT\USMT\SCANSTATE_A.EXE
+ 2005-05-14 01:10 . 2004-08-04 12:00 31744 c:\windows\VALUEADD\MSFT\USMT\SCANSTATE.EXE
+ 2005-05-14 01:10 . 2004-08-04 12:00 19968 c:\windows\VALUEADD\MSFT\USMT\LOG.DLL
+ 2005-05-14 01:10 . 2004-08-04 12:00 32256 c:\windows\VALUEADD\MSFT\USMT\LOADSTATE.EXE
+ 2005-05-14 01:10 . 2004-08-04 12:00 65536 c:\windows\VALUEADD\MSFT\USMT\ANSI\UNCTRN.DLL
+ 2005-05-14 01:10 . 2004-08-04 12:00 25088 c:\windows\VALUEADD\MSFT\USMT\ANSI\SHFOLDER.DLL
+ 2005-05-14 01:10 . 2004-08-04 12:00 28160 c:\windows\VALUEADD\MSFT\USMT\ANSI\SCANSTATE.EXE
+ 2005-05-14 01:10 . 2004-08-04 12:00 19968 c:\windows\VALUEADD\MSFT\USMT\ANSI\LOG.DLL
+ 2005-05-14 01:10 . 2004-08-04 12:00 49664 c:\windows\VALUEADD\MSFT\NET\TOOLS\TTCP.EXE
+ 2005-05-14 01:10 . 2004-08-04 12:00 98176 c:\windows\VALUEADD\MSFT\NET\NETBEUI\NBF.SYS
+ 2007-01-10 19:59 . 2004-10-13 16:34 40960 c:\windows\unezfw.exe
+ 2005-05-14 01:06 . 2004-08-04 12:00 25600 c:\windows\twunk_32.exe
+ 2005-05-14 01:06 . 2004-08-04 12:00 49680 c:\windows\twunk_16.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 50688 c:\windows\twain_32.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 94784 c:\windows\twain.dll
+ 2005-05-14 04:22 . 1999-04-17 08:06 11375 c:\windows\TSiegp.exe
+ 2005-05-13 18:57 . 2004-08-04 12:00 15360 c:\windows\TASKMAN.EXE
+ 2004-05-01 20:49 . 2004-05-01 20:49 24576 c:\windows\system32\ZoomingHook.exe
+ 2005-05-14 02:01 . 2008-04-14 00:12 11776 c:\windows\system32\xolehlp.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 50176 c:\windows\system32\xmlprovi.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 30720 c:\windows\system32\xcopy.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 91648 c:\windows\system32\xactsrv.dll
+ 2004-08-04 00:56 . 2008-04-14 00:12 52736 c:\windows\system32\wzcsapi.dll
+ 2006-03-28 01:31 . 2009-08-07 00:24 44768 c:\windows\system32\wups2.dll
+ 2005-05-14 02:03 . 2009-08-07 00:24 35552 c:\windows\system32\wups.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 32256 c:\windows\system32\wupdmgr.exe
+ 2006-09-28 22:56 . 2006-09-28 22:56 55808 c:\windows\system32\WudfSvc.dll
+ 2006-09-29 00:13 . 2006-09-29 00:13 95344 c:\windows\system32\WUDFCoinstaller.dll
+ 2005-05-14 02:03 . 2009-08-07 00:24 53472 c:\windows\system32\wuauclt.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 18432 c:\windows\system32\wtsapi32.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 50688 c:\windows\system32\wstdecod.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 22528 c:\windows\system32\wsock32.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 41984 c:\windows\system32\wsnmp32.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 19456 c:\windows\system32\wshtcpip.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 11264 c:\windows\system32\wshrm.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 11776 c:\windows\system32\wshisn.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 14336 c:\windows\system32\wship6.dll
+ 2005-05-14 01:06 . 2008-05-09 10:53 90112 c:\windows\system32\wshext.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 36864 c:\windows\system32\wshcon.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 80896 c:\windows\system32\wscsvc.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 13824 c:\windows\system32\wscntfy.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 19968 c:\windows\system32\ws2help.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 82432 c:\windows\system32\ws2_32.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 11264 c:\windows\system32\wpnpinst.exe
+ 2004-08-11 08:45 . 2005-01-28 21:44 10752 c:\windows\system32\wpdtrace.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 38400 c:\windows\system32\wpdshextres.dll
+ 2006-10-19 00:00 . 2006-10-19 00:00 17408 c:\windows\system32\wpdshextautoplay.exe
+ 2004-08-11 08:45 . 2006-10-19 01:47 63488 c:\windows\system32\wpdmtpus.dll
+ 2004-08-11 08:45 . 2006-10-19 01:47 35840 c:\windows\system32\wpdconns.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 32256 c:\windows\system32\wpabaln.exe
+ 2001-08-17 22:36 . 2004-08-04 12:00 13824 c:\windows\system32\wowfaxui.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 10368 c:\windows\system32\wowexec.exe
+ 2005-05-14 01:07 . 2004-08-11 08:45 20480 c:\windows\system32\wmpui.dll
+ 2005-05-14 01:07 . 2006-10-19 01:47 99840 c:\windows\system32\wmpshell.dll
+ 2005-05-14 01:07 . 2004-08-11 08:45 20480 c:\windows\system32\wmpcore.dll
+ 2005-05-14 01:07 . 2004-08-11 08:45 20480 c:\windows\system32\wmpcd.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 18944 c:\windows\system32\wmiprop.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 51200 c:\windows\system32\wmerrenu.dll
+ 2005-05-14 01:07 . 2006-10-19 01:47 37376 c:\windows\system32\wmdmps.dll
+ 2005-05-14 01:07 . 2006-10-19 01:47 33792 c:\windows\system32\wmdmlog.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 92672 c:\windows\system32\wlnotify.dll
+ 2008-08-27 07:49 . 2008-04-14 00:12 69120 c:\windows\system32\wlanapi.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 18944 c:\windows\system32\winstrm.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 53760 c:\windows\system32\winsta.dll
+ 2005-05-14 01:07 . 2008-04-14 00:12 17408 c:\windows\system32\winshfhc.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 99328 c:\windows\system32\winscard.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 16896 c:\windows\system32\winrnr.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 11776 c:\windows\system32\winmsd.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 32256 c:\windows\system32\winipsec.dll
+ 2006-08-01 03:41 . 1996-06-05 03:09 12800 c:\windows\system32\wing32.dll
+ 2006-08-01 03:41 . 1995-06-23 14:55 92208 c:\windows\system32\WING.DLL
+ 2005-05-14 02:01 . 2004-08-04 12:00 35328 c:\windows\system32\winchat.exe
+ 2005-05-14 01:06 . 2004-08-04 12:00 13312 c:\windows\system32\win87em.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 18432 c:\windows\system32\win.com
+ 2005-05-14 01:06 . 2008-04-14 00:12 75776 c:\windows\system32\wiascr.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 13600 c:\windows\system32\wfwnet.drv
+ 2005-05-14 01:06 . 2008-04-14 00:12 65024 c:\windows\system32\wextract.exe
+ 2005-05-14 01:06 . 2004-08-04 12:00 40448 c:\windows\system32\webhits.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 68096 c:\windows\system32\webclnt.dll
+ 2004-08-04 00:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud.drv
+ 2005-05-14 01:06 . 2009-06-25 08:25 54272 c:\windows\system32\wdigest.dll
+ 2005-05-14 02:01 . 2004-08-04 12:00 45568 c:\windows\system32\wbem\xml\wmi2xml.dll
+ 2005-05-14 02:01 . 2008-04-14 00:12 95232 c:\windows\system32\wbem\wmiutils.dll
+ 2005-05-14 02:01 . 2004-08-04 12:00 52224 c:\windows\system32\wbem\wmitimep.dll
+ 2005-05-14 02:01 . 2008-04-14 00:12 41472 c:\windows\system32\wbem\wmipsess.dll
+ 2005-05-14 02:01 . 2008-04-14 00:12 62464 c:\windows\system32\wbem\wmipjobj.dll
+ 2005-05-14 02:01 . 2008-04-14 00:12 61952 c:\windows\system32\wbem\wmipiprt.dll
+ 2005-05-14 02:01 . 2004-08-04 12:00 75264 c:\windows\system32\wbem\wmipicmp.dll
+ 2005-05-14 02:01 . 2004-08-04 12:00 61440 c:\windows\system32\wbem\wmimsg.dll
+ 2005-05-14 02:01 . 2008-04-14 00:12 60928 c:\windows\system32\wbem\wmicookr.dll
+ 2005-05-14 02:01 . 2008-04-14 00:12 88576 c:\windows\system32\wbem\wmiaprpl.dll
+ 2005-05-14 02:01 . 2004-08-04 12:00 16384 c:\windows\system32\wbem\winmgmtr.dll
+ 2005-05-14 02:01 . 2004-08-04 12:00 13312 c:\windows\system32\wbem\winmgmt.exe
+ 2005-05-14 02:01 . 2008-04-14 00:12 43520 c:\windows\system32\wbem\wbemsvc.dll
+ 2005-05-14 02:01 . 2008-04-14 00:12 18944 c:\windows\system32\wbem\wbemprox.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 43008 c:\windows\system32\wbem\wbemperf.dll
+ 2005-05-14 02:01 . 2008-04-14 00:12 71680 c:\windows\system32\wbem\wbemcons.dll
+ 2005-05-14 02:01 . 2004-08-04 12:00 12288 c:\windows\system32\wbem\wbemads.dll
+ 2005-05-14 02:01 . 2004-08-04 12:00 16896 c:\windows\system32\wbem\unsecapp.exe
+ 2005-05-14 02:01 . 2004-08-04 12:00 59904 c:\windows\system32\wbem\trnsprov.dll
+ 2005-05-14 02:01 . 2004-08-04 12:00 61952 c:\windows\system32\wbem\tmplprov.dll
+ 2005-05-14 02:01 . 2008-04-14 00:12 86528 c:\windows\system32\wbem\stdprov.dll
+ 2005-05-14 02:01 . 2004-08-04 12:00 40960 c:\windows\system32\wbem\smtpcons.dll
+ 2005-05-14 02:01 . 2008-04-14 00:12 36352 c:\windows\system32\wbem\scrcons.exe
+ 2005-05-14 02:01 . 2008-04-14 00:12 47104 c:\windows\system32\wbem\ncprov.dll
+ 2005-05-14 02:01 . 2008-04-14 00:12 16384 c:\windows\system32\wbem\mofcomp.exe
+ 2005-05-14 02:01 . 2008-04-14 00:11 24576 c:\windows\system32\wbem\krnlprov.dll
+ 2005-05-14 02:01 . 2004-08-04 12:00 53248 c:\windows\system32\wbem\fwdprov.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 21504 c:\windows\system32\wbem\evntrprv.dll
+ 2005-05-14 01:06 . 2008-04-13 18:44 17664 c:\windows\system32\watchdog.sys
+ 2005-05-14 01:06 . 2008-04-14 00:12 15872 c:\windows\system32\w3ssl.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 22016 c:\windows\system32\w32topl.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 49664 c:\windows\system32\w32tm.exe
+ 2003-03-13 23:10 . 2003-03-13 23:10 40960 c:\windows\system32\vxdmdcdlg.dll
+ 2005-05-14 02:34 . 2003-08-30 01:37 87865 c:\windows\system32\Vxdif.dll
+ 2005-01-12 09:00 . 2005-01-12 09:00 28672 c:\windows\system32\VXBLOCK.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 33792 c:\windows\system32\vssadmin.exe
+ 2005-05-14 01:06 . 2004-08-04 12:00 16896 c:\windows\system32\vss_ps.dll
+ 2005-05-14 01:07 . 2004-08-04 12:00 18176 c:\windows\system32\vga64k.dll
+ 2005-05-14 01:07 . 2004-08-04 12:00 51456 c:\windows\system32\vga256.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 20535 c:\windows\system32\vfpodbc.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 18944 c:\windows\system32\version.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 98304 c:\windows\system32\verifier.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 26624 c:\windows\system32\verifier.dll
+ 2006-03-17 00:38 . 2008-04-14 00:12 28672 c:\windows\system32\verclsid.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 51712 c:\windows\system32\vdmredir.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 26112 c:\windows\system32\vdmdbg.dll
+ 1999-11-25 02:40 . 1999-11-25 02:40 40960 c:\windows\system32\VBAME.DLL
+ 2005-05-14 01:06 . 2008-04-14 00:12 30749 c:\windows\system32\vbajet32.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 50176 c:\windows\system32\utilman.exe
+ 2005-05-14 01:06 . 2004-08-04 12:00 25600 c:\windows\system32\utildll.dll
+ 2001-08-17 22:36 . 2004-08-04 12:00 49211 c:\windows\system32\usrvpa.dll
+ 2001-08-17 22:36 . 2004-08-04 12:00 45116 c:\windows\system32\usrvoica.dll
+ 2001-08-17 22:36 . 2004-08-04 12:00 49209 c:\windows\system32\usrv80a.dll
+ 2001-08-17 22:36 . 2004-08-04 12:00 41019 c:\windows\system32\usrsvpia.dll
+ 2001-08-17 22:37 . 2004-08-04 12:00 69700 c:\windows\system32\usrshuta.exe
+ 2001-08-17 22:36 . 2004-08-04 12:00 49211 c:\windows\system32\usrsdpia.dll
+ 2001-08-17 22:36 . 2004-08-04 12:00 77883 c:\windows\system32\usrrtosa.dll
+ 2001-08-17 22:37 . 2004-08-04 12:00 61508 c:\windows\system32\usrprbda.exe
+ 2001-08-17 22:37 . 2004-08-04 12:00 77891 c:\windows\system32\usrmlnka.exe
+ 2001-08-17 22:36 . 2004-08-04 12:00 53305 c:\windows\system32\usrlbva.dll
+ 2001-08-17 22:36 . 2004-08-04 12:00 86073 c:\windows\system32\usrfaxa.dll
+ 2001-08-17 22:36 . 2004-08-04 12:00 77890 c:\windows\system32\usrdpa.dll
+ 2001-08-17 22:36 . 2004-08-04 12:00 69699 c:\windows\system32\usrcoina.dll
+ 2001-08-17 22:36 . 2004-08-04 12:00 61500 c:\windows\system32\usrcntra.dll
+ 2005-05-14 01:06 . 2008-04-14 00:11 19968 c:\windows\system32\usmt\log.dll
+ 2006-03-28 02:53 . 2008-04-13 16:44 17920 c:\windows\system32\usmt\cobramsg.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 26112 c:\windows\system32\userinit.exe
+ 2005-05-14 01:06 . 2004-08-04 12:00 47872 c:\windows\system32\user.exe
+ 2005-05-13 18:58 . 2008-04-14 00:12 74240 c:\windows\system32\usbui.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 16896 c:\windows\system32\usbmon.dll
+ 2003-02-21 12:16 . 2003-02-21 12:16 49152 c:\windows\system32\URTTemp\regtlib.exe
+ 2005-05-14 02:11 . 2003-02-21 02:09 77824 c:\windows\system32\URTTemp\mscorsn.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 17920 c:\windows\system32\ureg.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 18432 c:\windows\system32\ups.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 16896 c:\windows\system32\upnpcont.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 13824 c:\windows\system32\uniplat.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 74240 c:\windows\system32\unimdmat.dll
+ 2008-08-27 07:47 . 2008-04-14 00:11 76288 c:\windows\system32\uniime.dll
+ 2004-01-07 08:01 . 2004-01-07 08:01 49152 c:\windows\system32\umloader.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 13312 c:\windows\system32\umdmxfrm.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 35840 c:\windows\system32\umandlg.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 82432 c:\windows\system32\ufat.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 26624 c:\windows\system32\udhisapi.dll
+ 2007-01-29 08:58 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 57856 c:\windows\system32\twext.dll
+ 2005-05-14 03:25 . 2005-04-13 19:08 69632 c:\windows\system32\TvsCtrl.dll
+ 2005-05-14 04:22 . 1999-04-17 08:06 11375 c:\windows\system32\TuRjOWc.exe
+ 2008-07-30 01:10 . 2008-07-30 01:10 26112 c:\windows\system32\TsWpfWrp.exe
+ 2005-05-14 02:01 . 2004-08-04 12:00 16896 c:\windows\system32\tsshutdn.exe
+ 2008-08-27 07:49 . 2008-04-14 00:12 50688 c:\windows\system32\tspkg.dll
+ 2005-05-14 02:01 . 2004-08-04 12:00 16384 c:\windows\system32\tskill.exe
+ 2008-08-27 07:49 . 2008-04-14 00:12 53248 c:\windows\system32\tsgqec.dll
+ 2005-05-14 02:01 . 2004-08-04 12:00 14848 c:\windows\system32\tsdiscon.exe
+ 2005-05-14 01:06 . 2008-04-14 00:13 12168 c:\windows\system32\tsddd.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 15360 c:\windows\system32\tsd32.dll
+ 2005-05-14 02:01 . 2004-08-04 12:00 44544 c:\windows\system32\tscupgrd.exe
+ 2005-05-14 02:01 . 2004-08-04 12:00 14848 c:\windows\system32\tscon.exe
+ 2005-05-14 02:01 . 2008-04-14 00:12 93696 c:\windows\system32\tscfgwmi.dll
+ 2004-08-04 09:50 . 2004-08-04 09:50 53248 c:\windows\system32\TSBWLS.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 52224 c:\windows\system32\tsappcmp.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 90112 c:\windows\system32\trkwks.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 12800 c:\windows\system32\tree.com
+ 2005-05-14 01:06 . 2004-08-04 12:00 31232 c:\windows\system32\traffic.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 31744 c:\windows\system32\tracert6.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 12288 c:\windows\system32\tracert.exe
+ 2005-05-14 04:30 . 2004-12-28 23:02 77824 c:\windows\system32\TPwrReg.dll
+ 2005-05-14 04:30 . 2004-12-28 23:02 53248 c:\windows\system32\TPwrCfg.dll
+ 2005-05-14 04:30 . 2004-12-28 23:02 49152 c:\windows\system32\TPSTrace.dll
+ 2005-05-14 04:30 . 2004-12-28 23:02 45056 c:\windows\system32\TPSMainCtl.dll
+ 2005-05-14 04:30 . 2004-12-28 23:02 45056 c:\windows\system32\TPSDel.dll
+ 2005-05-14 04:30 . 2004-12-28 23:02 36864 c:\windows\system32\TPSBattM.exe
+ 2005-05-14 04:30 . 2004-12-28 23:02 45056 c:\windows\system32\TPSAddin.dll
+ 2004-01-06 19:12 . 2004-01-06 19:12 94208 c:\windows\system32\TPprop.dll
+ 2005-03-25 16:59 . 2005-03-25 16:59 28672 c:\windows\system32\TPeculiarity.dll
+ 2005-05-14 03:43 . 2005-01-11 08:00 24576 c:\windows\system32\TosusrpN.dll
+ 2005-05-14 03:43 . 2005-01-11 08:00 69632 c:\windows\system32\TosOlkN.dll
+ 2006-03-28 01:40 . 2003-12-04 08:48 77824 c:\windows\system32\tosmreg.exe
+ 2005-05-14 03:43 . 2005-01-11 08:00 40960 c:\windows\system32\ToscmddN.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 13888 c:\windows\system32\toolhelp.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 16896 c:\windows\system32\tftp.exe
+ 2006-03-28 01:45 . 2005-01-14 09:05 61498 c:\windows\system32\tfswapi.dll
+ 2005-05-14 01:06 . 2009-06-12 12:31 76288 c:\windows\system32\telnet.exe
+ 2005-05-14 01:06 . 2004-08-04 12:00 19456 c:\windows\system32\tcpsvcs.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 45568 c:\windows\system32\tcpmonui.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 45568 c:\windows\system32\tcpmon.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 14848 c:\windows\system32\tcpmib.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 12288 c:\windows\system32\tcmsetup.exe
+ 2005-05-14 01:06 . 2004-08-04 12:00 15360 c:\windows\system32\taskman.exe
+ 2005-05-14 01:06 . 2004-08-04 12:00 78848 c:\windows\system32\tapiui.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 19200 c:\windows\system32\tapi.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 36864 c:\windows\system32\syskey.exe
+ 2005-05-14 01:06 . 2004-08-04 12:00 15872 c:\windows\system32\sysinv.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 18896 c:\windows\system32\sysedit.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 57856 c:\windows\system32\synceng.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 51200 c:\windows\system32\syncapp.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 14336 c:\windows\system32\svchost.exe
+ 2005-05-14 01:06 . 2009-10-21 05:38 75776 c:\windows\system32\strmfilt.dll
+ 2005-05-13 18:57 . 2008-04-14 00:12 74752 c:\windows\system32\storprop.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 14848 c:\windows\system32\stimon.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 68096 c:\windows\system32\sti.dll
+ 2005-05-14 02:01 . 2008-04-14 00:12 59392 c:\windows\system32\stclient.dll
+ 2009-04-13 14:35 . 1999-02-19 12:54 40960 c:\windows\system32\SSubTmr6.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 14336 c:\windows\system32\ssstars.scr
+ 2005-05-14 01:06 . 2008-04-14 00:12 18944 c:\windows\system32\ssmyst.scr
+ 2005-05-14 01:06 . 2008-04-14 00:12 47104 c:\windows\system32\ssmypics.scr
+ 2005-05-14 01:06 . 2008-04-14 00:12 20992 c:\windows\system32\ssmarque.scr
+ 2005-05-14 01:06 . 2008-04-14 00:12 71680 c:\windows\system32\ssdpsrv.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 34816 c:\windows\system32\ssdpapi.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 19968 c:\windows\system32\ssbezier.scr
+ 2005-05-14 01:06 . 2008-04-14 00:12 96768 c:\windows\system32\srvsvc.dll
+ 2005-05-14 02:03 . 2008-04-14 00:12 67584 c:\windows\system32\srclient.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 49179 c:\windows\system32\sqlwoa.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 24603 c:\windows\system32\sqlwid.dll
+ 2005-05-13 18:57 . 2004-08-04 12:00 24661 c:\windows\system32\spxcoins.dll
+ 2008-08-27 07:49 . 2008-04-14 00:12 20992 c:\windows\system32\spupdwxp.exe
+ 2006-03-28 01:34 . 2009-01-07 22:21 26144 c:\windows\system32\spupdsvc.exe
+ 2001-08-17 22:36 . 2004-08-04 12:00 72192 c:\windows\system32\sprio800.dll
+ 2001-08-17 22:36 . 2004-08-04 12:00 70656 c:\windows\system32\sprio600.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 57856 c:\windows\system32\spoolsv.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 75264 c:\windows\system32\spoolss.dll
+ 2006-03-28 01:42 . 2007-04-09 17:23 28552 c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2006-03-28 01:42 . 2007-04-09 17:23 46472 c:\windows\system32\spool\drivers\w32x86\mdiui.dll
+ 2006-03-28 01:42 . 2007-04-09 17:23 46472 c:\windows\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2002-12-10 00:19 . 2002-12-10 00:19 73728 c:\windows\system32\spool\drivers\w32x86\3\hpztbi07.dll
+ 2002-12-10 00:19 . 2002-12-10 00:19 81920 c:\windows\system32\spool\drivers\w32x86\3\hpzflt07.dll
+ 2002-12-10 00:19 . 2002-12-10 00:19 55665 c:\windows\system32\spool\drivers\w32x86\3\hpf4a607.dat
+ 2005-05-14 02:01 . 2008-04-14 00:11 26624 c:\windows\system32\spool\drivers\w32x86\3\fxsdrv.dll
+ 2005-05-14 01:07 . 2008-04-14 09:42 11264 c:\windows\system32\spnpinst.exe
+ 2001-08-17 22:36 . 2004-08-04 12:00 69632 c:\windows\system32\spnike.dll
+ 2009-03-12 22:23 . 2009-01-07 22:20 16928 c:\windows\system32\spmsg.dll
+ 2005-03-28 22:59 . 2005-03-28 22:59 24576 c:\windows\system32\SPCtl.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 24576 c:\windows\system32\sort.exe
+ 2005-05-14 02:01 . 2004-08-04 12:00 56832 c:\windows\system32\sol.exe
+ 2008-12-12 13:30 . 2008-10-16 19:09 43544 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
+ 2008-08-28 11:06 . 2008-07-19 02:10 45768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
+ 2007-09-01 21:50 . 2007-07-30 23:19 43352 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.381\wups2.dll
+ 2007-07-13 02:52 . 2007-04-17 02:45 43352 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.374\wups2.dll
+ 2008-12-12 13:30 . 2008-10-16 19:08 34328 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-08-28 11:06 . 2008-07-19 02:10 36552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2007-09-01 21:50 . 2007-07-30 23:18 33624 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
+ 2007-07-13 02:52 . 2007-04-17 02:47 33624 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.374\wups.dll
+ 2006-03-28 01:31 . 2005-05-26 12:16 41240 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\5.8.0.2469\wups.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 18944 c:\windows\system32\snmpapi.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 50688 c:\windows\system32\smss.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 89600 c:\windows\system32\smlogsvc.exe
+ 2008-08-27 07:48 . 2008-04-14 00:12 73796 c:\windows\system32\slserv.exe
+ 2008-08-27 07:48 . 2008-04-14 00:12 32866 c:\windows\system32\slrundll.exe
+ 2008-08-27 07:48 . 2008-04-14 00:12 73832 c:\windows\system32\slcoinst.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 14848 c:\windows\system32\slbrccsp.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 98304 c:\windows\system32\slbiop.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 25088 c:\windows\system32\slayerxp.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 26112 c:\windows\system32\skeys.exe
+ 2005-05-14 01:06 . 2004-08-04 12:00 13824 c:\windows\system32\sisbkup.dll
+ 2009-02-06 22:52 . 2009-02-06 22:52 49504 c:\windows\system32\sirenacm.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 70144 c:\windows\system32\sigverif.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 13312 c:\windows\system32\sigtab.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 19456 c:\windows\system32\shutdown.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 27648 c:\windows\system32\shscrap.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 77824 c:\windows\system32\shrpubw.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 45056 c:\windows\system32\shmgrate.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 65024 c:\windows\system32\shimeng.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 68096 c:\windows\system32\shgina.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 25088 c:\windows\system32\shfolder.dll
+ 2005-05-14 02:01 . 2004-08-04 12:00 14848 c:\windows\system32\shadow.exe
+ 2005-05-14 01:06 . 2004-08-04 12:00 23552 c:\windows\system32\sfmapi.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 11753 c:\windows\system32\setver.exe
+ 2008-08-27 07:48 . 2008-04-14 00:12 32768 c:\windows\system32\setupn.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 26624 c:\windows\system32\Setup\startoc.dll
+ 2005-05-14 01:07 . 2008-04-14 00:12 17408 c:\windows\system32\Setup\ocmsn.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 15360 c:\windows\system32\Setup\ocgen.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 62976 c:\windows\system32\Setup\ntoc.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 77312 c:\windows\system32\Setup\netoc.dll
+ 2005-05-14 01:07 . 2008-04-14 00:11 15360 c:\windows\system32\Setup\msgrocm.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 90112 c:\windows\system32\Setup\msdtcstp.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 32828 c:\windows\system32\Setup\fp40ext.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 23040 c:\windows\system32\setup.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 31232 c:\windows\system32\sethc.exe
+ 2005-05-14 01:06 . 2004-08-04 12:00 14848 c:\windows\system32\serwvdrv.dll
+ 2005-05-14 02:01 . 2008-04-14 00:12 56320 c:\windows\system32\servdeps.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 14336 c:\windows\system32\serialui.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 13824 c:\windows\system32\senscfg.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 39424 c:\windows\system32\sens.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 54784 c:\windows\system32\sendmail.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 29184 c:\windows\system32\sendcmsg.dll
+ 2005-05-14 01:06 . 2009-06-25 08:25 56832 c:\windows\system32\secur32.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 18944 c:\windows\system32\seclogon.dll
+ 2004-08-04 00:56 . 2008-04-14 00:12 29184 c:\windows\system32\sdhcinst.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 77312 c:\windows\system32\sdbinst.exe
+ 2005-05-14 01:06 . 2004-08-04 12:00 26624 c:\windows\system32\scredir.dll
+ 1998-03-25 05:54 . 1998-03-25 05:54 15872 c:\windows\system32\SCP32.DLL
+ 2005-05-14 01:06 . 2008-04-14 00:12 20480 c:\windows\system32\sclgntfy.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 95744 c:\windows\system32\scardsvr.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 69632 c:\windows\system32\scarddlg.dll
+ 2005-05-14 01:06 . 2009-02-06 10:39 35328 c:\windows\system32\sc.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 13312 c:\windows\system32\savedump.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 64000 c:\windows\system32\samlib.dll
+ 2005-05-14 02:03 . 2008-04-14 00:12 45568 c:\windows\system32\safrslv.dll
+ 2005-05-14 02:03 . 2008-04-14 00:12 29696 c:\windows\system32\safrdm.dll
+ 2005-05-14 02:03 . 2008-04-14 00:12 43520 c:\windows\system32\safrcdlg.dll
+ 2005-05-14 02:01 . 2004-08-04 12:00 15872 c:\windows\system32\rwinsta.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 14336 c:\windows\system32\runonce.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 33280 c:\windows\system32\rundll32.exe
+ 2005-05-14 01:06 . 2004-08-04 12:00 16384 c:\windows\system32\runas.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 44032 c:\windows\system32\rtutils.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 98304 c:\windows\system32\rtm.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 31744 c:\windows\system32\rtipxmib.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 77312 c:\windows\system32\rtcshare.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 92672 c:\windows\system32\rsvpsp.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 23552 c:\windows\system32\rsvpmsg.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 49152 c:\windows\system32\rsmui.exe
+ 2005-05-14 01:06 . 2004-08-04 12:00 24576 c:\windows\system32\rsmsink.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 18944 c:\windows\system32\rsmps.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 49152 c:\windows\system32\rsm.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 39936 c:\windows\system32\rshx32.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 14848 c:\windows\system32\rsh.exe
+ 2005-05-14 01:06 . 2004-08-04 12:00 22016 c:\windows\system32\rpcns4.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 25600 c:\windows\system32\routemon.exe
+ 2005-05-14 01:06 . 2004-08-04 12:00 19968 c:\windows\system32\route.exe
+ 2006-03-28 01:40 . 2005-02-24 22:57 32768 c:\windows\system32\RmWLAN.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 13824 c:\windows\system32\rexec.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 58880 c:\windows\system32\resutils.dll
+ 2005-05-14 02:03 . 2004-08-04 12:00 47104 c:\windows\system32\Restore\srdiag.exe
+ 2005-05-14 01:06 . 2004-08-04 12:00 12800 c:\windows\system32\replace.exe
+ 2005-05-14 02:01 . 2008-04-14 00:12 60416 c:\windows\system32\remotepg.dll
+ 2009-03-04 17:47 . 2004-08-04 12:00 36096 c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\intelppm.sys
+ 2005-05-14 02:34 . 2004-08-04 12:00 23040 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\mouclass.sys
+ 2005-05-14 02:34 . 2004-08-04 12:00 52736 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\i8042prt.sys
+ 2005-05-14 02:29 . 2004-08-03 22:31 20992 c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\RTL8139.sys
+ 2005-05-14 01:06 . 2008-04-14 00:12 11776 c:\windows\system32\regsvr32.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 59904 c:\windows\system32\regsvc.dll
+ 2005-05-14 02:01 . 2004-08-04 12:00 33792 c:\windows\system32\regini.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 49664 c:\windows\system32\regapi.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 50176 c:\windows\system32\reg.exe
+ 2005-05-14 02:01 . 2008-04-14 00:12 67072 c:\windows\system32\rdshost.exe
+ 2005-05-14 02:01 . 2008-04-14 00:12 13824 c:\windows\system32\rdsaddin.exe
+ 2005-05-14 02:01 . 2008-04-14 00:13 87176 c:\windows\system32\rdpwsx.dll
+ 2005-05-14 02:01 . 2008-04-14 00:12 19968 c:\windows\system32\rdpsnd.dll
+ 2005-05-14 01:06 . 2008-04-14 00:13 92424 c:\windows\system32\rdpdd.dll
+ 2005-05-14 02:01 . 2008-04-14 00:12 62976 c:\windows\system32\rdpclip.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 21504 c:\windows\system32\rcp.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 35840 c:\windows\system32\rcimlby.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 58368 c:\windows\system32\rastapi.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 12800 c:\windows\system32\rasser.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 16384 c:\windows\system32\rassapi.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 23552 c:\windows\system32\rasrad.dll
+ 2008-08-27 07:48 . 2008-04-14 00:12 61952 c:\windows\system32\rasqec.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 56832 c:\windows\system32\rasphone.exe
+ 2005-05-14 01:06 . 2004-08-04 12:00 22528 c:\windows\system32\rasmxs.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 61440 c:\windows\system32\rasman.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 11264 c:\windows\system32\rasdial.exe
+ 2005-05-14 01:06 . 2004-08-04 12:00 11776 c:\windows\system32\rasctrs.dll
+ 2005-05-14 01:06 . 2009-10-12 13:38 79872 c:\windows\system32\raschap.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 11776 c:\windows\system32\rasautou.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 88576 c:\windows\system32\rasauto.dll
+ 2005-05-14 02:03 . 2008-04-14 00:12 43520 c:\windows\system32\racpldlg.dll
+ 2005-05-14 02:01 . 2004-08-04 12:00 22016 c:\windows\system32\qwinsta.exe
+ 2008-08-27 07:48 . 2008-04-14 00:12 76800 c:\windows\system32\qutil.dll
+ 2005-05-14 02:01 . 2008-04-14 00:12 19968 c:\windows\system32\qprocess.exe
+ 2005-05-14 02:03 . 2008-04-14 00:12 18944 c:\windows\system32\qmgrprxy.dll
+ 2008-08-27 07:48 . 2008-04-14 00:12 62464 c:\windows\system32\qcliprov.dll
+ 2005-05-14 02:01 . 2004-08-04 12:00 16896 c:\windows\system32\qappsrv.exe
+ 2004-05-06 21:43 . 2004-05-06 21:43 86016 c:\windows\system32\PXWMA.dll
+ 2005-05-14 03:58 . 2004-10-21 09:03 56320 c:\windows\system32\pxinsa64.exe
+ 2005-05-14 03:58 . 2004-10-21 09:03 57344 c:\windows\system32\pxhpinst.exe
+ 2005-05-14 03:58 . 2004-09-27 08:00 56832 c:\windows\system32\pxcpya64.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 34304 c:\windows\system32\pstorsvc.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 43520 c:\windows\system32\pstorec.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 10752 c:\windows\system32\pschdprf.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 96768 c:\windows\system32\psbase.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 23040 c:\windows\system32\psapi.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 50176 c:\windows\system32\proquota.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 27648 c:\windows\system32\profmap.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 16384 c:\windows\system32\prflbmsg.dll
+ 2008-07-29 23:59 . 2008-07-29 23:59 43544 c:\windows\system32\PresentationHostProxy.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 17408 c:\windows\system32\powrprof.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 49152 c:\windows\system32\powercfg.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 58880 c:\windows\system32\pnrpnsp.dll
+ 2005-05-14 01:06 . 2009-03-08 08:31 46592 c:\windows\system32\pngfilt.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 46592 c:\windows\system32\pmspl.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 30720 c:\windows\system32\plustab.dll
+ 2004-08-04 00:56 . 2008-04-14 00:12 15360 c:\windows\system32\pjlmon.dll
+ 2005-10-29 07:49 . 2005-10-29 07:49 84480 c:\windows\system32\pintool.exe
+ 2005-05-14 01:06 . 2004-08-04 12:00 33280 c:\windows\system32\ping6.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 17920 c:\windows\system32\ping.exe
+ 2005-05-14 01:06 . 2004-08-04 12:00 35328 c:\windows\system32\pifmgr.dll
+ 2005-05-14 01:06 . 2008-04-13 18:35 24064 c:\windows\system32\pidgen.dll
+ 2004-08-04 00:56 . 2008-04-14 00:12 35328 c:\windows\system32\pid.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 12288 c:\windows\system32\perfts.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 34816 c:\windows\system32\perfproc.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 25088 c:\windows\system32\perfos.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 17920 c:\windows\system32\perfnet.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 15872 c:\windows\system32\perfmon.exe
+ 2005-05-14 01:05 . 2008-04-14 00:12 26624 c:\windows\system32\perfdisk.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 28626 c:\windows\system32\perfd009.dat
+ 2005-05-14 01:05 . 2008-04-14 00:12 39936 c:\windows\system32\perfctrs.dll
+ 2005-05-14 01:05 . 2010-03-14 14:10 84674 c:\windows\system32\perfc009.dat
+ 2005-05-14 01:06 . 2004-08-04 12:00 15360 c:\windows\system32\pentnt.exe
+ 2005-05-14 01:05 . 2008-04-14 00:12 67584 c:\windows\system32\pautoenr.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 21504 c:\windows\system32\pathping.exe
+ 2005-05-14 01:05 . 2004-08-04 12:00 10240 c:\windows\system32\panmap.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 58368 c:\windows\system32\packager.exe
+ 2005-05-14 01:07 . 2004-08-04 12:00 40448 c:\windows\system32\osuninst.exe
+ 2005-05-14 01:06 . 2008-04-14 00:12 67584 c:\windows\system32\osuninst.dll
+ 2005-05-14 02:03 . 2008-04-14 00:12 51200 c:\windows\system32\oobe\oobebaln.exe
+ 2005-05-14 02:03 . 2008-04-14 00:12 29184 c:\windows\system32\oobe\msoobe.exe
+ 2005-05-14 02:03 . 2008-04-14 00:12 19456 c:\windows\system32\oobe\msobweb.dll
+ 2005-05-14 02:03 . 2008-04-14 00:12 30720 c:\windows\system32\oobe\msobshel.dll
+ 2005-05-14 02:03 . 2008-04-14 00:12 16384 c:\windows\system32\oobe\msobdl.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 69120 c:\windows\system32\olethk32.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 22016 c:\windows\system32\olesvr32.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 24064 c:\windows\system32\olesvr.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 84992 c:\windows\system32\olepro32.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 37376 c:\windows\system32\olecnv32.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 74752 c:\windows\system32\olecli32.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 82944 c:\windows\system32\olecli.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 16896 c:\windows\system32\oleaccrc.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 39744 c:\windows\system32\ole2.dll
+ 2005-05-14 04:22 . 1999-04-17 08:06 11375 c:\windows\system32\oiFpJQChS.dll
+ 2005-04-29 05:33 . 2005-04-29 05:33 73728 c:\windows\system32\Oemdspif.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 20511 c:\windows\system32\odtext32.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 20510 c:\windows\system32\odpdx32.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 20510 c:\windows\system32\odfox32.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 20510 c:\windows\system32\odexl32.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 20511 c:\windows\system32\oddbse32.dll
+ 2005-05-14 01:05 . 2008-04-13 17:26 12288 c:\windows\system32\odbcp32r.dll
+ 2005-05-14 01:05 . 2008-04-14 00:10 53279 c:\windows\system32\odbcji32.dll
+ 2005-05-14 01:05 . 2008-04-13 17:26 94208 c:\windows\system32\odbcint.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 65536 c:\windows\system32\odbccu32.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 65536 c:\windows\system32\odbccr32.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 69632 c:\windows\system32\odbcconf.exe
+ 2005-05-14 01:05 . 2008-04-14 00:12 24576 c:\windows\system32\odbcbcp.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 32768 c:\windows\system32\odbcad32.exe
+ 2005-05-14 01:05 . 2008-04-14 00:12 16384 c:\windows\system32\odbc32gt.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 26224 c:\windows\system32\odbc16gt.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 67584 c:\windows\system32\ocmanage.dll
+ 2003-11-21 06:45 . 2003-11-21 06:45 37888 c:\windows\system32\ochlp30e.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 15360 c:\windows\system32\ntvdmd.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 36864 c:\windows\system32\ntsdexts.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 31744 c:\windows\system32\ntsd.exe
+ 2005-05-14 01:05 . 2008-04-14 00:12 91136 c:\windows\system32\ntprint.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 36864 c:\windows\system32\ntmsevt.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 40960 c:\windows\system32\ntmsapi.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 14336 c:\windows\system32\ntlanui2.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 57856 c:\windows\system32\ntlanui.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 44032 c:\windows\system32\ntlanman.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 34560 c:\windows\system32\ntio804.sys
+ 2005-05-14 01:05 . 2004-08-04 12:00 35424 c:\windows\system32\ntio412.sys
+ 2005-05-14 01:05 . 2004-08-04 12:00 35648 c:\windows\system32\ntio411.sys
+ 2005-05-14 01:05 . 2004-08-04 12:00 34560 c:\windows\system32\ntio404.sys
+ 2005-05-14 01:05 . 2004-08-04 12:00 33840 c:\windows\system32\ntio.sys
+ 2005-05-14 01:05 . 2008-04-14 00:12 67072 c:\windows\system32\ntdsapi.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 29146 c:\windows\system32\ntdos804.sys
+ 2005-05-14 01:05 . 2004-08-04 12:00 29274 c:\windows\system32\ntdos412.sys
+ 2005-05-14 01:05 . 2004-08-04 12:00 29370 c:\windows\system32\ntdos411.sys
+ 2005-05-14 01:05 . 2004-08-04 12:00 29146 c:\windows\system32\ntdos404.sys
+ 2005-05-14 01:05 . 2004-08-04 12:00 27866 c:\windows\system32\ntdos.sys
+ 2005-05-14 01:05 . 2008-04-14 00:12 76800 c:\windows\system32\nslookup.exe
+ 2005-05-14 01:05 . 2008-04-14 00:12 54784 c:\windows\system32\npptools.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 15360 c:\windows\system32\npp\nppagent.exe
+ 2005-05-14 01:05 . 2008-04-14 00:12 57344 c:\windows\system32\npp\ndisnpp.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 69120 c:\windows\system32\notepad.exe
+ 2006-06-29 13:05 . 2009-01-07 22:20 23552 c:\windows\system32\normaliz.dll
+ 2005-05-14 02:03 . 2008-04-14 00:12 28672 c:\windows\system32\nmmkcert.dll
+ 2005-05-14 02:03 . 2004-08-04 12:00 12288 c:\windows\system32\nmevtmsg.dll
+ 2006-06-28 22:59 . 2009-01-07 22:20 24576 c:\windows\system32\nlsdl.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 98304 c:\windows\system32\nlhtml.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 80896 c:\windows\system32\netui0.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 36864 c:\windows\system32\netstat.exe
+ 2005-05-14 01:05 . 2008-04-14 00:12 86016 c:\windows\system32\netsh.exe
+ 2005-05-14 01:05 . 2008-04-14 00:12 11776 c:\windows\system32\netrap.dll
+ 2003-02-21 02:16 . 2003-02-21 02:16 32768 c:\windows\system32\netfxperf.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 42496 c:\windows\system32\net.exe
+ 2005-05-14 01:05 . 2008-04-14 00:12 18944 c:\windows\system32\nddenb32.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 17920 c:\windows\system32\nddeapi.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 36352 c:\windows\system32\ncobjapi.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 20480 c:\windows\system32\nbtstat.exe
+ 2005-05-14 01:05 . 2004-08-04 12:00 35840 c:\windows\system32\narrhook.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 53760 c:\windows\system32\narrator.exe
+ 2008-08-27 07:48 . 2008-04-14 00:12 30208 c:\windows\system32\napipsec.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 90624 c:\windows\system32\mydocs.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 90112 c:\windows\system32\mycomput.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 15360 c:\windows\system32\mui\0409\mscorees.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 87552 c:\windows\system32\mui\0009\hhctrlui.dll
+ 2005-05-14 02:01 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
+ 2005-05-14 02:01 . 2008-04-14 00:12 34304 c:\windows\system32\mtxlegih.dll
+ 2005-05-14 02:01 . 2008-04-14 00:12 30720 c:\windows\system32\mtxdm.dll
+ 2005-05-14 01:05 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-04 00:56 . 2009-11-27 17:11 17920 c:\windows\system32\msyuv.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 26624 c:\windows\system32\msxmlr.dll
+ 2008-08-27 07:48 . 2008-04-13 17:27 79872 c:\windows\system32\msxml6r.dll
+ 2003-04-18 20:29 . 2003-04-18 20:29 82432 c:\windows\system32\msxml4r.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 44032 c:\windows\system32\msxml3r.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 37916 c:\windows\system32\msxml2r.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 72704 c:\windows\system32\msw3prt.dll
+ 2005-05-14 01:05 . 2009-11-27 16:07 28672 c:\windows\system32\msvidc32.dll
+ 2005-05-14 01:05 . 2008-04-13 18:30 61440 c:\windows\system32\msvcrt40.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 57344 c:\windows\system32\msvcirt.dll
+ 2001-12-16 18:13 . 2001-12-16 18:13 54784 c:\windows\system32\msvci70.dll
+ 2005-05-14 02:02 . 2008-04-14 00:12 12288 c:\windows\system32\mstinit.exe
+ 2005-05-14 01:05 . 2004-08-04 12:00 13312 c:\windows\system32\msswch.dll
+ 1998-08-09 19:07 . 1998-08-09 19:07 94208 c:\windows\system32\MSSTKPRP.DLL
+ 2005-05-14 01:05 . 2004-08-04 12:00 35840 c:\windows\system32\mssign32.dll
+ 2008-08-27 07:47 . 2008-04-13 18:14 76800 c:\windows\system32\msshavmsg.dll
+ 2005-05-14 01:05 . 2009-11-27 16:07 11264 c:\windows\system32\msrle32.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 28746 c:\windows\system32\msrecr40.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 73802 c:\windows\system32\msrclr40.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 60416 c:\windows\system32\msratelc.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 69632 c:\windows\system32\msr2c.dll
+ 2005-05-14 01:05 . 2008-04-13 16:23 48128 c:\windows\system32\msprivs.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 41984 c:\windows\system32\msports.dll
+ 2005-05-14 01:07 . 2006-10-19 01:47 27136 c:\windows\system32\mspmsnsv.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 29696 c:\windows\system32\mspatcha.dll
+ 2005-05-14 01:05 . 2008-04-13 17:24 20480 c:\windows\system32\msorc32r.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 33280 c:\windows\system32\msobjs.dll
+ 2003-11-21 05:45 . 2003-11-21 05:45 91136 c:\windows\system32\msls2.dll
+ 2005-05-14 01:06 . 2008-04-14 00:12 25088 c:\windows\system32\mslbui.dll
+ 2005-05-14 01:05 . 2008-03-25 04:50 60192 c:\windows\system32\msjter40.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 15360 c:\windows\system32\msisip.dll
+ 2009-04-16 13:25 . 2004-08-04 12:00 98304 c:\windows\system32\msir3jp.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 78848 c:\windows\system32\msiexec.exe
+ 2005-05-14 01:05 . 2004-08-04 12:00 14848 c:\windows\system32\msidntld.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 51712 c:\windows\system32\msident.dll
+ 2005-05-14 01:05 . 2009-03-08 08:31 48128 c:\windows\system32\mshtmler.dll
+ 2005-05-14 01:05 . 2009-03-08 08:31 66560 c:\windows\system32\mshtmled.dll
+ 2005-05-14 01:05 . 2009-03-08 08:31 45568 c:\windows\system32\mshta.exe
+ 2005-05-14 01:05 . 2008-04-14 00:11 33792 c:\windows\system32\msgsvc.dll
+ 2005-05-14 02:01 . 2004-08-04 12:00 20992 c:\windows\system32\msg.exe
+ 2007-08-13 23:36 . 2009-03-08 08:31 13312 c:\windows\system32\msfeedssync.exe
+ 2007-08-13 23:54 . 2010-02-25 06:24 55296 c:\windows\system32\msfeedsbs.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 94282 c:\windows\system32\msencode.dll
+ 2005-05-14 02:01 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
+ 2005-05-14 02:01 . 2004-08-04 12:00 19429 c:\windows\system32\MsDtc\Trace\msdtcvtr.bat
+ 2005-05-14 01:05 . 2008-04-14 00:11 14336 c:\windows\system32\msdmo.dll
+ 2005-05-14 01:06 . 2008-04-14 00:11 68608 c:\windows\system32\msctfp.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 36864 c:\windows\system32\mscpxl32.dll
+ 2005-05-14 01:05 . 2008-04-13 17:26 12288 c:\windows\system32\mscpx32r.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 83968 c:\windows\system32\mscories.dll
+ 2005-05-14 02:03 . 2008-04-14 00:11 69632 c:\windows\system32\msconf.dll
+ 2005-05-14 01:05 . 2008-06-24 16:43 74240 c:\windows\system32\mscms.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 65024 c:\windows\system32\msaudite.dll
+ 2005-05-14 01:05 . 2009-09-04 21:03 58880 c:\windows\system32\msasn1.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 86016 c:\windows\system32\msapsspc.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 20480 c:\windows\system32\msacm32.drv
+ 2005-05-14 01:05 . 2008-04-14 00:11 71680 c:\windows\system32\msacm32.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 61168 c:\windows\system32\msacm.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 12800 c:\windows\system32\mrinfo.exe
+ 2005-05-14 01:05 . 2004-08-04 12:00 47104 c:\windows\system32\mprui.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 99840 c:\windows\system32\mprmsg.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 53248 c:\windows\system32\mprdim.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 69120 c:\windows\system32\mprddm.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 87040 c:\windows\system32\mprapi.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 59904 c:\windows\system32\mpr.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 22016 c:\windows\system32\mpnotify.exe
+ 2005-05-14 01:05 . 2008-04-14 00:12 16896 c:\windows\system32\more.com
+ 2005-05-14 01:05 . 2004-08-04 12:00 10112 c:\windows\system32\modex.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 19456 c:\windows\system32\mode.com
+ 2005-05-14 02:03 . 2008-04-14 00:12 32768 c:\windows\system32\mnmsrvc.exe
+ 2005-05-14 02:03 . 2008-04-14 00:11 34560 c:\windows\system32\mnmdd.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 68768 c:\windows\system32\mmsystem.dll
+ 2005-05-14 02:01 . 2008-04-14 00:11 17408 c:\windows\system32\mmfutil.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 12288 c:\windows\system32\mmdrv.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 61440 c:\windows\system32\mmcshext.dll
+ 2008-08-27 07:47 . 2008-04-14 00:12 33792 c:\windows\system32\mmcperf.exe
+ 2005-05-14 04:22 . 1999-04-17 08:06 11375 c:\windows\system32\MLLpY.exe
+ 2005-05-14 01:05 . 2008-04-14 00:11 29696 c:\windows\system32\mimefilt.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 51712 c:\windows\system32\migpwd.exe
+ 2005-05-14 01:05 . 2008-04-14 00:11 60928 c:\windows\system32\miglibnt.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 18944 c:\windows\system32\midimap.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 46258 c:\windows\system32\mib.bin
+ 2005-05-14 01:05 . 2008-04-14 00:11 14848 c:\windows\system32\mgmtapi.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 22528 c:\windows\system32\mfcsubs.dll
+ 1998-06-18 02:08 . 1998-06-18 02:08 53248 c:\windows\system32\MFC42ENU.DLL
+ 2005-05-14 01:05 . 2008-04-14 00:11 40960 c:\windows\system32\mf3216.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 39274 c:\windows\system32\mem.exe
+ 2008-08-27 07:47 . 2008-04-14 00:11 86016 c:\windows\system32\mdmxsdk.dll
+ 2006-03-28 01:42 . 2007-04-09 17:23 28040 c:\windows\system32\mdimon.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 50176 c:\windows\system32\mdhcp.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 28160 c:\windows\system32\mciwave.drv
+ 2005-05-14 01:05 . 2008-04-14 00:11 23552 c:\windows\system32\mciwave.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 25264 c:\windows\system32\mciseq.drv
+ 2005-05-14 01:05 . 2008-04-14 00:11 23040 c:\windows\system32\mciseq.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 35328 c:\windows\system32\mciqtz32.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 17408 c:\windows\system32\mcicda.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 84480 c:\windows\system32\mciavi32.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 73376 c:\windows\system32\mciavi.drv
+ 2005-05-14 01:05 . 2004-08-04 12:00 10496 c:\windows\system32\mcdsrv32.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 10240 c:\windows\system32\mcd32.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 14336 c:\windows\system32\mcastmib.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 57344 c:\windows\system32\makecab.exe
+ 2005-05-14 01:05 . 2008-04-14 00:12 72704 c:\windows\system32\magnify.exe
+ 2008-07-02 19:49 . 2009-12-09 04:20 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2005-05-14 01:05 . 2008-04-14 00:12 13312 c:\windows\system32\lsass.exe
+ 2005-05-14 01:05 . 2008-04-14 00:11 10240 c:\windows\system32\lprhelp.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 22016 c:\windows\system32\lpk.dll
+ 2005-05-14 02:01 . 2004-08-04 12:00 15360 c:\windows\system32\logoff.exe
+ 2005-05-14 01:05 . 2008-04-14 00:12 59392 c:\windows\system32\logman.exe
+ 2005-05-14 01:05 . 2004-08-04 12:00 50176 c:\windows\system32\loghours.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 75264 c:\windows\system32\locator.exe
+ 2005-05-14 01:05 . 2008-04-14 00:11 11776 c:\windows\system32\localui.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 97280 c:\windows\system32\loadperf.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 25088 c:\windows\system32\lnkstub.exe
+ 2005-05-14 01:05 . 2008-04-14 00:11 13824 c:\windows\system32\lmhsvc.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 19968 c:\windows\system32\linkinfo.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 29696 c:\windows\system32\lights.exe
+ 2005-05-14 02:01 . 2008-04-14 00:11 58880 c:\windows\system32\licwmi.dll
+ 2005-05-14 01:05 . 2009-03-08 08:34 43008 c:\windows\system32\licmgr10.dll
+ 2002-06-06 17:02 . 2002-06-06 17:02 59392 c:\windows\system32\lfwmf11n.dll
+ 2002-06-06 17:02 . 2002-06-06 17:02 27648 c:\windows\system32\lftga11n.dll
+ 2002-06-06 17:02 . 2002-06-06 17:02 56320 c:\windows\system32\lfpsd11n.dll
+ 2002-06-06 17:02 . 2002-06-06 17:02 33280 c:\windows\system32\lfpcx11n.dll
+ 2002-06-06 17:02 . 2002-06-06 17:02 26112 c:\windows\system32\lfpcd11n.dll
+ 2002-06-06 17:02 . 2002-06-06 17:02 41472 c:\windows\system32\lfgif11n.dll
+ 2002-06-06 17:02 . 2002-06-06 17:02 81408 c:\windows\system32\lffax11n.dll
+ 2002-06-06 17:02 . 2002-06-06 17:02 31232 c:\windows\system32\lfeps11n.dll
+ 2002-06-06 17:02 . 2002-06-06 17:02 36864 c:\windows\system32\lfbmp11n.dll
+ 2005-05-14 01:07 . 2006-10-19 01:47 11264 c:\windows\system32\LAPRXY.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 89600 c:\windows\system32\langwrbk.dll
+ 2008-08-27 07:47 . 2008-04-14 00:11 37376 c:\windows\system32\l2gpstore.dll
+ 2005-05-14 01:06 . 2004-08-04 12:00 92224 c:\windows\system32\krnl386.exe
+ 2009-04-16 13:25 . 2004-08-04 12:00 70656 c:\windows\system32\korwbrkr.dll
+ 2008-08-27 07:47 . 2008-04-14 00:11 61440 c:\windows\system32\kmsvc.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 42537 c:\windows\system32\keyboard.sys
+ 2005-05-14 01:05 . 2004-08-04 12:00 42809 c:\windows\system32\key01.sys
+ 2005-05-14 01:05 . 2004-08-04 12:00 14710 c:\windows\system32\kb16.com
+ 2005-05-14 01:05 . 2010-02-25 06:24 25600 c:\windows\system32\jsproxy.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 47952 c:\windows\system32\jobexec.dll
+ 2005-05-14 01:05 . 2005-02-07 20:05 65536 c:\windows\system32\jgsh400.dll
+ 2005-05-14 01:05 . 2005-02-07 20:05 45568 c:\windows\system32\jgsd400.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 27648 c:\windows\system32\jgpl400.dll
+ 2005-05-14 01:05 . 2005-02-07 20:05 35840 c:\windows\system32\jgmd400.dll
+ 2005-05-14 01:05 . 2005-02-07 20:05 44544 c:\windows\system32\jgaw400.dll
+ 2005-05-14 04:22 . 1999-04-17 08:06 11375 c:\windows\system32\jBbIPm.dll
+ 2004-08-04 00:56 . 2009-11-27 16:07 48128 c:\windows\system32\iyuv_32.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 54272 c:\windows\system32\ixsso.dll
+ 2005-05-14 04:19 . 2002-11-21 17:57 20480 c:\windows\system32\IVIresize.dll
+ 2005-05-14 02:03 . 2008-04-14 00:11 32768 c:\windows\system32\isrdbg32.dll
+ 2005-05-14 02:02 . 2008-04-14 00:11 81920 c:\windows\system32\isign32.dll
+ 2005-05-13 18:57 . 2004-08-04 12:00 13312 c:\windows\system32\irclass.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 22016 c:\windows\system32\ipxwan.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 66560 c:\windows\system32\ipxsap.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 39936 c:\windows\system32\ipxrtmgr.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 23552 c:\windows\system32\ipxroute.exe
+ 2005-05-14 01:05 . 2004-08-04 12:00 21504 c:\windows\system32\ipxrip.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 69120 c:\windows\system32\ipxpromn.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 83968 c:\windows\system32\ipxmontr.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 59904 c:\windows\system32\ipv6mon.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 53248 c:\windows\system32\ipv6.exe
+ 2005-05-14 01:05 . 2004-08-04 12:00 44032 c:\windows\system32\ipsec6.exe
+ 2005-05-14 01:05 . 2008-04-14 00:11 94720 c:\windows\system32\iphlpapi.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 55808 c:\windows\system32\ipconfig.exe
+ 2005-05-14 01:05 . 2004-08-04 12:00 30720 c:\windows\system32\iologmsg.dll
+ 2006-03-28 01:40 . 2004-06-10 19:03 28672 c:\windows\system32\InstallInf.exe
+ 2005-05-14 01:05 . 2009-03-08 08:32 94720 c:\windows\system32\inseng.dll
+ 2008-07-29 23:24 . 2008-07-29 23:24 97800 c:\windows\system32\infocardapi.dll
+ 2005-05-14 04:21 . 2005-02-07 20:05 54784 c:\windows\system32\Inetwh32.dll
+ 2005-05-14 02:02 . 2008-04-13 16:22 48128 c:\windows\system32\inetres.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 15872 c:\windows\system32\inetppui.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 75264 c:\windows\system32\inetpp.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 32768 c:\windows\system32\inetmib1.dll
+ 2005-05-14 01:05 . 2009-03-08 08:31 34816 c:\windows\system32\imgutil.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 36921 c:\windows\system32\imeshare.dll
+ 2008-08-27 07:47 . 2008-04-14 00:10 10240 c:\windows\system32\IME\TINTLGNT\TMIGRATE.DLL
+ 2008-08-27 07:47 . 2004-08-04 02:32 44032 c:\windows\system32\IME\TINTLGNT\TINTLPHR.EXE
+ 2008-08-27 07:47 . 2008-04-14 00:10 67584 c:\windows\system32\IME\PINTLGNT\PMIGRATE.DLL
+ 2008-08-27 07:47 . 2008-04-13 16:43 70144 c:\windows\system32\IME\PINTLGNT\PINTLPHR.EXE
+ 2008-08-27 07:47 . 2004-08-04 02:31 59392 c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
+ 2005-05-14 02:03 . 2008-04-14 00:11 81920 c:\windows\system32\ils.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 70656 c:\windows\system32\ifsutil.dll
+ 2007-08-13 23:39 . 2009-03-08 08:32 36864 c:\windows\system32\ieudinit.exe
+ 2005-05-14 01:05 . 2009-03-08 08:32 71680 c:\windows\system32\iesetup.dll
+ 2005-05-14 01:05 . 2009-03-08 08:32 55808 c:\windows\system32\iernonce.dll
+ 2006-06-29 13:05 . 2009-01-07 22:20 26112 c:\windows\system32\idndl.dll
+ 2005-05-14 02:02 . 2008-04-14 00:11 65536 c:\windows\system32\icwphbk.dll
+ 2005-05-14 02:02 . 2008-04-14 00:11 73728 c:\windows\system32\icwdial.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 54784 c:\windows\system32\icmui.dll
+ 2005-05-14 02:03 . 2004-08-04 12:00 16384 c:\windows\system32\icfgnt5.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 80384 c:\windows\system32\iccvid.dll
+ 2008-07-29 23:24 . 2008-07-29 23:24 11264 c:\windows\system32\icardres.dll
+ 2007-08-13 23:36 . 2009-03-08 08:31 59904 c:\windows\system32\icardie.dll
+ 2005-05-14 02:01 . 2008-04-14 00:11 11264 c:\windows\system32\icaapi.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 59392 c:\windows\system32\iassvcs.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 86528 c:\windows\system32\iassam.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 17920 c:\windows\system32\iaspolcy.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 62464 c:\windows\system32\iasnap.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 32256 c:\windows\system32\iashlpr.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 41472 c:\windows\system32\iasads.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 23552 c:\windows\system32\iasacct.dll
+ 2005-03-28 22:44 . 2005-03-28 22:44 40960 c:\windows\system32\HWS_Ctrl.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 41984 c:\windows\system32\htui.dll
+ 2005-05-14 01:05 . 2009-10-21 05:38 25088 c:\windows\system32\httpapi.dll
+ 2005-05-14 02:01 . 2004-08-04 12:00 44544 c:\windows\system32\hticons.dll
+ 2008-08-27 07:46 . 2008-04-14 00:11 32285 c:\windows\system32\hsfcisp2.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 14848 c:\windows\system32\hnetmon.dll
+ 2003-11-21 07:09 . 2003-11-21 07:09 31744 c:\windows\system32\hlp95en.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 72704 c:\windows\system32\hlink.dll
+ 2004-08-04 00:56 . 2008-04-14 00:11 20992 c:\windows\system32\hid.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 41472 c:\windows\system32\hhsetup.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 15872 c:\windows\system32\help.exe
+ 2004-08-03 22:59 . 2008-04-13 18:31 81152 c:\windows\system32\HAL.DLL
+ 2005-05-14 01:05 . 2008-04-14 00:12 39424 c:\windows\system32\grpconv.exe
+ 2005-05-14 01:05 . 2004-08-04 12:00 19694 c:\windows\system32\graphics.com
+ 2005-05-14 01:05 . 2004-08-04 12:00 26112 c:\windows\system32\graftabl.com
+ 1999-03-03 04:26 . 1999-03-03 04:26 80896 c:\windows\system32\GETINFO.DLL
+ 2005-05-14 01:05 . 2004-08-04 12:00 24576 c:\windows\system32\gdi.exe
+ 2005-05-14 01:05 . 2004-08-04 12:00 76800 c:\windows\system32\gcdef.dll
+ 2005-05-14 02:01 . 2004-08-04 12:00 11264 c:\windows\system32\fxssend.exe
+ 2005-05-14 02:01 . 2004-08-04 12:00 31744 c:\windows\system32\fxsroute.dll
+ 2005-05-14 02:01 . 2008-04-14 00:11 23552 c:\windows\system32\fxsmon.dll
+ 2005-05-14 02:01 . 2008-04-14 00:11 23552 c:\windows\system32\fxsext32.dll
+ 2005-05-14 02:01 . 2008-04-14 00:11 55296 c:\windows\system32\fxsevent.dll
+ 2005-05-14 02:01 . 2008-04-14 00:11 26624 c:\windows\system32\fxsdrv.dll
+ 2005-05-14 02:01 . 2008-04-14 00:11 72192 c:\windows\system32\fxscom.dll
+ 2005-05-14 04:22 . 1999-04-17 08:06 11375 c:\windows\system32\FWxei.exe
+ 2005-05-14 01:05 . 2008-04-14 00:11 60416 c:\windows\system32\fwcfg.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 42496 c:\windows\system32\ftp.exe
+ 2005-05-14 01:05 . 2004-08-04 12:00 56320 c:\windows\system32\fsutil.exe
+ 2005-05-14 01:05 . 2004-08-04 12:00 81408 c:\windows\system32\fsusd.dll
+ 2005-05-14 02:01 . 2004-08-04 12:00 55296 c:\windows\system32\freecell.exe
+ 2005-05-14 01:05 . 2008-04-14 00:12 29696 c:\windows\system32\format.com
+ 2005-05-14 01:05 . 2008-04-14 00:12 20992 c:\windows\system32\fontview.exe
+ 2005-05-14 01:05 . 2009-10-15 16:28 81920 c:\windows\system32\fontsub.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 16384 c:\windows\system32\fmifs.dll
+ 2007-03-22 23:17 . 2007-03-22 23:17 35440 c:\windows\system32\FM20ENU.DLL
+ 2005-05-14 02:03 . 2008-04-14 00:12 23040 c:\windows\system32\fltmc.exe
+ 2005-05-14 02:03 . 2008-04-14 00:11 16896 c:\windows\system32\fltlib.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 87552 c:\windows\system32\fldrclnr.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 27136 c:\windows\system32\findstr.exe
+ 2005-05-14 01:05 . 2008-04-14 00:11 21504 c:\windows\system32\feclient.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 14848 c:\windows\system32\fc.exe
+ 2008-08-27 07:46 . 2008-04-14 00:12 20992 c:\windows\system32\faxpatch.exe
+ 2005-05-14 01:05 . 2008-04-14 00:11 80384 c:\windows\system32\faultrep.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 24064 c:\windows\system32\extrac32.exe
+ 2005-05-14 01:05 . 2004-08-04 12:00 15872 c:\windows\system32\expand.exe
+ 2005-05-14 01:05 . 2008-04-14 00:11 56320 c:\windows\system32\eventlog.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 33280 c:\windows\system32\eventcls.dll
+ 2005-05-14 04:22 . 1999-04-17 08:06 11375 c:\windows\system32\ETJNlHnHe.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 39424 c:\windows\system32\esentutl.exe
+ 2005-05-14 01:05 . 2004-08-04 12:00 17408 c:\windows\system32\esentprf.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 23040 c:\windows\system32\ersvc.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 20480 c:\windows\system32\encapi.dll
+ 2008-08-27 07:47 . 2008-04-14 00:11 40960 c:\windows\system32\en\mmcex.resources.dll
+ 2008-08-27 07:47 . 2008-04-14 00:11 28672 c:\windows\system32\en\microsoft.managementconsole.resources.dll
+ 2005-05-14 02:02 . 2005-05-14 02:02 21640 c:\windows\system32\emptyregdb.dat
+ 2005-03-15 17:50 . 2005-03-15 17:50 24576 c:\windows\system32\EKECioCtl.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 12642 c:\windows\system32\edlin.exe
+ 2005-05-14 01:06 . 2004-08-04 12:00 69886 c:\windows\system32\edit.com
+ 2005-05-14 03:26 . 2005-03-25 17:24 28672 c:\windows\system32\EBLib.DLL
+ 2008-08-27 07:46 . 2008-04-14 00:11 33792 c:\windows\system32\eapsvc.dll
+ 2008-08-27 07:46 . 2008-04-14 00:11 59392 c:\windows\system32\eapqec.dll
+ 2008-08-27 07:46 . 2008-04-14 00:11 40960 c:\windows\system32\eappprxy.dll
+ 2008-08-27 07:46 . 2008-04-14 00:11 94208 c:\windows\system32\eappgnui.dll
+ 2008-08-27 07:46 . 2008-04-14 00:11 30720 c:\windows\system32\eapolqec.dll
+ 2005-05-14 04:22 . 1999-04-17 08:06 11375 c:\windows\system32\dYuCwFYq.dll
+ 1999-11-05 18:07 . 1999-11-05 18:07 57856 c:\windows\system32\Dxver.dll
+ 2008-07-30 01:10 . 2008-07-30 01:10 73720 c:\windows\system32\dxva2.dll
+ 2005-05-14 01:05 . 2008-04-14 00:12 17920 c:\windows\system32\dvdupgrd.exe
+ 2001-08-17 22:36 . 2004-08-04 12:00 55296 c:\windows\system32\dvdplay.exe
+ 2005-05-14 01:05 . 2008-04-14 00:12 10752 c:\windows\system32\dumprep.exe
+ 2005-05-14 01:05 . 2008-04-14 00:11 19456 c:\windows\system32\dswave.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 51200 c:\windows\system32\dssec.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 92672 c:\windows\system32\dskquota.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 71680 c:\windows\system32\dsdmoprp.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 62976 c:\windows\system32\dsauth.dll
+ 2005-05-14 01:05 . 2008-04-14 00:11 16384 c:\windows\system32\ds32gt.dll
+ 2005-05-14 01:05 . 2004-08-04 12:00 45568 c:\windows\system32\drwtsn32.exe
+ 2005-05-14 01:05 . 2004-08-04 12:00 28112 c:\windows\system32\drwatson.exe
+ 2005-05-14 01:06 . 2008-04-14 00:11 14336 c:\windows\system32\drprov.dll
+ 2005-05-14 01:07 . 2005-01-28 21:44 96768 c:\windows\system32\drmstor.dll
+ 2005-05-14 04:22 . 1999-04-17 08:06 11375 c:\windows\system32\drivers\XSPge.dll
+ 2006-09-28 23:00 . 2006-09-28 23:00 82944 c:\windows\system32\drivers\WudfRd.sys
+ 2006-09-28 22:55 . 2006-09-28 22:55 77568 c:\windows\system32\drivers\WudfPf.sys
+ 2005-05-14 01:06 . 2004-08-04 12:00 12032 c:\windows\system32\drivers\ws2ifsl.sys
+ 2004-08-11 08:45 . 2006-10-19 00:00 38528 c:\windows\system32\drivers\wpdusb.sys
+ 2005-05-14 03:25 . 2005-01-25 21:40 34048 c:\windows\system32\drivers\WOWXT_kern_i386.sys
+ 2005-05-14 02:28 . 2008-04-13 19:17 83072 c:\windows\system32\drivers\wdmaud.sys
+ 2008-08-27 07:49 . 2004-08-04 02:29 25471 c:\windows\system32\drivers\watv10nt.sys
+ 2008-08-27 07:49 . 2004-08-04 02:29 22271 c:\windows\system32\drivers\watv06nt.sys
+ 2005-05-14 01:06 . 2008-04-13 18:57 34560 c:\windows\system32\drivers\wanarp.sys
+ 2008-08-27 07:49 . 2004-08-04 02:29 11935 c:\windows\system32\drivers\wadv11nt.sys
+ 2008-08-27 07:49 . 2004-08-04 02:29 11871 c:\windows\system32\drivers\wadv09nt.sys
+ 2008-08-27 07:49 . 2004-08-04 02:29 11295 c:\windows\system32\drivers\wadv08nt.sys
+ 2008-08-27 07:49 . 2004-08-04 02:29 11807 c:\windows\system32\drivers\wadv07nt.sys
+ 2008-08-27 07:49 . 2008-04-13 18:43 14208 c:\windows\system32\drivers\wacompen.sys
+ 2005-05-14 01:06 . 2008-04-13 18:41 52352 c:\windows\system32\drivers\volsnap.sys
+ 2005-05-14 04:22 . 1999-04-17 08:06 11375 c:\windows\system32\drivers\VKOqWrV.dll
+ 2005-05-14 01:06 . 2008-04-13 18:44 81664 c:\windows\system32\drivers\videoprt.sys
+ 2008-08-27 07:49 . 2008-04-13 18:36 42240 c:\windows\system32\drivers\viaagp.sys
+ 2005-05-14 01:06 . 2008-04-13 18:44 20992 c:\windows\system32\drivers\vga.sys
+ 2001-08-17 14:02 . 2004-08-04 12:00 58112 c:\windows\system32\drivers\vdmindvd.sys
+ 2008-08-27 07:49 . 2008-04-14 00:12 11325 c:\windows\system32\drivers\vchnt5.dll
+ 2007-11-12 00:30 . 2008-04-13 18:45 26368 c:\windows\system32\drivers\usbstor.sys
+ 2004-08-03 23:08 . 2008-04-13 18:45 17152 c:\windows\system32\drivers\usbohci.sys
+ 2004-08-03 23:08 . 2008-04-13 18:45 15872 c:\windows\system32\drivers\usbintel.sys
+ 2004-08-03 23:08 . 2008-04-13 18:45 59520 c:\windows\system32\drivers\usbhub.sys
+ 2004-08-03 23:08 . 2008-04-13 18:45 30208 c:\windows\system32\drivers\usbehci.sys
+ 2001-08-17 14:03 . 2008-04-13 18:45 25728 c:\windows\system32\drivers\usbcamd2.sys
+ 2001-08-17 14:03 . 2008-04-13 18:45 25600 c:\windows\system32\drivers\usbcamd.sys
+ 2008-08-27 07:49 . 2008-04-13 18:56 12800 c:\windows\system32\drivers\usb8023x.sys
+ 2005-05-14 01:06 . 2008-04-13 18:56 12800 c:\windows\system32\drivers\usb8023.sys
+ 2005-05-14 01:06 . 2008-04-13 18:32 66048 c:\windows\system32\drivers\udfs.sys
+ 2008-08-27 07:49 . 2008-04-13 18:36 44672 c:\windows\system32\drivers\uagp35.sys
+ 2005-05-14 03:25 . 2005-04-15 20:46 29056 c:\windows\system32\drivers\Tvs.sys
+ 2004-08-03 23:03 . 2008-04-13 18:56 12288 c:\windows\system32\drivers\tunmp.sys
+ 2005-05-14 03:25 . 2005-01-25 21:35 29184 c:\windows\system32\drivers\TSXT_kern_i386.sys
+ 2001-08-17 14:06 . 2004-08-04 12:00 21376 c:\windows\system32\drivers\tsbvcap.sys
+ 2001-08-17 14:01 . 2004-08-04 12:00 51712 c:\windows\system32\drivers\tosdvd.sys
+ 2005-05-14 02:01 . 2008-04-14 00:13 40840 c:\windows\system32\drivers\termdd.sys
+ 2005-05-14 02:01 . 2008-04-14 00:13 21896 c:\windows\system32\drivers\tdtcp.sys
+ 2005-05-14 02:01 . 2008-04-14 00:13 12040 c:\windows\system32\drivers\tdpipe.sys
+ 2005-05-14 01:06 . 2008-04-13 19:00 19072 c:\windows\system32\drivers\tdi.sys
+ 2005-05-14 01:06 . 2008-04-13 18:40 14976 c:\windows\system32\drivers\tape.sys
+ 2005-05-14 02:28 . 2008-04-13 19:15 60800 c:\windows\system32\drivers\sysaudio.sys
+ 2005-05-14 02:28 . 2008-04-13 18:45 56576 c:\windows\system32\drivers\swmidi.sys
+ 2004-08-03 23:08 . 2008-04-13 18:45 49408 c:\windows\system32\drivers\stream.sys
+ 2006-03-28 01:45 . 2004-12-02 19:04 23545 c:\windows\system32\drivers\ssrtln.sys
+ 2005-05-14 02:03 . 2008-04-13 18:36 73472 c:\windows\system32\drivers\sr.sys
+ 2004-08-03 23:09 . 2008-04-13 18:46 25344 c:\windows\system32\drivers\sonydcam.sys
+ 2005-05-14 01:06 . 2004-08-04 12:00 14592 c:\windows\system32\drivers\smclib.sys
+ 2008-08-27 07:48 . 2004-08-04 02:41 13240 c:\windows\system32\drivers\slwdmsup.sys
+ 2008-08-27 07:48 . 2004-08-04 02:41 95424 c:\windows\system32\drivers\slnthal.sys
+ 2008-08-27 07:48 . 2008-04-13 18:36 40960 c:\windows\system32\drivers\sisagp.sys
+ 2004-08-03 22:59 . 2008-04-13 18:40 11392 c:\windows\system32\drivers\sfloppy.sys
+ 2004-08-03 22:59 . 2008-04-13 18:40 11008 c:\windows\system32\drivers\sffp_sd.sys
+ 2008-08-27 07:48 . 2008-04-13 18:40 10240 c:\windows\system32\drivers\sffp_mmc.sys
+ 2004-08-03 22:59 . 2008-04-13 18:40 11904 c:\windows\system32\drivers\sffdisk.sys
+ 2004-08-03 23:15 . 2008-04-13 19:15 64512 c:\windows\system32\drivers\serial.sys
+ 2004-08-03 22:59 . 2008-04-13 18:40 15744 c:\windows\system32\drivers\serenum.sys
+ 2006-04-06 19:39 . 2004-07-22 16:36 42240 c:\windows\system32\drivers\ser2plms.sys
+ 2005-05-14 01:06 . 2007-11-13 10:25 20480 c:\windows\system32\drivers\secdrv.sys
+ 2004-08-03 23:07 . 2008-04-13 18:36 79232 c:\windows\system32\drivers\sdbus.sys
+ 2004-08-03 22:59 . 2008-04-13 18:40 96384 c:\windows\system32\drivers\scsiport.sys
+ 2005-05-14 02:29 . 2004-06-28 17:35 69760 c:\windows\system32\drivers\Rtlnicxp.sys
+ 2005-05-13 18:58 . 2004-08-03 22:31 20992 c:\windows\system32\drivers\RTL8139.sys
+ 2005-05-14 04:22 . 1999-04-17 08:06 11375 c:\windows\system32\drivers\ROAqQFj.dll
+ 2008-08-27 07:48 . 2008-04-13 18:56 30592 c:\windows\system32\drivers\rndismpx.sys
+ 2005-05-14 01:06 . 2008-04-13 18:56 30592 c:\windows\system32\drivers\rndismp.sys
+ 2001-08-17 13:24 . 2004-08-04 12:00 12032 c:\windows\system32\drivers\riodrv.sys
+ 2001-08-17 13:24 . 2004-08-04 12:00 12032 c:\windows\system32\drivers\rio8drv.sys
+ 2008-08-27 07:48 . 2008-04-13 18:46 59136 c:\windows\system32\drivers\rfcomm.sys
+ 2005-05-13 18:59 . 2008-04-13 18:40 57600 c:\windows\system32\drivers\redbook.sys
+ 2008-08-27 07:48 . 2004-08-04 02:41 13776 c:\windows\system32\drivers\recagent.sys
+ 2005-05-14 01:06 . 2004-08-04 12:00 34432 c:\windows\system32\drivers\rawwan.sys
+ 2005-05-14 01:06 . 2004-08-04 12:00 16512 c:\windows\system32\drivers\raspti.sys
+ 2005-05-14 01:06 . 2008-04-13 19:19 48384 c:\windows\system32\drivers\raspptp.sys
+ 2005-05-14 01:06 . 2008-04-13 18:57 41472 c:\windows\system32\drivers\raspppoe.sys
+ 2005-05-14 01:06 . 2008-04-13 19:19 51328 c:\windows\system32\drivers\rasl2tp.sys
+ 2004-07-13 09:03 . 2004-10-21 09:03 20576 c:\windows\system32\drivers\pxhelp20.sys
+ 2005-05-14 01:06 . 2004-08-04 12:00 17792 c:\windows\system32\drivers\ptilink.sys
+ 2005-05-14 01:06 . 2008-04-13 18:56 69120 c:\windows\system32\drivers\psched.sys
+ 2004-08-03 22:59 . 2008-04-13 18:31 35840 c:\windows\system32\drivers\processr.sys
+ 2006-03-28 01:45 . 2003-09-19 23:45 21248 c:\windows\system32\drivers\pfc.sys
+ 2004-08-03 22:59 . 2008-04-13 18:40 24960 c:\windows\system32\drivers\pciidex.sys
+ 2004-08-03 23:07 . 2008-04-13 18:36 68224 c:\windows\system32\drivers\pci.sys
+ 2005-05-14 01:05 . 2008-04-13 18:40 19712 c:\windows\system32\drivers\partmgr.sys
+ 2004-08-03 22:59 . 2008-04-13 18:40 80128 c:\windows\system32\drivers\parport.sys
+ 2004-08-03 22:59 . 2008-04-13 18:31 42752 c:\windows\system32\drivers\p3.sys
+ 2005-05-14 04:22 . 1999-04-17 08:06 11375 c:\windows\system32\drivers\OaVmKw.exe
+ 2005-05-14 01:05 . 2004-08-04 12:00 55936 c:\windows\system32\drivers\nwlnkspx.sys
+ 2005-05-14 01:05 . 2004-08-04 12:00 63232 c:\windows\system32\drivers\nwlnknb.sys
+ 2005-05-14 01:05 . 2008-04-13 18:56 88320 c:\windows\system32\drivers\nwlnkipx.sys
+ 2005-05-14 01:05 . 2004-08-04 12:00 32512 c:\windows\system32\drivers\nwlnkfwd.sys
+ 2005-05-14 01:05 . 2004-08-04 12:00 12416 c:\windows\system32\drivers\nwlnkflt.sys
+ 2005-05-14 04:22 . 1999-04-17 08:06 11375 c:\windows\system32\drivers\nSbVo.dll
+ 2005-05-14 01:05 . 2008-04-13 18:32 30848 c:\windows\system32\drivers\npfs.sys
+ 2005-05-14 01:05 . 2008-04-13 18:53 40320 c:\windows\system32\drivers\nmnt.sys
+ 2001-08-17 13:24 . 2004-08-04 12:00 12032 c:\windows\system32\drivers\nikedrv.sys
+ 2004-08-03 22:58 . 2008-04-13 18:51 61824 c:\windows\system32\drivers\nic1394.sys
+ 2005-05-14 01:05 . 2008-04-13 18:56 34688 c:\windows\system32\drivers\netbios.sys
+ 2005-05-14 01:05 . 2008-04-13 18:57 40576 c:\windows\system32\drivers\ndproxy.sys
+ 2005-05-14 01:05 . 2008-04-13 19:20 91520 c:\windows\system32\drivers\ndiswan.sys
+ 2004-08-03 23:03 . 2008-04-13 18:55 14592 c:\windows\system32\drivers\ndisuio.sys
+ 2005-05-14 01:05 . 2008-04-13 18:57 10112 c:\windows\system32\drivers\ndistapi.sys
+ 2008-08-27 07:48 . 2008-04-13 18:43 12672 c:\windows\system32\drivers\mutohpen.sys
+ 2004-08-03 23:07 . 2008-04-13 18:36 15488 c:\windows\system32\drivers\mssmbios.sys
+ 2005-05-14 01:05 . 2008-04-13 18:56 35072 c:\windows\system32\drivers\msgpc.sys
+ 2005-05-14 01:05 . 2008-04-13 18:32 19072 c:\windows\system32\drivers\msfs.sys
+ 2005-05-14 01:05 . 2008-04-13 18:39 42368 c:\windows\system32\drivers\mountmgr.sys
+ 2006-08-09 14:32 . 2001-08-17 17:48 12160 c:\windows\system32\drivers\mouhid.sys
+ 2004-08-03 22:58 . 2008-04-13 18:39 23040 c:\windows\system32\drivers\mouclass.sys
+ 2004-08-03 23:08 . 2008-04-13 19:00 30080 c:\windows\system32\drivers\modem.sys
+ 2005-05-14 04:22 . 1999-04-17 08:06 11375 c:\windows\system32\drivers\miETag.exe
+ 2004-08-03 23:07 . 2008-04-13 18:36 63744 c:\windows\system32\drivers\mf.sys
+ 2008-08-27 07:47 . 2004-08-04 02:41 11868 c:\windows\system32\drivers\mdmxsdk.sys
+ 2006-03-28 01:40 . 2006-03-28 01:40 15890 c:\windows\system32\drivers\mdc8021x.sys
+ 2005-05-14 01:05 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys
+ 2004-08-03 22:58 . 2008-04-13 18:39 24576 c:\windows\system32\drivers\kbdclass.sys
+ 2001-08-17 13:58 . 2008-04-13 18:36 37248 c:\windows\system32\drivers\isapnp.sys
+ 2005-05-13 18:57 . 2008-04-13 18:54 11264 c:\windows\system32\drivers\irenum.sys
+ 2005-05-14 01:05 . 2008-04-13 19:19 75264 c:\windows\system32\drivers\ipsec.sys
+ 2005-05-14 01:05 . 2008-04-13 18:57 20864 c:\windows\system32\drivers\ipinip.sys
+ 2005-05-14 01:05 . 2004-08-04 12:00 32896 c:\windows\system32\drivers\ipfltdrv.sys
+ 2005-05-14 01:05 . 2008-04-13 18:53 36608 c:\windows\system32\drivers\ip6fw.sys
+ 2004-08-03 22:59 . 2008-04-13 18:31 36352 c:\windows\system32\drivers\intelppm.sys
+ 2004-08-03 23:00 . 2008-04-13 18:40 42112 c:\windows\system32\drivers\imapi.sys
+ 2005-05-14 04:22 . 1999-04-17 08:06 11375 c:\windows\system32\drivers\IJDobUw.exe
+ 2004-08-03 23:14 . 2008-04-13 19:18 52480 c:\windows\system32\drivers\i8042prt.sys
+ 2006-08-09 14:32 . 2008-04-13 18:45 10368 c:\windows\system32\drivers\hidusb.sys
+ 2004-08-03 23:08 . 2008-04-13 18:45 24960 c:\windows\system32\drivers\hidparse.sys
+ 2008-08-27 07:46 . 2008-04-13 18:45 19200 c:\windows\system32\drivers\hidir.sys
+ 2004-08-03 23:08 . 2008-04-13 18:45 36864 c:\windows\system32\drivers\hidclass.sys
+ 2008-08-27 07:46 . 2008-04-13 18:46 25600 c:\windows\system32\drivers\hidbth.sys
+ 2008-08-27 07:46 . 2008-04-13 18:36 46464 c:\windows\system32\drivers\gagp30kx.sys
+ 2001-08-17 13:57 . 2004-08-04 12:00 12160 c:\windows\system32\drivers\fsvga.sys
+ 2004-08-03 22:59 . 2008-04-13 18:40 20480 c:\windows\system32\drivers\flpydisk.sys
+ 2005-05-14 01:05 . 2008-04-13 18:33 44544 c:\windows\system32\drivers\fips.sys
+ 2004-08-03 22:59 . 2008-04-13 18:40 27392 c:\windows\system32\drivers\fdc.sys
+ 2005-05-14 04:22 . 1999-04-17 08:06 11375 c:\windows\system32\drivers\eRcafcHK.exe
+ 2004-08-03 23:00 . 2008-04-13 18:38 71168 c:\windows\system32\drivers\dxg.sys
+ 2005-05-14 01:05 . 2004-08-04 12:00 10496 c:\windows\system32\drivers\dxapi.sys
+ 2006-03-28 01:45 . 2004-12-23 10:56 40544 c:\windows\system32\drivers\drvnddm.sys
+ 2006-03-28 01:45 . 2004-08-17 11:21 87168 c:\windows\system32\drivers\drvmcdb.sys
+ 2005-05-14 02:27 . 2008-04-13 18:45 60160 c:\windows\system32\drivers\drmk.sys
+ 2005-05-14 02:28 . 2008-04-13 18:45 52864 c:\windows\system32\drivers\dmusic.sys
+ 2005-05-14 01:05 . 2008-04-13 18:40 14208 c:\windows\system32\drivers\diskdump.sys
+ 2004-08-03 22:59 . 2008-04-13 18:40 36352 c:\windows\system32\drivers\disk.sys
+ 2005-05-14 04:22 . 1999-04-17 08:06 11375 c:\windows\system32\drivers\cSdPVKrQo.exe
+ 2004-08-03 22:59 . 2008-04-13 18:31 36736 c:\windows\system32\drivers\crusoe.sys
+ 2001-08-17 13:24 . 2004-08-04 12:00 11776 c:\windows\system32\drivers\cpqdap01.sys
+ 2005-05-13 18:58 . 2008-04-13 18:36 10240 c:\windows\system32\drivers\compbatt.sys
+ 2005-05-13 18:58 . 2008-04-13 18:36 13952 c:\windows\system32\drivers\cmbatt.sys
+ 2005-05-14 01:05 . 2008-04-13 19:16 49536 c:\windows\system32\drivers\classpnp.sys
+ 2008-08-27 07:46 . 2008-04-14 00:11 15423 c:\windows\system32\drivers\ch7xxnt5.dll
+ 2004-08-03 22:59 . 2008-04-13 18:40 62976 c:\windows\system32\drivers\cdrom.sys
+ 2003-10-23 03:15 . 2003-10-23 03:15 24698 c:\windows\system32\drivers\cdralw2k.sys
+ 2003-10-23 03:15 . 2003-10-23 03:15 67024 c:\windows\system32\drivers\cdr4_xp.sys
+ 2005-05-14 01:05 . 2008-04-13 19:14 63744 c:\windows\system32\drivers\cdfs.sys
+ 2001-08-17 13:52 . 2004-08-04 12:00 18688 c:\windows\system32\drivers\cdaudio.sys
+ 2001-08-17 13:52 . 2004-08-04 12:00 13952 c:\windows\system32\drivers\cbidf2k.sys
+ 2008-08-27 07:46 . 2008-04-13 18:46 18944 c:\windows\system32\drivers\bthusb.sys
+ 2008-08-27 07:46 . 2008-04-13 18:46 36480 c:\windows\system32\drivers\bthprint.sys
+ 2008-08-27 07:46 . 2008-04-13 18:46 37888 c:\windows\system32\drivers\bthmodem.sys
+ 2008-08-27 07:46 . 2008-04-13 18:46 17024 c:\windows\system32\drivers\bthenum.sys
+ 2005-05-14 01:04 . 2008-04-13 18:53 71552 c:\windows\system32\drivers\bridge.sys
+ 2005-05-13 18:58 . 2008-04-13 18:36 14208 c:\windows\system32\drivers\battc.sys
+ 2008-08-27 07:45 . 2008-04-14 00:11 17279 c:\windows\system32\drivers\atv10nt5.dll
+ 2008-08-27 07:45 . 2008-04-14 00:11 14143 c:\windows\system32\drivers\atv06nt5.dll




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users