Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Extremely messy looking GMER Log...


  • This topic is locked This topic is locked
19 replies to this topic

#1 H£nchman

H£nchman

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Location:London
  • Local time:06:04 PM

Posted 21 April 2010 - 05:34 PM

Referred from here: http://www.bleepingcomputer.com/forums/t/311005/possible-virus/ ~ OB

There is the problems with the google links which keep redirecting me to other search engines, when I click a link it takes me to either an attact site (i have some kind of blocker with a man holding a stop sign saying this is an attack site... with the options - Get me out of here or Ignore warning), a fake anti-virus site (a small red page with a picture of a man and woman and what seems to be an order form), a site which shows two big java signs loading or a fake search site which redirects me to a site with millions of codes... By the way when the links rediredct I get a browser pop up saying "A 3d parsing error has occurred".

I've used and currently am using McAfee Total protection 2010, MBAM, SUPERAntiSpyware, Advanced System Optimizer 3.. With Quietman7 (Global Moderator) i have performed a CKScan, used TFC.exe, used a KAV online scan, and used OTM.exe, whiles frequently posting the required logs.

DDS Log


DDS (Ver_10-03-17.01) - NTFSx86
Run by Chris at 20:11:13.75 on 21/04/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.503.80 [GMT 1:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Belkin\F5D8051v3\Belkinwcui.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
C:\Documents and Settings\Chris\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100405063736.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [F5D8051v3] c:\program files\belkin\f5d8051v3\Belkinwcui.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Ashampoo AntiSpyWare 2 Guard] c:\program files\ashampoo\ashampoo antispyware 2\AntiSpyWare2Guard.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1270089266859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\chris\applic~1\mozilla\firefox\profiles\l8gdjogg.default\
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2009-11-17 63080]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-4-2 385536]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-2 82952]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2010-4-2 54776]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files\advanced system optimizer 3\ASO3DefragSrv.exe [2010-4-10 238824]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-4-2 54752]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-2 271480]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-2 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-2 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-2 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-2 170144]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-2 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-2 141792]
R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-2-5 229688]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-2 55456]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-4-2 152320]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-4-2 51688]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-2 312584]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-4-2 88480]
S3 ADASPROT;SYSTWEAKASO;c:\program files\advanced system optimizer 3\adasprot32.sys [2010-4-10 6656]
S3 cpuz132;cpuz132;\??\c:\docume~1\chris\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\chris\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-4-2 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-2 83496]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2009-10-29 30603640]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]
S3 rt2870;Belkin N1 Wireless USB Adapter Driver;c:\windows\system32\drivers\rt2870.sys [2010-4-1 485248]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]

============== File Associations ===============

cmdfile=NOTEPAD.EXE %1
JSEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2010-04-21 19:05:29 0 ----a-w- c:\documents and settings\chris\defogger_reenable
2010-04-21 12:44:39 0 d-----w- C:\_OTM
2010-04-20 16:19:46 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-20 12:48:42 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-20 12:48:41 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-19 19:12:37 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-04-19 19:11:31 0 d-----w- c:\program files\SUPERAntiSpyware
2010-04-19 19:11:31 0 d-----w- c:\docume~1\chris\applic~1\SUPERAntiSpyware.com
2010-04-19 19:10:46 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-04-19 10:01:07 0 d-----w- c:\docume~1\chris\applic~1\Backup Manager
2010-04-18 18:31:13 0 d-----w- c:\docume~1\chris\applic~1\Webroot
2010-04-18 17:40:25 0 d-----w- c:\docume~1\chris\applic~1\Javacool Software
2010-04-18 06:46:20 0 d-----w- c:\program files\EULAlyzer
2010-04-18 06:28:40 0 d-----w- c:\program files\ID-Blaster Plus
2010-04-18 06:15:26 0 d-----w- c:\program files\FileChecker
2010-04-18 05:56:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-04-18 05:56:39 0 d-----w- c:\program files\SpywareBlaster
2010-04-17 05:08:40 0 d-----w- c:\docume~1\chris\applic~1\Malwarebytes
2010-04-17 05:07:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-17 05:07:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-17 05:07:18 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-17 05:07:17 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-15 15:07:19 0 d-----w- c:\program files\PC Drivers HeadQuarters
2010-04-13 21:56:41 0 d-----w- c:\docume~1\chris\applic~1\Intel
2010-04-13 21:21:33 0 d-----w- C:\MPC
2010-04-13 21:17:53 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-04-13 21:16:29 0 d-----w- C:\Intel
2010-04-13 20:03:40 0 d-----w- c:\docume~1\chris\applic~1\DriverCure
2010-04-13 20:00:55 0 d-----w- c:\program files\common files\ParetoLogic
2010-04-13 20:00:48 0 d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
2010-04-13 20:00:48 0 d-----w- c:\docume~1\alluse~1\applic~1\DriverCure
2010-04-13 20:00:41 0 d-----w- c:\program files\ParetoLogic
2010-04-13 18:13:27 0 d-----w- c:\documents and settings\all users\Uniblue
2010-04-13 15:29:42 0 d-----w- c:\docume~1\alluse~1\applic~1\DriverScanner
2010-04-13 15:29:41 0 d-----w- c:\docume~1\chris\applic~1\Uniblue
2010-04-13 15:24:54 0 d-----w- c:\program files\Uniblue
2010-04-13 10:59:56 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2010-04-12 22:31:13 774144 ----a-w- c:\windows\system32\NEROINSTAEC43759.DB
2010-04-12 22:31:12 1414440 ----a-w- c:\windows\system32\ShellManager310E2D762.dll
2010-04-12 20:09:49 0 d-----w- c:\program files\MSXML 4.0
2010-04-12 17:24:26 69 ----a-w- c:\windows\NeroDigital.ini
2010-04-12 15:05:02 0 d-----w- c:\program files\Nero
2010-04-12 03:27:38 0 d-----w- c:\docume~1\alluse~1\applic~1\Nero
2010-04-11 21:05:36 0 d-----w- c:\windows\Performance
2010-04-11 06:17:38 50 ----a-w- c:\windows\MegaManager.INI
2010-04-10 23:17:04 177 ----a-w- c:\windows\winamp.ini
2010-04-10 19:43:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Systweak
2010-04-10 19:36:57 17136 ----a-w- c:\windows\system32\sasnative32.exe
2010-04-10 19:36:23 0 d-----w- c:\program files\Advanced System Optimizer 3
2010-04-10 19:16:52 0 d-----w- c:\docume~1\chris\applic~1\Systweak
2010-04-10 18:25:20 3255 ----a-w- c:\windows\system32\wbem\Outlook_01cad8db2d1b634c.mof
2010-04-05 18:08:06 0 d-----w- c:\program files\Haali
2010-04-05 06:47:05 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
2010-04-05 06:47:05 50688 ----a-w- c:\windows\system32\ff_acm.acm
2010-04-05 06:47:01 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-04-05 06:46:58 0 d-----w- c:\program files\ffdshow
2010-04-05 05:33:28 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-04-05 05:33:28 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-04-05 05:27:52 0 d-----w- c:\program files\iPod
2010-04-05 05:26:03 0 d-----w- c:\program files\iTunes
2010-04-05 05:26:03 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-05 05:17:00 0 d-----w- c:\program files\Bonjour
2010-04-05 04:07:05 0 d-----w- c:\program files\Microsoft Synchronization Services
2010-04-05 04:04:35 0 d-----w- c:\documents and settings\all users\Microsoft
2010-04-05 04:00:44 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-04-05 03:53:44 0 d-----w- c:\program files\Microsoft Analysis Services
2010-04-05 03:52:44 0 d-----w- c:\windows\SHELLNEW
2010-04-04 17:57:21 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-04-04 17:57:21 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-04-04 17:57:21 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2010-04-04 17:57:21 28160 ----a-w- c:\windows\system32\irmon.dll
2010-04-04 17:57:20 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2010-04-04 17:57:20 151552 ----a-w- c:\windows\system32\irftp.exe
2010-04-04 10:11:42 0 d-----w- c:\windows\system32\Adobe
2010-04-04 03:49:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-04-03 14:47:19 424960 ----a-w- c:\windows\system32\wmavds32.ax
2010-04-03 14:47:19 245760 ----a-w- c:\windows\system32\mp4sds32.ax
2010-04-03 14:47:19 1415680 ----a-w- c:\windows\system32\wmv9vcm.dll
2010-04-03 01:20:05 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-04-02 19:08:39 50688 ----a-w- c:\windows\system32\wbhelp2.dll
2010-04-02 19:08:39 479298 ----a-w- c:\windows\system32\wbocx.ocx
2010-04-02 17:09:02 0 d-----w- c:\program files\McAfeeMOBK
2010-04-02 17:08:21 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2010-04-02 17:08:09 0 d-----w- c:\program files\McAfee Online Backup
2010-04-02 16:25:03 0 d--h--w- c:\windows\PIF
2010-04-02 16:23:13 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Anti-Theft
2010-04-02 16:19:25 0 d-----w- c:\docume~1\chris\applic~1\McAfee
2010-04-02 15:41:37 0 d-----w- c:\program files\SiteAdvisor
2010-04-02 15:39:08 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-04-02 15:38:59 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-04-02 15:38:59 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-04-02 15:38:59 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-04-02 15:38:59 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-04-02 15:38:59 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-04-02 15:38:59 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-02 15:38:59 385536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-04-02 15:38:59 312584 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-04-02 15:38:59 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-04-02 15:38:50 0 d-----w- c:\program files\common files\Mcafee
2010-04-02 15:38:47 0 d-----w- c:\program files\McAfee.com
2010-04-02 15:38:29 0 d-----w- c:\program files\McAfee
2010-04-02 14:03:13 0 d-----w- c:\docume~1\alluse~1\applic~1\SpeedBit
2010-04-02 14:03:06 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2010-04-02 14:03:06 0 d-----w- c:\program files\DAP
2010-04-02 12:14:58 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2010-04-02 11:36:32 0 d-----w- c:\program files\Star Downloader
2010-04-02 11:13:01 0 d-----w- c:\program files\WOT
2010-04-02 10:57:44 0 d-----w- c:\docume~1\chris\applic~1\Download Helper
2010-04-02 05:01:29 0 d-sh--w- c:\documents and settings\chris\IECompatCache
2010-04-02 04:59:35 0 d-sh--w- c:\documents and settings\chris\PrivacIE
2010-04-02 04:59:30 0 d-----w- c:\docume~1\chris\applic~1\Windows Search
2010-04-02 03:38:57 0 d-----w- c:\windows\system32\scripting
2010-04-02 03:38:54 0 d-----w- c:\windows\l2schemas
2010-04-02 03:38:53 0 d-----w- c:\windows\system32\en
2010-04-02 03:30:43 0 d-----w- c:\windows\network diagnostic
2010-04-02 03:01:23 69120 ------w- c:\windows\system32\wlanapi.dll
2010-04-02 03:01:02 50688 ------w- c:\windows\system32\tspkg.dll
2010-04-02 02:59:43 397312 ------w- c:\windows\system32\mmcex.dll
2010-04-02 02:58:59 94208 ------w- c:\windows\system32\eappgnui.dll
2010-04-02 02:36:55 0 d-sh--w- c:\documents and settings\chris\IETldCache
2010-04-02 02:08:25 0 d-----w- c:\documents and settings\chris\Tracing
2010-04-02 01:48:03 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2010-04-02 01:46:38 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-04-02 01:46:31 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-04-02 01:45:05 0 d-----w- c:\program files\Microsoft
2010-04-02 01:44:45 0 d-----w- c:\program files\Windows Live SkyDrive
2010-04-02 01:36:11 0 d-----w- c:\program files\common files\Windows Live
2010-04-02 01:34:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-04-02 01:34:39 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-04-02 01:34:39 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-04-02 01:34:39 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-02 01:34:39 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-04-02 01:34:38 11070976 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-04-02 01:34:33 0 d-----w- c:\windows\ie8updates
2010-04-02 01:34:19 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-04-02 01:32:24 0 dc-h--w- c:\windows\ie8
2010-04-02 00:50:00 0 d-----w- c:\windows\system32\XPSViewer
2010-04-02 00:49:05 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-04-02 00:49:05 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-04-02 00:49:05 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-04-02 00:49:05 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-04-02 00:49:05 117760 ------w- c:\windows\system32\prntvpt.dll
2010-04-02 00:49:04 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-04-02 00:49:04 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-04-02 00:49:04 0 d-----w- C:\f1196718a520a7101835
2010-04-02 00:41:35 0 d-----w- c:\program files\MSXML 6.0
2010-04-02 00:39:48 0 d-----w- c:\docume~1\chris\applic~1\Windows Desktop Search
2010-04-02 00:39:12 0 d-----w- c:\windows\system32\GroupPolicy
2010-04-02 00:39:12 0 d-----w- c:\program files\Windows Desktop Search
2010-04-02 00:37:45 1206508 -c----w- c:\windows\system32\dllcache\sysmain.sdb
2010-04-02 00:37:24 0 d-----w- c:\program files\Windows Media Connect 2
2010-04-02 00:36:20 0 d-----w- c:\windows\system32\LogFiles
2010-04-02 00:30:52 0 d-----w- c:\windows\RegisteredPackages
2010-04-02 00:28:15 0 d-----w- c:\windows\system32\URTTemp
2010-04-02 00:27:22 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-04-02 00:27:16 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-02 00:26:45 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-04-02 00:26:04 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-02 00:25:13 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-04-02 00:25:13 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-04-02 00:25:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-04-02 00:22:12 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-04-02 00:20:50 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-04-02 00:13:44 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-04-02 00:13:39 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-04-02 00:13:08 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-04-02 00:12:29 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-02 00:12:25 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-04-02 00:08:14 53248 ------w- c:\windows\system32\tsgqec.dll
2010-04-02 00:08:14 290304 ------w- c:\windows\system32\rhttpaa.dll
2010-04-02 00:08:14 136192 ------w- c:\windows\system32\aaclient.dll
2010-04-01 23:21:09 0 d-----w- c:\windows\system32\wbem\AutoRecover
2010-04-01 22:30:55 316640 ----a-w- c:\windows\WMSysPr9

Attached Files


Edited by Orange Blossom, 21 April 2010 - 07:26 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:04 PM

Posted 27 April 2010 - 08:31 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 H£nchman

H£nchman
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Location:London
  • Local time:06:04 PM

Posted 27 April 2010 - 04:27 PM

Hey Myrti thank you for getting back to me and no problems 'bout the delay... what you lot do is fantastic and I really appreciate it.
Anywho... as mentioned before search engines keep redirecting their links to random pages and i need to keep trying over and over before landing on the right page.... other than that, when using firefox (i haven't been using !E8 at all) random tabs open by themselves, i close the tabs before they have a chance to load in fear of it forcibly trying to download anything on my pc. Also I'm not sure if this is related to a problem as it doesn't seem to happen too often but my connection sometimes cuts out and recconects as unsecured however after just repairing the connection it seems fine.


OTL.Txt


OTL logfile created on: 27/04/2010 20:45:48 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

503.00 Mb Total Physical Memory | 73.00 Mb Available Physical Memory | 15.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): C:\pagefile.sys 754 754 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 55.07 Gb Free Space | 73.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WORLD-GO1RMOOJQ
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/27 20:28:50 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
PRC - [2010/04/19 17:15:00 | 000,238,824 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
PRC - [2010/04/14 12:29:58 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2010/04/14 12:29:58 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
PRC - [2010/04/01 23:05:04 | 001,180,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/04/01 19:00:32 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/05 21:14:42 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe
PRC - [2010/01/05 18:04:02 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/04 14:55:56 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2008/03/04 14:46:16 | 000,999,424 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2008/03/04 14:44:12 | 000,364,544 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2008/03/04 14:41:50 | 001,101,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2008/03/04 14:37:38 | 000,688,128 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2008/03/04 14:34:38 | 001,187,840 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2008/03/04 14:30:12 | 000,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/11/08 11:06:38 | 001,630,208 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D8051v3\Belkinwcui.exe


========== Modules (SafeList) ==========

MOD - [2010/04/27 20:28:50 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/04/19 17:15:00 | 000,238,824 | ---- | M] (Systweak Inc., (www.systweak.com)) [Auto | Running] -- C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe -- (ASO3DiskOptimizer)
SRV - [2010/04/14 12:29:58 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/04/14 12:29:58 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/10 11:16:56 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/02/05 21:14:42 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/01/05 18:04:02 | 000,170,144 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/29 10:22:50 | 030,603,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/09/26 04:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/03/04 14:55:56 | 000,823,296 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2008/03/04 14:44:12 | 000,364,544 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2008/03/04 14:34:38 | 001,187,840 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2008/03/04 14:30:12 | 000,483,328 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®


========== Driver Services (SafeList) ==========

DRV - [2010/04/14 12:29:58 | 000,385,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/04/14 12:29:58 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/04/14 12:29:58 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/04/14 12:29:58 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/04/14 12:29:58 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/04/14 12:29:58 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/04/14 12:29:58 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/04/14 12:29:58 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/04/14 12:29:58 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/04/14 12:29:58 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/05 21:13:48 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2010/01/30 15:00:22 | 000,006,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Advanced System Optimizer 3\adasprot32.sys -- (ADASPROT)
DRV - [2009/11/17 11:15:28 | 000,063,080 | ---- | M] (McAfee) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\McPvDrv.sys -- (McPvDrv)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/03/04 16:06:22 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/01/07 14:36:16 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2007/04/25 14:47:42 | 000,485,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 15:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1757981266-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com
IE - HKU\S-1-5-21-1757981266-162531612-725345543-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1757981266-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1757981266-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/04/21 01:12:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/27 20:13:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/20 17:19:46 | 000,000,000 | ---D | M]

[2010/04/05 02:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions
[2010/04/27 20:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\l8gdjogg.default\extensions
[2010/04/11 08:35:59 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\l8gdjogg.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/04/27 20:42:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\l8gdjogg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/05 03:12:16 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\l8gdjogg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/11 06:26:06 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\l8gdjogg.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/04/27 20:43:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/20 17:19:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/14 12:29:58 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/01 17:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 17:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/01 17:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/01 17:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2002/02/28 00:16:18 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20100427201358.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-1757981266-162531612-725345543-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1757981266-162531612-725345543-1003\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [Ashampoo AntiSpyWare 2 Guard] C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe File not found
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [F5D8051v3] C:\Program Files\Belkin\F5D8051v3\Belkinwcui.exe (Belkin)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1757981266-162531612-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1757981266-162531612-725345543-1003\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1757981266-162531612-725345543-1003\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1757981266-162531612-725345543-1003\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1757981266-162531612-725345543-1003\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1270089266859 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/01 01:47:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sasnative32) - C:\WINDOWS\System32\sasnative32.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4d64f3ba-f112-4efe-a02e-96680859937c} - KB918899
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5b7bf89d-d196-4c32-a303-a57b8ab7f18d} - KB918439
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {dd772a76-bef3-44d7-8b39-502c8504c1f1} - KB925486
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.avis - C:\WINDOWS\System32\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/04/01 01:46:58 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/04/27 20:28:48 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2010/04/22 22:09:41 | 000,729,440 | ---- | C] (Iron Source) -- C:\Documents and Settings\Chris\Desktop\Babylon8_setup.exe
[2010/04/21 13:44:39 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/04/21 13:41:40 | 000,510,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTM.exe
[2010/04/20 17:19:46 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/20 17:19:46 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/20 17:19:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/20 17:19:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/20 13:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/19 20:12:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/19 20:11:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com
[2010/04/19 20:11:31 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/19 20:10:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/04/19 19:28:34 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\TFC.exe
[2010/04/19 11:01:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Backup Manager
[2010/04/19 11:01:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Backup Manager
[2010/04/18 19:31:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Webroot
[2010/04/18 18:40:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Javacool Software
[2010/04/18 07:46:20 | 000,000,000 | ---D | C] -- C:\Program Files\EULAlyzer
[2010/04/18 07:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\ID-Blaster Plus
[2010/04/18 07:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\FileChecker
[2010/04/18 06:56:40 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSSTDFMT.DLL
[2010/04/18 06:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/04/18 06:08:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Ashampoo
[2010/04/17 06:08:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Malwarebytes
[2010/04/17 06:07:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/17 06:07:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/17 06:07:18 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/17 06:07:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/17 05:22:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Spycheck
[2010/04/15 20:17:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/15 16:10:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/15 16:10:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\PC_Drivers_Headquarters
[2010/04/15 16:07:19 | 000,000,000 | ---D | C] -- C:\Program Files\PC Drivers HeadQuarters
[2010/04/15 16:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Downloaded Installations
[2010/04/14 22:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Nero
[2010/04/14 02:17:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\CD
[2010/04/13 23:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2010/04/13 23:00:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2010/04/13 22:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2010/04/13 22:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Intel
[2010/04/13 22:21:33 | 000,000,000 | ---D | C] -- C:\MPC
[2010/04/13 22:17:53 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2010/04/13 22:16:29 | 000,000,000 | ---D | C] -- C:\Intel
[2010/04/13 21:59:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloads
[2010/04/13 21:03:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\DriverCure
[2010/04/13 21:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2010/04/13 21:00:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/04/13 21:00:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/04/13 21:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2010/04/13 19:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue
[2010/04/13 16:29:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2010/04/13 16:29:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Uniblue
[2010/04/13 16:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/04/13 11:59:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/04/13 11:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/04/12 23:31:12 | 001,414,440 | ---- | C] (Nero AG) -- C:\WINDOWS\System32\ShellManager310E2D762.dll
[2010/04/12 21:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/04/12 20:28:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\NeroVision
[2010/04/12 18:12:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Nero
[2010/04/12 18:10:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Nero Collections
[2010/04/12 16:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/04/12 16:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/04/12 16:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/04/12 04:27:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010/04/12 04:26:26 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2010/04/11 22:05:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2010/04/11 22:04:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
[2010/04/11 21:54:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/04/11 00:47:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/04/11 00:29:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\WMTools Downloaded Files
[2010/04/10 20:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Systweak
[2010/04/10 20:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced System Optimizer 3
[2010/04/10 20:16:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Systweak
[2010/04/05 19:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\Haali
[2010/04/05 07:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2010/04/05 06:38:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Apple Computer
[2010/04/05 06:33:28 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/04/05 06:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/05 06:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/05 06:26:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/05 06:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/05 06:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/04/05 06:19:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Apple
[2010/04/05 06:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/04/05 06:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/05 06:16:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/04/05 06:16:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/04/05 06:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Apple Computer
[2010/04/05 05:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/04/05 05:06:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/04/05 05:04:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/04/05 05:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2010/04/05 05:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/04/05 04:53:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/04/05 04:52:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/04/05 04:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/04/05 04:44:27 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/04/05 03:55:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Download Manager
[2010/04/05 03:48:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\VBA
[2010/04/05 03:22:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Downloads
[2010/04/05 02:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla
[2010/04/05 02:40:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Mozilla
[2010/04/05 02:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/04/04 18:57:21 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2010/04/04 18:57:21 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshirda.dll
[2010/04/04 18:57:21 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2010/04/04 18:57:20 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irftp.exe
[2010/04/04 18:57:20 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2010/04/04 11:11:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010/04/04 06:08:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/04/04 06:06:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/04/04 04:51:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/04/04 04:51:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/04 04:51:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/04 04:49:55 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/04 04:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/04/04 04:47:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Sun
[2010/04/03 19:32:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/04/03 19:27:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/04/03 19:27:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/04/03 19:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/04/03 19:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/04/03 19:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/04/03 19:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/04/03 19:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/04/03 19:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/04/03 19:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/04/03 19:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/04/03 19:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/04/03 19:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/04/03 19:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/04/03 19:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/04/03 19:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/04/03 19:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/04/03 19:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/04/03 18:15:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft Help
[2010/04/03 18:15:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/04/03 15:47:19 | 001,415,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmv9vcm.dll
[2010/04/03 15:47:19 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmavds32.ax
[2010/04/03 15:47:19 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mp4sds32.ax
[2010/04/03 02:24:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\My Documents\My Videos
[2010/04/03 02:20:05 | 000,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2010/04/02 20:08:39 | 000,479,298 | ---- | C] (Stardock.Net, Inc) -- C:\WINDOWS\System32\wbocx.ocx
[2010/04/02 20:08:39 | 000,050,688 | ---- | C] (Stardock.Net, Inc) -- C:\WINDOWS\System32\wbhelp2.dll
[2010/04/02 19:06:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/04/02 18:09:02 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeMOBK
[2010/04/02 18:08:21 | 000,054,776 | ---- | C] (Mozy, Inc.) -- C:\WINDOWS\System32\drivers\MOBK.sys
[2010/04/02 18:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Online Backup
[2010/04/02 17:32:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\McAfee Anti-Theft
[2010/04/02 17:25:03 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/04/02 17:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Anti-Theft
[2010/04/02 17:22:27 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Chris\My Documents\McAfee Vaults
[2010/04/02 17:19:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\McAfee
[2010/04/02 16:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\SiteAdvisor
[2010/04/02 16:39:08 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/04/02 16:38:59 | 000,385,536 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/04/02 16:38:59 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/04/02 16:38:59 | 000,152,320 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/04/02 16:38:59 | 000,095,568 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/04/02 16:38:59 | 000,088,480 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/04/02 16:38:59 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/04/02 16:38:59 | 000,082,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/04/02 16:38:59 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/04/02 16:38:59 | 000,051,688 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/04/02 16:38:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2010/04/02 16:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2010/04/02 16:38:29 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/04/02 16:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\AdobeUM
[2010/04/02 16:18:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/04/02 15:03:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/02 15:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\My DAP Downloads
[2010/04/02 15:03:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2010/04/02 15:03:06 | 000,172,032 | ---- | C] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- C:\WINDOWS\System32\AniGIF.ocx
[2010/04/02 15:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\DAP
[2010/04/02 13:21:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\ApplicationHistory
[2010/04/02 12:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Star Downloader
[2010/04/02 12:13:01 | 000,000,000 | ---D | C] -- C:\Program Files\WOT
[2010/04/02 11:57:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Download Helper
[2010/04/02 06:01:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Chris\IECompatCache
[2010/04/02 05:59:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Chris\PrivacIE
[2010/04/02 05:59:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/02 05:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Windows Search
[2010/04/02 05:35:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/04/02 04:38:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/04/02 04:38:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/04/02 04:38:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/04/02 04:30:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/04/02 04:01:23 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2010/04/02 04:00:29 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2010/04/02 04:00:23 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2010/04/02 04:00:21 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2010/04/02 04:00:21 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2010/04/02 04:00:21 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2010/04/02 04:00:16 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2010/04/02 04:00:05 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2010/04/02 04:00:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2010/04/02 04:00:05 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2010/04/02 04:00:04 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2010/04/02 04:00:04 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2010/04/02 04:00:01 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2010/04/02 04:00:01 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2010/04/02 03:59:43 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2010/04/02 03:59:43 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2010/04/02 03:59:43 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2010/04/02 03:59:43 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2010/04/02 03:59:30 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2010/04/02 03:59:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2010/04/02 03:59:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2010/04/02 03:59:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2010/04/02 03:59:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2010/04/02 03:59:26 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll
[2010/04/02 03:59:26 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pidgen.dll
[2010/04/02 03:59:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2010/04/02 03:59:15 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2010/04/02 03:59:06 | 000,144,384 | ---- | C] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\hdaudbus.sys
[2010/04/02 03:59:00 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2010/04/02 03:59:00 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2010/04/02 03:58:59 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2010/04/02 03:58:59 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2010/04/02 03:58:59 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2010/04/02 03:58:59 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2010/04/02 03:58:59 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2010/04/02 03:58:56 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2010/04/02 03:58:56 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2010/04/02 03:58:56 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2010/04/02 03:58:56 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2010/04/02 03:58:56 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2010/04/02 03:58:56 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2010/04/02 03:58:54 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2010/04/02 03:58:54 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2010/04/02 03:58:43 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2010/04/02 03:58:43 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2010/04/02 03:36:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Chris\IETldCache
[2010/04/02 03:08:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Tracing
[2010/04/02 02:48:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/04/02 02:48:03 | 000,054,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fssfltr_tdi.sys
[2010/04/02 02:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/04/02 02:46:38 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2010/04/02 02:46:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/04/02 02:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/04/02 02:44:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/04/02 02:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/04/02 02:44:19 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/04/02 02:36:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/04/02 02:34:39 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/04/02 02:34:39 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/04/02 02:34:39 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/04/02 02:34:38 | 011,070,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/04/02 02:34:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/04/02 02:33:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/04/02 02:32:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/04/02 01:50:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/04/02 01:49:55 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/04/02 01:49:45 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/04/02 01:49:05 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/04/02 01:49:05 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/04/02 01:49:05 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/04/02 01:49:05 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/04/02 01:49:04 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/04/02 01:49:04 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/04/02 01:49:04 | 000,000,000 | ---D | C] -- C:\f1196718a520a7101835
[2010/04/02 01:41:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/04/02 01:39:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Windows Desktop Search
[2010/04/02 01:39:12 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2010/04/02 01:39:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/04/02 01:38:52 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2010/04/02 01:38:52 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2010/04/02 01:37:42 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/04/02 01:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/04/02 01:36:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/04/02 01:36:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/04/02 01:33:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010/04/02 01:30:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010/04/02 01:28:18 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/04/02 01:28:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/04/02 01:28:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2010/04/02 01:27:22 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/04/02 01:27:16 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/04/02 01:26:45 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/04/02 01:26:04 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/04/02 01:25:13 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/04/02 01:25:13 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/04/02 01:25:03 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/04/02 01:15:42 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2010/04/02 01:15:41 | 002,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/04/02 01:15:41 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/04/02 01:15:40 | 002,024,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/04/02 01:13:44 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2010/04/02 01:13:39 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2010/04/02 01:13:08 | 000,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2010/04/02 01:12:29 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/04/02 01:12:25 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2010/04/02 01:08:14 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2010/04/02 01:08:14 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2010/04/02 01:08:14 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2010/04/01 23:29:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\peernet
[2010/04/01 23:29:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\provisioning
[2010/04/01 23:26:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/04/01 23:22:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/04/01 23:19:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/04/01 23:19:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/04/01 23:09:54 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/04/01 23:09:54 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/04/01 22:19:29 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spnpinst.exe
[2010/04/01 17:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Identities
[2010/04/01 08:35:54 | 002,732,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\Netw2r32.dll
[2010/04/01 08:35:54 | 002,216,064 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\w29n51.sys
[2010/04/01 08:35:54 | 000,557,056 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\Netw2c32.dll
[2010/04/01 08:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/04/01 08:35:16 | 000,000,000 | ---D | C] -- C:\dell
[2010/04/01 07:33:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\WinRAR
[2010/04/01 07:30:56 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/04/01 07:14:26 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2010/04/01 07:03:57 | 000,000,000 | ---D | C] -- C:\Program Files\Sigmatel
[2010/04/01 07:03:56 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2010/04/01 07:03:56 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys
[2010/04/01 07:03:56 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys
[2010/04/01 07:03:56 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ks.sys
[2010/04/01 07:03:56 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2010/04/01 07:03:56 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2010/04/01 07:03:55 | 000,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys
[2010/04/01 07:03:55 | 000,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stream.sys
[2010/04/01 07:03:54 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2010/04/01 07:03:54 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2010/04/01 07:03:54 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.drv
[2010/04/01 07:03:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2010/04/01 07:03:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll
[2010/04/01 07:03:19 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/04/01 03:40:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\My Received Files
[2010/04/01 03:30:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/04/01 03:28:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Chris\UserData
[2010/04/01 03:24:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Macromedia
[2010/04/01 03:00:06 | 001,082,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\esent.dll
[2010/04/01 02:52:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/04/01 02:51:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010/04/01 02:51:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/04/01 02:51:23 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2010/04/01 02:51:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/04/01 02:50:27 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2010/04/01 02:50:27 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2010/04/01 02:50:27 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2010/04/01 02:48:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/04/01 02:46:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/04/01 02:46:36 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2010/04/01 02:46:36 | 000,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2010/04/01 02:46:36 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2010/04/01 02:46:36 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2010/04/01 02:46:36 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2010/04/01 02:16:19 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/04/01 02:15:40 | 000,485,248 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt2870.sys
[2010/04/01 02:15:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/04/01 02:15:38 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/04/01 02:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2010/04/01 02:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\InstallShield
[2010/04/01 02:14:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Adobe
[2010/04/01 02:14:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Adobe
[2010/04/01 02:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/04/01 02:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\MSN6
[2010/04/01 02:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2010/04/01 02:03:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/04/01 01:54:55 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/04/01 01:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Identities
[2010/04/01 01:54:44 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/04/01 01:54:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\My Documents\My Pictures
[2010/04/01 01:54:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\My Documents\My Music
[2010/04/01 01:54:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft
[2010/04/01 01:54:40 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Chris\Application Data\Microsoft
[2010/04/01 01:54:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chris\SendTo
[2010/04/01 01:54:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chris\Recent
[2010/04/01 01:54:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chris\Application Data
[2010/04/01 01:54:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\Start Menu
[2010/04/01 01:54:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\My Documents
[2010/04/01 01:54:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\Favorites
[2010/04/01 01:54:40 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Chris\Cookies
[2010/04/01 01:54:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Chris\Templates
[2010/04/01 01:54:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Chris\PrintHood
[2010/04/01 01:54:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Chris\NetHood
[2010/04/01 01:54:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Chris\Local Settings
[2010/04/01 01:54:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop
[2010/04/01 01:53:39 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/04/01 01:53:37 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/04/01 01:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/04/01 01:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/04/01 01:53:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/04/01 01:51:38 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2010/04/01 01:51:38 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2010/04/01 01:51:37 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2010/04/01 01:51:37 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2010/04/01 01:51:37 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2010/04/01 01:51:36 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2010/04/01 01:51:36 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2010/04/01 01:51:36 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2010/04/01 01:51:29 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2010/04/01 01:51:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2010/04/01 01:51:28 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2010/04/01 01:51:28 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2010/04/01 01:51:28 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2010/04/01 01:51:28 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2010/04/01 01:51:27 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2010/04/01 01:51:26 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2010/04/01 01:51:26 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2010/04/01 01:51:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2010/04/01 01:51:16 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2010/04/01 01:51:16 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2010/04/01 01:51:16 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2010/04/01 01:51:15 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2010/04/01 01:51:11 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2010/04/01 01:51:10 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2010/04/01 01:51:10 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2010/04/01 01:51:10 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2010/04/01 01:51:09 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2010/04/01 01:51:08 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2010/04/01 01:51:03 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2010/04/01 01:51:02 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2010/04/01 01:51:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2010/04/01 01:50:58 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2010/04/01 01:50:55 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpapi.dll
[2010/04/01 01:50:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2010/04/01 01:50:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2010/04/01 01:50:54 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2010/04/01 01:50:54 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2010/04/01 01:50:54 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2010/04/01 01:50:54 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2010/04/01 01:50:54 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2010/04/01 01:50:54 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2010/04/01 01:50:54 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2010/04/01 01:50:54 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2010/04/01 01:50:53 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2010/04/01 01:50:53 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2010/04/01 01:50:53 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2010/04/01 01:50:53 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2010/04/01 01:50:53 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2010/04/01 01:50:53 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2010/04/01 01:50:53 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2010/04/01 01:50:47 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seo.dll
[2010/04/01 01:50:47 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2010/04/01 01:50:47 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2010/04/01 01:50:46 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/04/01 01:50:46 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/04/01 01:50:46 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_rwnh.dll
[2010/04/01 01:50:41 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2010/04/01 01:50:41 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2010/04/01 01:50:40 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2010/04/01 01:50:39 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2010/04/01 01:50:39 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2010/04/01 01:50:36 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2010/04/01 01:50:35 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2010/04/01 01:50:35 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2010/04/01 01:50:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2010/04/01 01:50:34 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2010/04/01 01:50:33 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2010/04/01 01:50:33 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2010/04/01 01:50:32 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2010/04/01 01:50:32 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2010/04/01 01:50:31 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2010/04/01 01:50:31 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2010/04/01 01:50:30 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2010/04/01 01:50:30 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2010/04/01 01:50:30 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2010/04/01 01:50:29 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2010/04/01 01:50:27 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2010/04/01 01:50:25 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2010/04/01 01:50:24 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2010/04/01 01:50:11 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2010/04/01 01:50:10 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2010/04/01 01:50:04 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2010/04/01 01:50:04 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2010/04/01 01:50:04 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2010/04/01 01:49:58 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2010/04/01 01:49:57 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2010/04/01 01:49:55 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2010/04/01 01:49:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2010/04/01 01:49:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2010/04/01 01:49:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2010/04/01 01:49:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2010/04/01 01:49:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2010/04/01 01:49:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2010/04/01 01:49:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2010/04/01 01:49:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2010/04/01 01:49:53 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2010/04/01 01:49:53 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2010/04/01 01:49:53 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2010/04/01 01:49:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2010/04/01 01:49:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2010/04/01 01:49:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2010/04/01 01:49:52 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2010/04/01 01:49:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2010/04/01 01:49:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2010/04/01 01:49:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2010/04/01 01:49:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2010/04/01 01:49:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2010/04/01 01:49:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2010/04/01 01:49:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2010/04/01 01:49:49 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2010/04/01 01:49:48 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2010/04/01 01:49:48 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2010/04/01 01:49:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2010/04/01 01:49:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2010/04/01 01:49:47 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2010/04/01 01:49:47 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2010/04/01 01:49:47 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2010/04/01 01:49:46 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2010/04/01 01:49:46 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2010/04/01 01:49:46 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2010/04/01 01:49:46 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2010/04/01 01:49:45 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2010/04/01 01:49:40 | 000,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2010/04/01 01:49:39 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2010/04/01 01:49:39 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2010/04/01 01:49:39 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2010/04/01 01:49:39 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2010/04/01 01:49:39 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2010/04/01 01:49:38 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2010/04/01 01:49:35 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2010/04/01 01:49:32 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2010/04/01 01:49:31 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2010/04/01 01:49:31 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2010/04/01 01:49:31 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2010/04/01 01:49:31 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2010/04/01 01:49:31 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2010/04/01 01:49:30 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2010/04/01 01:49:30 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2010/04/01 01:49:30 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2010/04/01 01:49:30 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2010/04/01 01:49:30 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2010/04/01 01:49:30 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2010/04/01 01:49:29 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2010/04/01 01:49:29 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2010/04/01 01:49:29 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2010/04/01 01:49:29 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2010/04/01 01:49:29 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2010/04/01 01:49:28 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2010/04/01 01:49:28 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2010/04/01 01:49:10 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2010/04/01 01:48:56 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2010/04/01 01:48:53 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2010/04/01 01:48:50 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2010/04/01 01:48:50 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2010/04/01 01:48:49 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2010/04/01 01:48:49 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2010/04/01 01:48:48 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2010/04/01 01:48:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2010/04/01 01:48:47 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2010/04/01 01:48:47 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2010/04/01 01:48:43 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010/04/01 01:48:43 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010/04/01 01:48:43 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010/04/01 01:48:43 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2010/04/01 01:48:42 | 000,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
[2010/04/01 01:48:38 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2010/04/01 01:48:35 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2010/04/01 01:48:35 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2010/04/01 01:48:35 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2010/04/01 01:48:34 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2010/04/01 01:48:34 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2010/04/01 01:48:31 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2010/04/01 01:48:31 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2010/04/01 01:48:31 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2010/04/01 01:48:31 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2010/04/01 01:48:30 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2010/04/01 01:48:30 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2010/04/01 01:48:29 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2010/04/01 01:48:28 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2010/04/01 01:48:28 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2010/04/01 01:48:28 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2010/04/01 01:48:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2010/04/01 01:48:28 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2010/04/01 01:48:25 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/04/01 01:48:24 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2010/04/01 01:48:24 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2010/04/01 01:48:23 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2010/04/01 01:48:21 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2010/04/01 01:48:21 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2010/04/01 01:48:21 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2010/04/01 01:48:20 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqueue.dll
[2010/04/01 01:48:20 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2010/04/01 01:48:18 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2010/04/01 01:48:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2010/04/01 01:48:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2010/04/01 01:48:13 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2010/04/01 01:48:11 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpsnap.dll
[2010/04/01 01:48:10 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpadm.dll
[2010/04/01 01:48:04 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2010/04/01 01:48:04 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2010/04/01 01:48:04 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2010/04/01 01:48:03 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2010/04/01 01:48:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2010/04/01 01:48:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2010/04/01 01:47:58 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2010/04/01 01:47:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/04/01 01:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/04/01 01:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/04/01 01:47:14 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2010/04/01 01:46:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/04/01 01:46:14 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/04/01 01:46:14 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/04/01 01:45:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010/04/01 01:43:42 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\enum1394.sys
[2010/04/01 01:43:18 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2010/04/01 01:43:18 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbui.dll
[2010/04/01 01:43:09 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\battc.sys
[2010/04/01 01:43:00 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2010/04/01 01:43:00 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2010/04/01 01:43:00 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2010/04/01 01:43:00 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2010/04/01 01:42:59 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notiflag.exe
[2010/04/01 01:42:59 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atrace.dll
[2010/04/01 01:42:59 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2010/04/01 01:42:57 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brpinfo.dll
[2010/04/01 01:42:55 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe
[2010/04/01 01:42:54 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hcappres.dll
[2010/04/01 01:42:12 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe
[2010/04/01 01:42:11 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2010/04/01 01:42:10 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2010/04/01 01:42:10 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmevtmsg.dll
[2010/04/01 01:42:07 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wb32.exe
[2010/04/01 01:42:06 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cb32.exe
[2010/04/01 01:42:05 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe
[2010/04/01 01:42:04 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acctres.dll
[2010/04/01 01:42:04 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2010/04/01 01:42:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/04/01 01:42:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/04/01 01:42:02 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll
[2010/04/01 01:42:02 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll
[2010/04/01 01:42:00 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spttseng.dll
[2010/04/01 01:41:57 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2010/04/01 01:41:55 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2010/04/01 01:41:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010/04/01 01:41:54 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/04/01 01:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010/04/01 01:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2010/04/01 01:41:42 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/04/01 01:41:35 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2010/04/01 01:41:35 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2010/04/01 01:41:32 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2010/04/01 01:41:32 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2010/04/01 01:41:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuq.dll
[2010/04/01 01:41:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuf.dll
[2010/04/01 01:41:32 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2010/04/01 01:41:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdazel.dll
[2010/04/01 01:41:31 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2010/04/01 01:41:31 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2010/04/01 01:41:31 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2010/04/01 01:41:31 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icfgnt5.dll
[2010/04/01 01:41:29 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2010/04/01 01:41:29 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2010/04/01 01:41:29 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll
[2010/04/01 01:41:27 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2010/04/01 01:41:26 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoap1.dll
[2010/04/01 01:41:26 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wisc10.dll
[2010/04/01 01:41:26 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoapr.dll
[2010/04/01 01:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/04/01 01:41:16 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieinfo5.ocx
[2010/04/01 01:41:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/04/01 01:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/04/01 01:41:03 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2010/04/01 01:41:03 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2010/04/01 01:41:03 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2010/04/01 01:41:03 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2010/04/01 01:41:03 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2010/04/01 01:41:03 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2010/04/01 01:41:03 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2010/04/01 01:41:03 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2010/04/01 01:41:03 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2010/04/01 01:41:03 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2010/04/01 01:41:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycc.dll
[2010/04/01 01:41:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbduzb.dll
[2010/04/01 01:41:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdur.dll
[2010/04/01 01:41:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtat.dll
[2010/04/01 01:41:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru1.dll
[2010/04/01 01:41:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru.dll
[2010/04/01 01:41:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmon.dll
[2010/04/01 01:41:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkyr.dll
[2010/04/01 01:41:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkaz.dll
[2010/04/01 01:41:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdaze.dll
[2010/04/01 01:41:02 | 000,520,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpvis.dll
[2010/04/01 01:41:02 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2010/04/01 01:41:02 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2010/04/01 01:41:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbu.dll
[2010/04/01 01:41:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdblr.dll
[2010/04/01 01:41:00 | 000,319,542 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmres.dll
[2010/04/01 01:41:00 | 000,163,897 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmutil.dll
[2010/04/01 01:41:00 | 000,110,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmfilt.dll
[2010/04/01 01:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010/04/01 01:40:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHealth
[2010/04/01 01:40:44 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2010/04/01 01:40:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/04/01 01:40:43 | 000,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2010/04/01 01:40:42 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2010/04/01 01:40:42 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2010/04/01 01:40:42 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2010/04/01 01:40:42 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2010/04/01 01:40:41 | 000,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2010/04/01 01:40:41 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhept.dll
[2010/04/01 01:40:41 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2010/04/01 01:40:41 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela3.dll
[2010/04/01 01:40:41 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2010/04/01 01:40:41 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2010/04/01 01:40:41 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela2.dll
[2010/04/01 01:40:41 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgkl.dll
[2010/04/01 01:40:41 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2010/04/01 01:40:41 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2010/04/01 01:40:41 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2010/04/01 01:40:41 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe319.dll
[2010/04/01 01:40:41 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe220.dll
[2010/04/01 01:40:41 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe.dll
[2010/04/01 01:40:36 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2010/04/01 01:40:36 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2010/04/01 01:40:36 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010/04/01 01:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010/04/01 01:40:32 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2010/04/01 01:40:25 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2010/04/01 01:40:25 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2010/04/01 01:40:25 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2010/04/01 01:40:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv1.dll
[2010/04/01 01:40:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv.dll
[2010/04/01 01:40:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdest.dll
[2010/04/01 01:40:25 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2010/04/01 01:40:25 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2010/04/01 01:40:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt1.dll
[2010/04/01 01:40:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt.dll
[2010/04/01 01:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/04/01 01:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/04/01 01:40:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/04/01 01:40:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/04/01 01:39:48 | 000,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2010/04/01 01:39:48 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz.dll
[2010/04/01 01:39:48 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2010/04/01 01:39:48 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2010/04/01 01:39:48 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2010/04/01 01:39:48 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2010/04/01 01:39:48 | 000,006,656 | R--- | C] (M

Hey Myrti thank you for getting back to me and no problems 'bout the delay... what you lot do is fantastic and I really appreciate it.
Anywho... as mentioned before search engines keep redirecting their links to random pages and i need to keep trying over and over before landing on the right page.... other than that, when using firefox (i haven't been using !E8 at all) random tabs open by themselves, i close the tabs before they have a chance to load in fear of it forcibly trying to download anything on my pc. Also I'm not sure if this is related to a problem as it doesn't seem to happen too often but my connection sometimes cuts out and recconects as unsecured however after just repairing the connection it seems fine.


OTL.Txt


OTL logfile created on: 27/04/2010 20:45:48 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

503.00 Mb Total Physical Memory | 73.00 Mb Available Physical Memory | 15.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): C:\pagefile.sys 754 754 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 55.07 Gb Free Space | 73.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WORLD-GO1RMOOJQ
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/27 20:28:50 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
PRC - [2010/04/19 17:15:00 | 000,238,824 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
PRC - [2010/04/14 12:29:58 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2010/04/14 12:29:58 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
PRC - [2010/04/01 23:05:04 | 001,180,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/04/01 19:00:32 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/05 21:14:42 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe
PRC - [2010/01/05 18:04:02 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/04 14:55:56 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2008/03/04 14:46:16 | 000,999,424 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2008/03/04 14:44:12 | 000,364,544 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2008/03/04 14:41:50 | 001,101,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2008/03/04 14:37:38 | 000,688,128 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2008/03/04 14:34:38 | 001,187,840 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2008/03/04 14:30:12 | 000,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/11/08 11:06:38 | 001,630,208 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D8051v3\Belkinwcui.exe


========== Modules (SafeList) ==========

MOD - [2010/04/27 20:28:50 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/04/19 17:15:00 | 000,238,824 | ---- | M] (Systweak Inc., (www.systweak.com)) [Auto | Running] -- C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe -- (ASO3DiskOptimizer)
SRV - [2010/04/14 12:29:58 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/04/14 12:29:58 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/10 11:16:56 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/02/05 21:14:42 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/01/05 18:04:02 | 000,170,144 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/29 10:22:50 | 030,603,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/09/26 04:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/03/04 14:55:56 | 000,823,296 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2008/03/04 14:44:12 | 000,364,544 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2008/03/04 14:34:38 | 001,187,840 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2008/03/04 14:30:12 | 000,483,328 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®


========== Driver Services (SafeList) ==========

DRV - [2010/04/14 12:29:58 | 000,385,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/04/14 12:29:58 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/04/14 12:29:58 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/04/14 12:29:58 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/04/14 12:29:58 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/04/14 12:29:58 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/04/14 12:29:58 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/04/14 12:29:58 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/04/14 12:29:58 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/04/14 12:29:58 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/05 21:13:48 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2010/01/30 15:00:22 | 000,006,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Advanced System Optimizer 3\adasprot32.sys -- (ADASPROT)
DRV - [2009/11/17 11:15:28 | 000,063,080 | ---- | M] (McAfee) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\McPvDrv.sys -- (McPvDrv)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/03/04 16:06:22 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/01/07 14:36:16 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2007/04/25 14:47:42 | 000,485,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 15:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1757981266-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com
IE - HKU\S-1-5-21-1757981266-162531612-725345543-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1757981266-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1757981266-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/04/21 01:12:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/27 20:13:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/20 17:19:46 | 000,000,000 | ---D | M]

[2010/04/05 02:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions
[2010/04/27 20:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\l8gdjogg.default\extensions
[2010/04/11 08:35:59 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\l8gdjogg.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/04/27 20:42:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\l8gdjogg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/05 03:12:16 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\l8gdjogg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/11 06:26:06 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\l8gdjogg.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/04/27 20:43:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/20 17:19:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/14 12:29:58 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/01 17:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 17:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/01 17:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/01 17:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2002/02/28 00:16:18 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20100427201358.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-1757981266-162531612-725345543-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1757981266-162531612-725345543-1003\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [Ashampoo AntiSpyWare 2 Guard] C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe File not found
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [F5D8051v3] C:\Program Files\Belkin\F5D8051v3\Belkinwcui.exe (Belkin)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1757981266-162531612-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1757981266-162531612-725345543-1003\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1757981266-162531612-725345543-1003\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1757981266-162531612-725345543-1003\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1757981266-162531612-725345543-1003\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1270089266859 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/01 01:47:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sasnative32) - C:\WINDOWS\System32\sasnative32.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4d64f3ba-f112-4efe-a02e-96680859937c} - KB918899
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5b7bf89d-d196-4c32-a303-a57b8ab7f18d} - KB918439
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {dd772a76-bef3-44d7-8b39-502c8504c1f1} - KB925486
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.avis - C:\WINDOWS\System32\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/04/01 01:46:58 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/04/27 20:28:48 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2010/04/22 22:09:41 | 000,729,440 | ---- | C] (Iron Source) -- C:\Documents and Settings\Chris\Desktop\Babylon8_setup.exe
[2010/04/21 13:44:39 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/04/21 13:41:40 | 000,510,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTM.exe
[2010/04/20 17:19:46 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/20 17:19:46 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/20 17:19:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/20 17:19:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/20 13:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/19 20:12:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/19 20:11:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com
[2010/04/19 20:11:31 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/19 20:10:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/04/19 19:28:34 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\TFC.exe
[2010/04/19 11:01:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Backup Manager
[2010/04/19 11:01:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Backup Manager
[2010/04/18 19:31:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Webroot
[2010/04/18 18:40:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Javacool Software
[2010/04/18 07:46:20 | 000,000,000 | ---D | C] -- C:\Program Files\EULAlyzer
[2010/04/18 07:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\ID-Blaster Plus
[2010/04/18 07:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\FileChecker
[2010/04/18 06:56:40 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSSTDFMT.DLL
[2010/04/18 06:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/04/18 06:08:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Ashampoo
[2010/04/17 06:08:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Malwarebytes
[2010/04/17 06:07:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/17 06:07:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/17 06:07:18 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/17 06:07:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/17 05:22:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Spycheck
[2010/04/15 20:17:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/15 16:10:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/15 16:10:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\PC_Drivers_Headquarters
[2010/04/15 16:07:19 | 000,000,000 | ---D | C] -- C:\Program Files\PC Drivers HeadQuarters
[2010/04/15 16:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Downloaded Installations
[2010/04/14 22:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Nero
[2010/04/14 02:17:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\CD
[2010/04/13 23:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2010/04/13 23:00:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2010/04/13 22:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2010/04/13 22:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Intel
[2010/04/13 22:21:33 | 000,000,000 | ---D | C] -- C:\MPC
[2010/04/13 22:17:53 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2010/04/13 22:16:29 | 000,000,000 | ---D | C] -- C:\Intel
[2010/04/13 21:59:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloads
[2010/04/13 21:03:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\DriverCure
[2010/04/13 21:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2010/04/13 21:00:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/04/13 21:00:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/04/13 21:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2010/04/13 19:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue
[2010/04/13 16:29:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2010/04/13 16:29:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Uniblue
[2010/04/13 16:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/04/13 11:59:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/04/13 11:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/04/12 23:31:12 | 001,414,440 | ---- | C] (Nero AG) -- C:\WINDOWS\System32\ShellManager310E2D762.dll
[2010/04/12 21:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/04/12 20:28:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\NeroVision
[2010/04/12 18:12:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Nero
[2010/04/12 18:10:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Nero Collections
[2010/04/12 16:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/04/12 16:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/04/12 16:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/04/12 04:27:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010/04/12 04:26:26 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2010/04/11 22:05:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2010/04/11 22:04:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
[2010/04/11 21:54:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/04/11 00:47:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/04/11 00:29:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\WMTools Downloaded Files
[2010/04/10 20:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Systweak
[2010/04/10 20:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced System Optimizer 3
[2010/04/10 20:16:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Systweak
[2010/04/05 19:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\Haali
[2010/04/05 07:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2010/04/05 06:38:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Apple Computer
[2010/04/05 06:33:28 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/04/05 06:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/05 06:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/05 06:26:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/05 06:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/05 06:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/04/05 06:19:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Apple
[2010/04/05 06:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/04/05 06:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/05 06:16:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/04/05 06:16:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/04/05 06:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Apple Computer
[2010/04/05 05:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/04/05 05:06:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/04/05 05:04:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/04/05 05:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2010/04/05 05:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/04/05 04:53:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/04/05 04:52:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/04/05 04:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/04/05 04:44:27 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/04/05 03:55:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Download Manager
[2010/04/05 03:48:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\VBA
[2010/04/05 03:22:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Downloads
[2010/04/05 02:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla
[2010/04/05 02:40:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Mozilla
[2010/04/05 02:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/04/04 18:57:21 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2010/04/04 18:57:21 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshirda.dll
[2010/04/04 18:57:21 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2010/04/04 18:57:20 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irftp.exe
[2010/04/04 18:57:20 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2010/04/04 11:11:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010/04/04 06:08:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/04/04 06:06:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/04/04 04:51:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/04/04 04:51:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/04 04:51:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/04 04:49:55 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/04 04:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/04/04 04:47:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Sun
[2010/04/03 19:32:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/04/03 19:27:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/04/03 19:27:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/04/03 19:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/04/03 19:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/04/03 19:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/04/03 19:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/04/03 19:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/04/03 19:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/04/03 19:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/04/03 19:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/04/03 19:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/04/03 19:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/04/03 19:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/04/03 19:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/04/03 19:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/04/03 19:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/04/03 19:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/04/03 18:15:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft Help
[2010/04/03 18:15:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/04/03 15:47:19 | 001,415,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmv9vcm.dll
[2010/04/03 15:47:19 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmavds32.ax
[2010/04/03 15:47:19 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mp4sds32.ax
[2010/04/03 02:24:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\My Documents\My Videos
[2010/04/03 02:20:05 | 000,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2010/04/02 20:08:39 | 000,479,298 | ---- | C] (Stardock.Net, Inc) -- C:\WINDOWS\System32\wbocx.ocx
[2010/04/02 20:08:39 | 000,050,688 | ---- | C] (Stardock.Net, Inc) -- C:\WINDOWS\System32\wbhelp2.dll
[2010/04/02 19:06:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/04/02 18:09:02 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeMOBK
[2010/04/02 18:08:21 | 000,054,776 | ---- | C] (Mozy, Inc.) -- C:\WINDOWS\System32\drivers\MOBK.sys
[2010/04/02 18:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Online Backup
[2010/04/02 17:32:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\McAfee Anti-Theft
[2010/04/02 17:25:03 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/04/02 17:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Anti-Theft
[2010/04/02 17:22:27 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Chris\My Documents\McAfee Vaults
[2010/04/02 17:19:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\McAfee
[2010/04/02 16:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\SiteAdvisor
[2010/04/02 16:39:08 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/04/02 16:38:59 | 000,385,536 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/04/02 16:38:59 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/04/02 16:38:59 | 000,152,320 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/04/02 16:38:59 | 000,095,568 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/04/02 16:38:59 | 000,088,480 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/04/02 16:38:59 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/04/02 16:38:59 | 000,082,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/04/02 16:38:59 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/04/02 16:38:59 | 000,051,688 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/04/02 16:38:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2010/04/02 16:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2010/04/02 16:38:29 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/04/02 16:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\AdobeUM
[2010/04/02 16:18:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/04/02 15:03:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/02 15:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\My DAP Downloads
[2010/04/02 15:03:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2010/04/02 15:03:06 | 000,172,032 | ---- | C] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- C:\WINDOWS\System32\AniGIF.ocx
[2010/04/02 15:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\DAP
[2010/04/02 13:21:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\ApplicationHistory
[2010/04/02 12:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Star Downloader
[2010/04/02 12:13:01 | 000,000,000 | ---D | C] -- C:\Program Files\WOT
[2010/04/02 11:57:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Download Helper
[2010/04/02 06:01:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Chris\IECompatCache
[2010/04/02 05:59:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Chris\PrivacIE
[2010/04/02 05:59:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/02 05:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Windows Search
[2010/04/02 05:35:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/04/02 04:38:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/04/02 04:38:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/04/02 04:38:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/04/02 04:30:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/04/02 04:01:23 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2010/04/02 04:00:29 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2010/04/02 04:00:23 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2010/04/02 04:00:21 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2010/04/02 04:00:21 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2010/04/02 04:00:21 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2010/04/02 04:00:16 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2010/04/02 04:00:05 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2010/04/02 04:00:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2010/04/02 04:00:05 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2010/04/02 04:00:04 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2010/04/02 04:00:04 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2010/04/02 04:00:01 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2010/04/02 04:00:01 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2010/04/02 03:59:43 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2010/04/02 03:59:43 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2010/04/02 03:59:43 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2010/04/02 03:59:43 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2010/04/02 03:59:30 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2010/04/02 03:59:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2010/04/02 03:59:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2010/04/02 03:59:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2010/04/02 03:59:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2010/04/02 03:59:26 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll
[2010/04/02 03:59:26 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pidgen.dll
[2010/04/02 03:59:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2010/04/02 03:59:15 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2010/04/02 03:59:06 | 000,144,384 | ---- | C] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\hdaudbus.sys
[2010/04/02 03:59:00 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2010/04/02 03:59:00 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2010/04/02 03:58:59 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2010/04/02 03:58:59 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2010/04/02 03:58:59 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2010/04/02 03:58:59 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2010/04/02 03:58:59 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2010/04/02 03:58:56 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2010/04/02 03:58:56 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2010/04/02 03:58:56 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2010/04/02 03:58:56 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2010/04/02 03:58:56 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2010/04/02 03:58:56 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2010/04/02 03:58:54 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2010/04/02 03:58:54 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2010/04/02 03:58:43 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2010/04/02 03:58:43 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2010/04/02 03:36:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Chris\IETldCache
[2010/04/02 03:08:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Tracing
[2010/04/02 02:48:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/04/02 02:48:03 | 000,054,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fssfltr_tdi.sys
[2010/04/02 02:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/04/02 02:46:38 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2010/04/02 02:46:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/04/02 02:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/04/02 02:44:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/04/02 02:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/04/02 02:44:19 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/04/02 02:36:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/04/02 02:34:39 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/04/02 02:34:39 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/04/02 02:34:39 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/04/02 02:34:38 | 011,070,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/04/02 02:34:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/04/02 02:33:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/04/02 02:32:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/04/02 01:50:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/04/02 01:49:55 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/04/02 01:49:45 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/04/02 01:49:05 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/04/02 01:49:05 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/04/02 01:49:05 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/04/02 01:49:05 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/04/02 01:49:04 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/04/02 01:49:04 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/04/02 01:49:04 | 000,000,000 | ---D | C] -- C:\f1196718a520a7101835
[2010/04/02 01:41:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/04/02 01:39:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Windows Desktop Search
[2010/04/02 01:39:12 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2010/04/02 01:39:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/04/02 01:38:52 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2010/04/02 01:38:52 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2010/04/02 01:37:42 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/04/02 01:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/04/02 01:36:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/04/02 01:36:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/04/02 01:33:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010/04/02 01:30:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010/04/02 01:28:18 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/04/02 01:28:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/04/02 01:28:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2010/04/02 01:27:22 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/04/02 01:27:16 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/04/02 01:26:45 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/04/02 01:26:04 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/04/02 01:25:13 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/04/02 01:25:13 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/04/02 01:25:03 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/04/02 01:15:42 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2010/04/02 01:15:41 | 002,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/04/02 01:15:41 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/04/02 01:15:40 | 002,024,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/04/02 01:13:44 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2010/04/02 01:13:39 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2010/04/02 01:13:08 | 000,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2010/04/02 01:12:29 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/04/02 01:12:25 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2010/04/02 01:08:14 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2010/04/02 01:08:14 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2010/04/02 01:08:14 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2010/04/01 23:29:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\peernet
[2010/04/01 23:29:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\provisioning
[2010/04/01 23:26:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/04/01 23:22:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/04/01 23:19:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/04/01 23:19:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/04/01 23:09:54 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/04/01 23:09:54 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/04/01 22:19:29 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spnpinst.exe
[2010/04/01 17:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Identities
[2010/04/01 08:35:54 | 002,732,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\Netw2r32.dll
[2010/04/01 08:35:54 | 002,216,064 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\w29n51.sys
[2010/04/01 08:35:54 | 000,557,056 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\Netw2c32.dll
[2010/04/01 08:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/04/01 08:35:16 | 000,000,000 | ---D | C] -- C:\dell
[2010/04/01 07:33:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\WinRAR
[2010/04/01 07:30:56 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/04/01 07:14:26 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2010/04/01 07:03:57 | 000,000,000 | ---D | C] -- C:\Program Files\Sigmatel
[2010/04/01 07:03:56 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2010/04/01 07:03:56 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys
[2010/04/01 07:03:56 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys
[2010/04/01 07:03:56 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ks.sys
[2010/04/01 07:03:56 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2010/04/01 07:03:56 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2010/04/01 07:03:55 | 000,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys
[2010/04/01 07:03:55 | 000,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stream.sys
[2010/04/01 07:03:54 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2010/04/01 07:03:54 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2010/04/01 07:03:54 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.drv
[2010/04/01 07:03:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2010/04/01 07:03:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll
[2010/04/01 07:03:19 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/04/01 03:40:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\My Received Files
[2010/04/01 03:30:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/04/01 03:28:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Chris\UserData
[2010/04/01 03:24:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Macromedia
[2010/04/01 03:00:06 | 001,082,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\esent.dll
[2010/04/01 02:52:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/04/01 02:51:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010/04/01 02:51:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/04/01 02:51:23 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2010/04/01 02:51:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/04/01 02:50:27 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2010/04/01 02:50:27 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2010/04/01 02:50:27 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2010/04/01 02:48:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/04/01 02:46:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/04/01 02:46:36 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2010/04/01 02:46:36 | 000,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2010/04/01 02:46:36 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2010/04/01 02:46:36 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2010/04/01 02:46:36 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2010/04/01 02:16:19 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/04/01 02:15:40 | 000,485,248 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt2870.sys
[2010/04/01 02:15:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/04/01 02:15:38 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/04/01 02:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2010/04/01 02:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\InstallShield
[2010/04/01 02:14:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Adobe
[2010/04/01 02:14:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Adobe
[2010/04/01 02:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/04/01 02:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\MSN6
[2010/04/01 02:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2010/04/01 02:03:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/04/01 01:54:55 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/04/01 01:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Identities
[2010/04/01 01:54:44 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/04/01 01:54:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\My Documents\My Pictures
[2010/04/01 01:54:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\My Documents\My Music
[2010/04/01 01:54:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft
[2010/04/01 01:54:40 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Chris\Application Data\Microsoft
[2010/04/01 01:54:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chris\SendTo
[2010/04/01 01:54:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chris\Recent
[2010/04/01 01:54:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chris\Application Data
[2010/04/01 01:54:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\Start Menu
[2010/04/01 01:54:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\My Documents
[2010/04/01 01:54:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\Favorites
[2010/04/01 01:54:40 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Chris\Cookies
[2010/04/01 01:54:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Chris\Templates
[2010/04/01 01:54:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Chris\PrintHood
[2010/04/01 01:54:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Chris\NetHood
[2010/04/01 01:54:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Chris\Local Settings
[2010/04/01 01:54:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop
[2010/04/01 01:53:39 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/04/01 01:53:37 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/04/01 01:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/04/01 01:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/04/01 01:53:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/04/01 01:51:38 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2010/04/01 01:51:38 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2010/04/01 01:51:37 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2010/04/01 01:51:37 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2010/04/01 01:51:37 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2010/04/01 01:51:36 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2010/04/01 01:51:36 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2010/04/01 01:51:36 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2010/04/01 01:51:29 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2010/04/01 01:51:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2010/04/01 01:51:28 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2010/04/01 01:51:28 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2010/04/01 01:51:28 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2010/04/01 01:51:28 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2010/04/01 01:51:27 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2010/04/01 01:51:26 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2010/04/01 01:51:26 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2010/04/01 01:51:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2010/04/01 01:51:16 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2010/04/01 01:51:16 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2010/04/01 01:51:16 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2010/04/01 01:51:15 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2010/04/01 01:51:11 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2010/04/01 01:51:10 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2010/04/01 01:51:10 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2010/04/01 01:51:10 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2010/04/01 01:51:09 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2010/04/01 01:51:08 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2010/04/01 01:51:03 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2010/04/01 01:51:02 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2010/04/01 01:51:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2010/04/01 01:50:58 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2010/04/01 01:50:55 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpapi.dll
[2010/04/01 01:50:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2010/04/01 01:50:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2010/04/01 01:50:54 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2010/04/01 01:50:54 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2010/04/01 01:50:54 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2010/04/01 01:50:54 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2010/04/01 01:50:54 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2010/04/01 01:50:54 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2010/04/01 01:50:54 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2010/04/01 01:50:54 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2010/04/01 01:50:53 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2010/04/01 01:50:53 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2010/04/01 01:50:53 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2010/04/01 01:50:53 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2010/04/01 01:50:53 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2010/04/01 01:50:53 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2010/04/01 01:50:53 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2010/04/01 01:50:47 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seo.dll
[2010/04/01 01:50:47 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2010/04/01 01:50:47 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2010/04/01 01:50:46 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/04/01 01:50:46 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/04/01 01:50:46 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_rwnh.dll
[2010/04/01 01:50:41 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2010/04/01 01:50:41 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2010/04/01 01:50:40 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2010/04/01 01:50:39 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2010/04/01 01:50:39 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2010/04/01 01:50:36 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2010/04/01 01:50:35 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2010/04/01 01:50:35 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2010/04/01 01:50:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2010/04/01 01:50:34 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2010/04/01 01:50:33 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2010/04/01 01:50:33 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2010/04/01 01:50:32 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2010/04/01 01:50:32 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2010/04/01 01:50:31 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2010/04/01 01:50:31 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2010/04/01 01:50:30 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2010/04/01 01:50:30 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2010/04/01 01:50:30 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2010/04/01 01:50:29 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2010/04/01 01:50:27 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2010/04/01 01:50:25 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2010/04/01 01:50:24 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2010/04/01 01:50:11 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2010/04/01 01:50:10 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2010/04/01 01:50:04 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2010/04/01 01:50:04 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2010/04/01 01:50:04 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2010/04/01 01:49:58 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2010/04/01 01:49:57 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2010/04/01 01:49:55 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2010/04/01 01:49:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2010/04/01 01:49:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2010/04/01 01:49:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2010/04/01 01:49:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2010/04/01 01:49:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2010/04/01 01:49:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2010/04/01 01:49:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2010/04/01 01:49:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2010/04/01 01:49:53 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2010/04/01 01:49:53 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2010/04/01 01:49:53 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2010/04/01 01:49:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2010/04/01 01:49:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2010/04/01 01:49:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2010/04/01 01:49:52 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2010/04/01 01:49:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2010/04/01 01:49:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2010/04/01 01:49:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2010/04/01 01:49:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2010/04/01 01:49:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2010/04/01 01:49:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2010/04/01 01:49:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2010/04/01 01:49:49 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2010/04/01 01:49:48 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2010/04/01 01:49:48 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2010/04/01 01:49:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2010/04/01 01:49:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2010/04/01 01:49:47 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2010/04/01 01:49:47 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2010/04/01 01:49:47 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2010/04/01 01:49:46 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2010/04/01 01:49:46 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2010/04/01 01:49:46 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2010/04/01 01:49:46 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2010/04/01 01:49:45 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2010/04/01 01:49:40 | 000,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2010/04/01 01:49:39 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2010/04/01 01:49:39 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2010/04/01 01:49:39 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2010/04/01 01:49:39 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2010/04/01 01:49:39 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2010/04/01 01:49:38 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2010/04/01 01:49:35 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2010/04/01 01:49:32 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2010/04/01 01:49:31 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2010/04/01 01:49:31 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2010/04/01 01:49:31 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2010/04/01 01:49:31 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2010/04/01 01:49:31 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2010/04/01 01:49:30 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2010/04/01 01:49:30 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2010/04/01 01:49:30 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2010/04/01 01:49:30 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2010/04/01 01:49:30 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2010/04/01 01:49:30 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2010/04/01 01:49:29 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2010/04/01 01:49:29 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2010/04/01 01:49:29 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2010/04/01 01:49:29 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2010/04/01 01:49:29 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2010/04/01 01:49:28 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2010/04/01 01:49:28 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2010/04/01 01:49:10 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2010/04/01 01:48:56 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2010/04/01 01:48:53 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2010/04/01 01:48:50 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2010/04/01 01:48:50 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2010/04/01 01:48:49 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2010/04/01 01:48:49 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2010/04/01 01:48:48 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2010/04/01 01:48:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2010/04/01 01:48:47 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2010/04/01 01:48:47 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2010/04/01 01:48:43 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010/04/01 01:48:43 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010/04/01 01:48:43 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010/04/01 01:48:43 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2010/04/01 01:48:42 | 000,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
[2010/04/01 01:48:38 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2010/04/01 01:48:35 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2010/04/01 01:48:35 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2010/04/01 01:48:35 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2010/04/01 01:48:34 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2010/04/01 01:48:34 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2010/04/01 01:48:31 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2010/04/01 01:48:31 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2010/04/01 01:48:31 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2010/04/01 01:48:31 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2010/04/01 01:48:30 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2010/04/01 01:48:30 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2010/04/01 01:48:29 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2010/04/01 01:48:28 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2010/04/01 01:48:28 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2010/04/01 01:48:28 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2010/04/01 01:48:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2010/04/01 01:48:28 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2010/04/01 01:48:25 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/04/01 01:48:24 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2010/04/01 01:48:24 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2010/04/01 01:48:23 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2010/04/01 01:48:21 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2010/04/01 01:48:21 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2010/04/01 01:48:21 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2010/04/01 01:48:20 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqueue.dll
[2010/04/01 01:48:20 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2010/04/01 01:48:18 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2010/04/01 01:48:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2010/04/01 01:48:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2010/04/01 01:48:13 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2010/04/01 01:48:11 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpsnap.dll
[2010/04/01 01:48:10 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpadm.dll
[2010/04/01 01:48:04 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2010/04/01 01:48:04 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2010/04/01 01:48:04 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2010/04/01 01:48:03 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2010/04/01 01:48:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2010/04/01 01:48:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2010/04/01 01:47:58 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2010/04/01 01:47:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/04/01 01:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/04/01 01:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/04/01 01:47:14 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2010/04/01 01:46:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/04/01 01:46:14 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/04/01 01:46:14 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/04/01 01:45:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010/04/01 01:43:42 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\enum1394.sys
[2010/04/01 01:43:18 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2010/04/01 01:43:18 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbui.dll
[2010/04/01 01:43:09 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\battc.sys
[2010/04/01 01:43:00 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2010/04/01 01:43:00 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2010/04/01 01:43:00 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2010/04/01 01:43:00 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2010/04/01 01:42:59 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notiflag.exe
[2010/04/01 01:42:59 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atrace.dll
[2010/04/01 01:42:59 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2010/04/01 01:42:57 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brpinfo.dll
[2010/04/01 01:42:55 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe
[2010/04/01 01:42:54 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hcappres.dll
[2010/04/01 01:42:12 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe
[2010/04/01 01:42:11 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2010/04/01 01:42:10 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2010/04/01 01:42:10 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmevtmsg.dll
[2010/04/01 01:42:07 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wb32.exe
[2010/04/01 01:42:06 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cb32.exe
[2010/04/01 01:42:05 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe
[2010/04/01 01:42:04 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acctres.dll
[2010/04/01 01:42:04 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2010/04/01 01:42:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/04/01 01:42:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/04/01 01:42:02 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll
[2010/04/01 01:42:02 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll
[2010/04/01 01:42:00 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spttseng.dll
[2010/04/01 01:41:57 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2010/04/01 01:41:55 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2010/04/01 01:41:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010/04/01 01:41:54 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/04/01 01:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010/04/01 01:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2010/04/01 01:41:42 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/04/01 01:41:35 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2010/04/01 01:41:35 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2010/04/01 01:41:32 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2010/04/01 01:41:32 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2010/04/01 01:41:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuq.dll
[2010/04/01 01:41:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuf.dll
[2010/04/01 01:41:32 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2010/04/01 01:41:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdazel.dll
[2010/04/01 01:41:31 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2010/04/01 01:41:31 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2010/04/01 01:41:31 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2010/04/01 01:41:31 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icfgnt5.dll
[2010/04/01 01:41:29 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2010/04/01 01:41:29 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2010/04/01 01:41:29 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll
[2010/04/01 01:41:27 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2010/04/01 01:41:26 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoap1.dll
[2010/04/01 01:41:26 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wisc10.dll
[2010/04/01 01:41:26 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoapr.dll
[2010/04/01 01:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/04/01 01:41:16 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieinfo5.ocx
[2010/04/01 01:41:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/04/01 01:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/04/01 01:41:03 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2010/04/01 01:41:03 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2010/04/01 01:41:03 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2010/04/01 01:41:03 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2010/04/01 01:41:03 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2010/04/01 01:41:03 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2010/04/01 01:41:03 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2010/04/01 01:41:03 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2010/04/01 01:41:03 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2010/04/01 01:41:03 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2010/04/01 01:41:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycc.dll
[2010/04/01 01:41:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbduzb.dll
[2010/04/01 01:41:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdur.dll
[2010/04/01 01:41:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtat.dll
[2010/04/01 01:41:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru1.dll
[2010/04/01 01:41:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru.dll
[2010/04/01 01:41:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmon.dll
[2010/04/01 01:41:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkyr.dll
[2010/04/01 01:41:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkaz.dll
[2010/04/01 01:41:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdaze.dll
[2010/04/01 01:41:02 | 000,520,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpvis.dll
[2010/04/01 01:41:02 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2010/04/01 01:41:02 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2010/04/01 01:41:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbu.dll
[2010/04/01 01:41:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdblr.dll
[2010/04/01 01:41:00 | 000,319,542 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmres.dll
[2010/04/01 01:41:00 | 000,163,897 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmutil.dll
[2010/04/01 01:41:00 | 000,110,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmfilt.dll
[2010/04/01 01:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010/04/01 01:40:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHealth
[2010/04/01 01:40:44 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2010/04/01 01:40:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/04/01 01:40:43 | 000,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2010/04/01 01:40:42 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2010/04/01 01:40:42 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2010/04/01 01:40:42 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2010/04/01 01:40:42 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2010/04/01 01:40:41 | 000,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2010/04/01 01:40:41 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhept.dll
[2010/04/01 01:40:41 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2010/04/01 01:40:41 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela3.dll
[2010/04/01 01:40:41 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2010/04/01 01:40:41 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2010/04/01 01:40:41 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela2.dll
[2010/04/01 01:40:41 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgkl.dll
[2010/04/01 01:40:41 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2010/04/01 01:40:41 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2010/04/01 01:40:41 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2010/04/01 01:40:41 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe319.dll
[2010/04/01 01:40:41 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe220.dll
[2010/04/01 01:40:41 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe.dll
[2010/04/01 01:40:36 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2010/04/01 01:40:36 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2010/04/01 01:40:36 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010/04/01 01:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010/04/01 01:40:32 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2010/04/01 01:40:25 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2010/04/01 01:40:25 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2010/04/01 01:40:25 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2010/04/01 01:40:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv1.dll
[2010/04/01 01:40:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv.dll
[2010/04/01 01:40:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdest.dll
[2010/04/01 01:40:25 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2010/04/01 01:40:25 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2010/04/01 01:40:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt1.dll
[2010/04/01 01:40:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt.dll
[2010/04/01 01:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/04/01 01:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/04/01 01:40:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/04/01 01:40:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/04/01 01:39:48 | 000,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2010/04/01 01:39:48 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz.dll
[2010/04/01 01:39:48 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2010/04/01 01:39:48 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2010/04/01 01:39:48 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2010/04/01 01:39:48 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2010/04/01 01:39:48 | 000,006,656 | R--- | C] (M

#4 H£nchman

H£nchman
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Location:London
  • Local time:06:04 PM

Posted 27 April 2010 - 04:32 PM

Sorry about the repeated post..... it seems that whenever i post a reply on this site i would get the firefox page saying that theres beeen a connection problem, yet my post has actually already been posted.
"It's ironic that God gave Man both a pen*s and a brain, but unfortunately not enough blood supply to run both at the same time."

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:04 PM

Posted 28 April 2010 - 10:55 AM

Hi,

could you please post the gmer log mentioned in the title as well. I can't seem to find it in your old thread.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 H£nchman

H£nchman
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Location:London
  • Local time:06:04 PM

Posted 29 April 2010 - 12:09 AM

Hey.... erm I assumed this to be 'messy' because when I saw many other gmer logs mine seems to be double in size.... XD forgive me if im wrong

GMER Log


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-21 23:03:04
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Chris\LOCALS~1\Temp\uwndruob.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF831BC50]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF831BC64]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF831BC90]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF831BCE6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF831BC3C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF831BC14]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF831BC28]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF831BC7A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF831BCBC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF831BCA6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF831BD10]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF831BCFC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF831BCD0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80502244 7 Bytes JMP F831BCD4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805A74F0 7 Bytes JMP F831BCEA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A8306 5 Bytes JMP F831BD00 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetSecurityObject 805B6040 5 Bytes JMP F831BCC0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805C1316 5 Bytes JMP F831BC18 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805C15A2 5 Bytes JMP F831BC2C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805C8CAA 5 Bytes JMP F831BD14 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 806188B6 7 Bytes JMP F831BCAA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80619D66 7 Bytes JMP F831BC7E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 8061A344 5 Bytes JMP F831BC54 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8061A7E0 7 Bytes JMP F831BC68 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8061A9B0 7 Bytes JMP F831BC94 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 8061B722 5 Bytes JMP F831BC40 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.rsrc C:\WINDOWS\system32\drivers\isapnp.sys entry point in ".rsrc" section [0xF853A014]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[292] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 02590FE5
.text C:\WINDOWS\system32\svchost.exe[292] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0259000A
.text C:\WINDOWS\system32\svchost.exe[292] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02590FD4
.text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FF0F94
.text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FF0089
.text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FF006E
.text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FF0FA5
.text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FF0047
.text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FF0F5C
.text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FF0F83
.text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FF00BF
.text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FF0F30
.text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FF0F0B
.text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FF0FB6
.text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FF0025
.text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FF00A4
.text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FF0FDB
.text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FF0036
.text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FF0F4B
.text C:\WINDOWS\system32\svchost.exe[292] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 025D0FC3
.text C:\WINDOWS\system32\svchost.exe[292] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 025D0F97
.text C:\WINDOWS\system32\svchost.exe[292] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 025D0FD4
.text C:\WINDOWS\system32\svchost.exe[292] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 025D0014
.text C:\WINDOWS\system32\svchost.exe[292] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 025D004A
.text C:\WINDOWS\system32\svchost.exe[292] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 025D0FEF
.text C:\WINDOWS\system32\svchost.exe[292] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 025D002F
.text C:\WINDOWS\system32\svchost.exe[292] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 025D0FB2
.text C:\WINDOWS\system32\svchost.exe[292] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 025C004C
.text C:\WINDOWS\system32\svchost.exe[292] msvcrt.dll!system 77C293C7 5 Bytes JMP 025C0027
.text C:\WINDOWS\system32\svchost.exe[292] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 025C0FC1
.text C:\WINDOWS\system32\svchost.exe[292] msvcrt.dll!_open 77C2F566 5 Bytes JMP 025C0FEF
.text C:\WINDOWS\system32\svchost.exe[292] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 025C0016
.text C:\WINDOWS\system32\svchost.exe[292] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 025C0FD2
.text C:\WINDOWS\system32\svchost.exe[292] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 025A0000
.text C:\WINDOWS\system32\svchost.exe[292] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 025A0011
.text C:\WINDOWS\system32\svchost.exe[292] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 025A0036
.text C:\WINDOWS\system32\svchost.exe[292] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 025A0FE5
.text C:\WINDOWS\system32\svchost.exe[292] WS2_32.dll!socket 71AB4211 5 Bytes JMP 025B0000
.text C:\WINDOWS\Explorer.EXE[312] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 05600000
.text C:\WINDOWS\Explorer.EXE[312] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 05600022
.text C:\WINDOWS\Explorer.EXE[312] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 05600011
.text C:\WINDOWS\Explorer.EXE[312] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BC000A
.text C:\WINDOWS\Explorer.EXE[312] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 05420000
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 05420F81
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 05420080
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 05420F9C
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 05420FB9
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 05420051
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 05420F49
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 05420F5A
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 054200C7
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 054200AC
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 054200E2
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 05420FD4
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 05420025
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 05420091
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 05420FE5
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 05420040
.text C:\WINDOWS\Explorer.EXE[312] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 05420F2E
.text C:\WINDOWS\Explorer.EXE[312] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 05410036
.text C:\WINDOWS\Explorer.EXE[312] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 05410F94
.text C:\WINDOWS\Explorer.EXE[312] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 05410FDB
.text C:\WINDOWS\Explorer.EXE[312] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0541001B
.text C:\WINDOWS\Explorer.EXE[312] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 05410FAF
.text C:\WINDOWS\Explorer.EXE[312] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 05410000
.text C:\WINDOWS\Explorer.EXE[312] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 05410051
.text C:\WINDOWS\Explorer.EXE[312] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 05410FCA
.text C:\WINDOWS\Explorer.EXE[312] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 05400F83
.text C:\WINDOWS\Explorer.EXE[312] msvcrt.dll!system 77C293C7 5 Bytes JMP 05400F9E
.text C:\WINDOWS\Explorer.EXE[312] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 05400018
.text C:\WINDOWS\Explorer.EXE[312] msvcrt.dll!_open 77C2F566 5 Bytes JMP 05400FEF
.text C:\WINDOWS\Explorer.EXE[312] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 05400FC3
.text C:\WINDOWS\Explorer.EXE[312] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 05400FDE
.text C:\WINDOWS\Explorer.EXE[312] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 053E0FE5
.text C:\WINDOWS\Explorer.EXE[312] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 053E000A
.text C:\WINDOWS\Explorer.EXE[312] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 053E0FCA
.text C:\WINDOWS\Explorer.EXE[312] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 053E0FB9
.text C:\WINDOWS\Explorer.EXE[312] WS2_32.dll!socket 71AB4211 5 Bytes JMP 053F0FEF
.text C:\WINDOWS\system32\svchost.exe[392] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E50FEF
.text C:\WINDOWS\system32\svchost.exe[392] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E50025
.text C:\WINDOWS\system32\svchost.exe[392] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E5000A
.text C:\WINDOWS\system32\svchost.exe[392] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E40FEF
.text C:\WINDOWS\system32\svchost.exe[392] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E40FA8
.text C:\WINDOWS\system32\svchost.exe[392] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E4009D
.text C:\WINDOWS\system32\svchost.exe[392] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E40076
.text C:\WINDOWS\system32\svchost.exe[392] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E40065
.text C:\WINDOWS\system32\svchost.exe[392] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E40039
.text C:\WINDOWS\system32\svchost.exe[392] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E400DF
.text C:\WINDOWS\system32\svchost.exe[392] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E400C4
.text C:\WINDOWS\system32\svchost.exe[392] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E40F6B
.text C:\WINDOWS\system32\svchost.exe[392] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E400FA
.text C:\WINDOWS\system32\svchost.exe[392] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E4011F
.text C:\WINDOWS\system32\svchost.exe[392] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E40054
.text C:\WINDOWS\system32\svchost.exe[392] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E4000A
.text C:\WINDOWS\system32\svchost.exe[392] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E40F8D
.text C:\WINDOWS\system32\svchost.exe[392] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E40FCD
.text C:\WINDOWS\system32\svchost.exe[392] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E40FDE
.text C:\WINDOWS\system32\svchost.exe[392] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E40F7C
.text C:\WINDOWS\system32\svchost.exe[392] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F10036
.text C:\WINDOWS\system32\svchost.exe[392] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F10F83
.text C:\WINDOWS\system32\svchost.exe[392] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F10025
.text C:\WINDOWS\system32\svchost.exe[392] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F1000A
.text C:\WINDOWS\system32\svchost.exe[392] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F10F9E
.text C:\WINDOWS\system32\svchost.exe[392] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F10FEF
.text C:\WINDOWS\system32\svchost.exe[392] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F10FAF
.text C:\WINDOWS\system32\svchost.exe[392] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [11, 89]
.text C:\WINDOWS\system32\svchost.exe[392] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F10FCA
.text C:\WINDOWS\system32\svchost.exe[392] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F00F9E
.text C:\WINDOWS\system32\svchost.exe[392] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F00FB9
.text C:\WINDOWS\system32\svchost.exe[392] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F00029
.text C:\WINDOWS\system32\svchost.exe[392] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F00FEF
.text C:\WINDOWS\system32\svchost.exe[392] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F00FD4
.text C:\WINDOWS\system32\svchost.exe[392] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F00018
.text C:\WINDOWS\system32\svchost.exe[392] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00E60000
.text C:\WINDOWS\system32\svchost.exe[392] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00E60FEF
.text C:\WINDOWS\system32\svchost.exe[392] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00E60FD4
.text C:\WINDOWS\system32\svchost.exe[392] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00E60025
.text C:\WINDOWS\system32\svchost.exe[392] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E70FE5
.text C:\WINDOWS\System32\svchost.exe[452] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 03D60000
.text C:\WINDOWS\System32\svchost.exe[452] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 03D6002C
.text C:\WINDOWS\System32\svchost.exe[452] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 03D60011
.text C:\WINDOWS\System32\svchost.exe[452] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[452] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0090000C
.text C:\WINDOWS\System32\svchost.exe[452] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03D50FEF
.text C:\WINDOWS\System32\svchost.exe[452] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03D50054
.text C:\WINDOWS\System32\svchost.exe[452] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03D50F55
.text C:\WINDOWS\System32\svchost.exe[452] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03D50039
.text C:\WINDOWS\System32\svchost.exe[452] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03D50F86
.text C:\WINDOWS\System32\svchost.exe[452] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03D50FA1
.text C:\WINDOWS\System32\svchost.exe[452] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03D50080
.text C:\WINDOWS\System32\svchost.exe[452] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03D50F38
.text C:\WINDOWS\System32\svchost.exe[452] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03D500AC
.text C:\WINDOWS\System32\svchost.exe[452] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03D50F1D
.text C:\WINDOWS\System32\svchost.exe[452] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 03D500BD
.text C:\WINDOWS\System32\svchost.exe[452] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03D50028
.text C:\WINDOWS\System32\svchost.exe[452] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03D50FDE
.text C:\WINDOWS\System32\svchost.exe[452] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03D5006F
.text C:\WINDOWS\System32\svchost.exe[452] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03D50FBC
.text C:\WINDOWS\System32\svchost.exe[452] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03D50FCD
.text C:\WINDOWS\System32\svchost.exe[452] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03D5009B
.text C:\WINDOWS\System32\svchost.exe[452] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03DB0FAF
.text C:\WINDOWS\System32\svchost.exe[452] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 03DB0F6F
.text C:\WINDOWS\System32\svchost.exe[452] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03DB0FC0
.text C:\WINDOWS\System32\svchost.exe[452] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 03DB0FDB
.text C:\WINDOWS\System32\svchost.exe[452] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 03DB0F80
.text C:\WINDOWS\System32\svchost.exe[452] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03DB0000
.text C:\WINDOWS\System32\svchost.exe[452] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 03DB0022
.text C:\WINDOWS\System32\svchost.exe[452] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03DB0011
.text C:\WINDOWS\System32\svchost.exe[452] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0268000A
.text C:\WINDOWS\System32\svchost.exe[452] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0267000A
.text C:\WINDOWS\System32\svchost.exe[452] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 03DA0F9A
.text C:\WINDOWS\System32\svchost.exe[452] msvcrt.dll!system 77C293C7 5 Bytes JMP 03DA0025
.text C:\WINDOWS\System32\svchost.exe[452] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 03DA0FC6
.text C:\WINDOWS\System32\svchost.exe[452] msvcrt.dll!_open 77C2F566 5 Bytes JMP 03DA0FEF
.text C:\WINDOWS\System32\svchost.exe[452] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 03DA0FB5
.text C:\WINDOWS\System32\svchost.exe[452] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 03DA0000
.text C:\WINDOWS\System32\svchost.exe[452] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 03D80000
.text C:\WINDOWS\System32\svchost.exe[452] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 03D80011
.text C:\WINDOWS\System32\svchost.exe[452] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 03D80FD1
.text C:\WINDOWS\System32\svchost.exe[452] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 03D80FC0
.text C:\WINDOWS\System32\svchost.exe[452] WS2_32.dll!socket 71AB4211 5 Bytes JMP 03D90000
.text C:\Program Files\Mozilla Firefox\firefox.exe[808] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0131000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[808] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0132000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[808] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0130000C
.text C:\WINDOWS\System32\svchost.exe[832] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 009C0FE5
.text C:\WINDOWS\System32\svchost.exe[832] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 009C0FB9
.text C:\WINDOWS\System32\svchost.exe[832] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009C0FD4
.text C:\WINDOWS\System32\svchost.exe[832] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B000A
.text C:\WINDOWS\System32\svchost.exe[832] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0078
.text C:\WINDOWS\System32\svchost.exe[832] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0F83
.text C:\WINDOWS\System32\svchost.exe[832] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0F9E
.text C:\WINDOWS\System32\svchost.exe[832] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B005B
.text C:\WINDOWS\System32\svchost.exe[832] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0036
.text C:\WINDOWS\System32\svchost.exe[832] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B00A6
.text C:\WINDOWS\System32\svchost.exe[832] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0095
.text C:\WINDOWS\System32\svchost.exe[832] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B00D9
.text C:\WINDOWS\System32\svchost.exe[832] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B00C8
.text C:\WINDOWS\System32\svchost.exe[832] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B00FE
.text C:\WINDOWS\System32\svchost.exe[832] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0FB9
.text C:\WINDOWS\System32\svchost.exe[832] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\System32\svchost.exe[832] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0F68
.text C:\WINDOWS\System32\svchost.exe[832] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0025
.text C:\WINDOWS\System32\svchost.exe[832] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B0FDE
.text C:\WINDOWS\System32\svchost.exe[832] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B00B7
.text C:\WINDOWS\System32\svchost.exe[832] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A0002C
.text C:\WINDOWS\System32\svchost.exe[832] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A00047
.text C:\WINDOWS\System32\svchost.exe[832] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A0001B
.text C:\WINDOWS\System32\svchost.exe[832] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A0000A
.text C:\WINDOWS\System32\svchost.exe[832] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A00F94
.text C:\WINDOWS\System32\svchost.exe[832] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A00FEF
.text C:\WINDOWS\System32\svchost.exe[832] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00A00FA5
.text C:\WINDOWS\System32\svchost.exe[832] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [C0, 88]
.text C:\WINDOWS\System32\svchost.exe[832] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A00FB6
.text C:\WINDOWS\System32\svchost.exe[832] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009F0047
.text C:\WINDOWS\System32\svchost.exe[832] msvcrt.dll!system 77C293C7 5 Bytes JMP 009F002C
.text C:\WINDOWS\System32\svchost.exe[832] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009F0FCD
.text C:\WINDOWS\System32\svchost.exe[832] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009F0000
.text C:\WINDOWS\System32\svchost.exe[832] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009F0FBC
.text C:\WINDOWS\System32\svchost.exe[832] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009F0011
.text C:\WINDOWS\System32\svchost.exe[832] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 009D0000
.text C:\WINDOWS\System32\svchost.exe[832] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 009D0FE5
.text C:\WINDOWS\System32\svchost.exe[832] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 009D001B
.text C:\WINDOWS\System32\svchost.exe[832] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 009D0FCA
.text C:\WINDOWS\System32\svchost.exe[832] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009E0000
.text C:\WINDOWS\system32\svchost.exe[1356] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 008D0000
.text C:\WINDOWS\system32\svchost.exe[1356] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 008D0FD4
.text C:\WINDOWS\system32\svchost.exe[1356] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 008D0FE5
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008C0000
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 008C0F6C
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 008C006B
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 008C005A
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 008C0F9B
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 008C0022
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 008C008D
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 008C007C
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008C00D4
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008C00B9
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008C00E5
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 008C003D
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008C0FDB
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 008C0F51
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 008C0FB6
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 008C0011
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008C00A8
.text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009D0FCA
.text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009D0091
.text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009D0FEF
.text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009D0025
.text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009D0076
.text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009D000A
.text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 009D005B
.text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009D0036
.text C:\WINDOWS\system32\svchost.exe[1356] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009C0055
.text C:\WINDOWS\system32\svchost.exe[1356] msvcrt.dll!system 77C293C7 5 Bytes JMP 009C003A
.text C:\WINDOWS\system32\svchost.exe[1356] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009C0029
.text C:\WINDOWS\system32\svchost.exe[1356] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009C0FEF
.text C:\WINDOWS\system32\svchost.exe[1356] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009C0FCA
.text C:\WINDOWS\system32\svchost.exe[1356] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009C000C
.text C:\WINDOWS\system32\svchost.exe[1356] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 008E0000
.text C:\WINDOWS\system32\svchost.exe[1356] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 008E0FE5
.text C:\WINDOWS\system32\svchost.exe[1356] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 008E0011
.text C:\WINDOWS\system32\svchost.exe[1356] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 008E0022
.text C:\WINDOWS\system32\svchost.exe[1356] WS2_32.dll!socket 71AB4211 5 Bytes JMP 008F0000
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1552] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1552] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\services.exe[1872] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F00FEF
.text C:\WINDOWS\system32\services.exe[1872] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F00FC0
.text C:\WINDOWS\system32\services.exe[1872] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F00000
.text C:\WINDOWS\system32\services.exe[1872] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EF0000
.text C:\WINDOWS\system32\services.exe[1872] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EF0F88
.text C:\WINDOWS\system32\services.exe[1872] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EF0F99
.text C:\WINDOWS\system32\services.exe[1872] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EF0073
.text C:\WINDOWS\system32\services.exe[1872] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EF0062
.text C:\WINDOWS\system32\services.exe[1872] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EF002C
.text C:\WINDOWS\system32\services.exe[1872] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EF0F4B
.text C:\WINDOWS\system32\services.exe[1872] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EF0F5C
.text C:\WINDOWS\system32\services.exe[1872] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EF00DA
.text C:\WINDOWS\system32\services.exe[1872] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EF00BF
.text C:\WINDOWS\system32\services.exe[1872] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00EF0F30
.text C:\WINDOWS\system32\services.exe[1872] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00EF0047
.text C:\WINDOWS\system32\services.exe[1872] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EF0FDB
.text C:\WINDOWS\system32\services.exe[1872] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00EF0F77
.text C:\WINDOWS\system32\services.exe[1872] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00EF001B
.text C:\WINDOWS\system32\services.exe[1872] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00EF0FCA
.text C:\WINDOWS\system32\services.exe[1872] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00EF00AE
.text C:\WINDOWS\system32\services.exe[1872] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01260025
.text C:\WINDOWS\system32\services.exe[1872] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01260073
.text C:\WINDOWS\system32\services.exe[1872] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01260014
.text C:\WINDOWS\system32\services.exe[1872] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01260FD4
.text C:\WINDOWS\system32\services.exe[1872] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01260062
.text C:\WINDOWS\system32\services.exe[1872] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01260FEF
.text C:\WINDOWS\system32\services.exe[1872] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01260051
.text C:\WINDOWS\system32\services.exe[1872] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01260036
.text C:\WINDOWS\system32\services.exe[1872] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FF0FD2
.text C:\WINDOWS\system32\services.exe[1872] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FF005D
.text C:\WINDOWS\system32\services.exe[1872] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FF0027
.text C:\WINDOWS\system32\services.exe[1872] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\services.exe[1872] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FF0042
.text C:\WINDOWS\system32\services.exe[1872] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FF000C
.text C:\WINDOWS\system32\services.exe[1872] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00F10FEF
.text C:\WINDOWS\system32\services.exe[1872] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00F10FDE
.text C:\WINDOWS\system32\services.exe[1872] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00F10FC3
.text C:\WINDOWS\system32\services.exe[1872] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00F1001E
.text C:\WINDOWS\system32\services.exe[1872] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F20FEF
.text C:\WINDOWS\system32\lsass.exe[1884] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\system32\lsass.exe[1884] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00D00FB9
.text C:\WINDOWS\system32\lsass.exe[1884] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D00FDE
.text C:\WINDOWS\system32\lsass.exe[1884] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CF0000
.text C:\WINDOWS\system32\lsass.exe[1884] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CF0F66
.text C:\WINDOWS\system32\lsass.exe[1884] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CF0F81
.text C:\WINDOWS\system32\lsass.exe[1884] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CF0F92
.text C:\WINDOWS\system32\lsass.exe[1884] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CF005B
.text C:\WINDOWS\system32\lsass.exe[1884] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CF0FC0
.text C:\WINDOWS\system32\lsass.exe[1884] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CF0F3A
.text C:\WINDOWS\system32\lsass.exe[1884] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CF0F4B
.text C:\WINDOWS\system32\lsass.exe[1884] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CF0F0E
.text C:\WINDOWS\system32\lsass.exe[1884] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CF0F1F
.text C:\WINDOWS\system32\lsass.exe[1884] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CF00C2
.text C:\WINDOWS\system32\lsass.exe[1884] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CF0FAF
.text C:\WINDOWS\system32\lsass.exe[1884] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CF0011
.text C:\WINDOWS\system32\lsass.exe[1884] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CF0076
.text C:\WINDOWS\system32\lsass.exe[1884] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CF002C
.text C:\WINDOWS\system32\lsass.exe[1884] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CF0FDB
.text C:\WINDOWS\system32\lsass.exe[1884] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CF009D
.text C:\WINDOWS\system32\lsass.exe[1884] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E9001B
.text C:\WINDOWS\system32\lsass.exe[1884] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E90047
.text C:\WINDOWS\system32\lsass.exe[1884] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E9000A
.text C:\WINDOWS\system32\lsass.exe[1884] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E90FD4
.text C:\WINDOWS\system32\lsass.exe[1884] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E90036
.text C:\WINDOWS\system32\lsass.exe[1884] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E90FE5
.text C:\WINDOWS\system32\lsass.exe[1884] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E90F8A
.text C:\WINDOWS\system32\lsass.exe[1884] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [09, 89]
.text C:\WINDOWS\system32\lsass.exe[1884] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E90FA5
.text C:\WINDOWS\system32\lsass.exe[1884] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D50084
.text C:\WINDOWS\system32\lsass.exe[1884] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D50069
.text C:\WINDOWS\system32\lsass.exe[1884] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D5003A
.text C:\WINDOWS\system32\lsass.exe[1884] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D5000C
.text C:\WINDOWS\system32\lsass.exe[1884] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D50FEF
.text C:\WINDOWS\system32\lsass.exe[1884] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D5001D
.text C:\WINDOWS\system32\lsass.exe[1884] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D20FEF
.text C:\WINDOWS\system32\lsass.exe[1884] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00D10FEF
.text C:\WINDOWS\system32\lsass.exe[1884] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00D1000A
.text C:\WINDOWS\system32\lsass.exe[1884] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00D1001B
.text C:\WINDOWS\system32\lsass.exe[1884] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00D1002C
.text C:\WINDOWS\System32\svchost.exe[2392] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00DE0FEF
.text C:\WINDOWS\System32\svchost.exe[2392] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00DE0FCD
.text C:\WINDOWS\System32\svchost.exe[2392] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DE0FDE
.text C:\WINDOWS\System32\svchost.exe[2392] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DD0FEF
.text C:\WINDOWS\System32\svchost.exe[2392] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DD0F88
.text C:\WINDOWS\System32\svchost.exe[2392] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DD0F99
.text C:\WINDOWS\System32\svchost.exe[2392] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DD0073
.text C:\WINDOWS\System32\svchost.exe[2392] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DD0058
.text C:\WINDOWS\System32\svchost.exe[2392] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DD0FC0
.text C:\WINDOWS\System32\svchost.exe[2392] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DD00AE
.text C:\WINDOWS\System32\svchost.exe[2392] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DD0F5C
.text C:\WINDOWS\System32\svchost.exe[2392] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DD00DA
.text C:\WINDOWS\System32\svchost.exe[2392] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DD0F4B
.text C:\WINDOWS\System32\svchost.exe[2392] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DD0F26
.text C:\WINDOWS\System32\svchost.exe[2392] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DD0047
.text C:\WINDOWS\System32\svchost.exe[2392] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DD000A
.text C:\WINDOWS\System32\svchost.exe[2392] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DD0F6D
.text C:\WINDOWS\System32\svchost.exe[2392] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DD002C
.text C:\WINDOWS\System32\svchost.exe[2392] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DD001B
.text C:\WINDOWS\System32\svchost.exe[2392] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DD00C9
.text C:\WINDOWS\System32\svchost.exe[2392] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DC0FB9
.text C:\WINDOWS\System32\svchost.exe[2392] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DC0F6B
.text C:\WINDOWS\System32\svchost.exe[2392] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DC0FDE
.text C:\WINDOWS\System32\svchost.exe[2392] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DC0FEF
.text C:\WINDOWS\System32\svchost.exe[2392] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DC0F7C
.text C:\WINDOWS\System32\svchost.exe[2392] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DC000A
.text C:\WINDOWS\System32\svchost.exe[2392] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00DC0F8D
.text C:\WINDOWS\System32\svchost.exe[2392] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [FC, 88]
.text C:\WINDOWS\System32\svchost.exe[2392] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DC0FA8
.text C:\WINDOWS\System32\svchost.exe[2392] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DB0FB2
.text C:\WINDOWS\System32\svchost.exe[2392] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DB0033
.text C:\WINDOWS\System32\svchost.exe[2392] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DB0FCD
.text C:\WINDOWS\System32\svchost.exe[2392] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DB0FEF
.text C:\WINDOWS\System32\svchost.exe[2392] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DB0018
.text C:\WINDOWS\System32\svchost.exe[2392] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DB0FDE
.text C:\WINDOWS\System32\svchost.exe[2392] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00D90FEF
.text C:\WINDOWS\System32\svchost.exe[2392] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00D90FDE
.text C:\WINDOWS\System32\svchost.exe[2392] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00D9000A
.text C:\WINDOWS\System32\svchost.exe[2392] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00D90025
.text C:\WINDOWS\System32\svchost.exe[2392] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DA0FE5
.text C:\WINDOWS\System32\svchost.exe[3016] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090FEF
.text C:\WINDOWS\System32\svchost.exe[3016] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090FC3
.text C:\WINDOWS\System32\svchost.exe[3016] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090FD4
.text C:\WINDOWS\System32\svchost.exe[3016] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001D0000
.text C:\WINDOWS\System32\svchost.exe[3016] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001D0062
.text C:\WINDOWS\System32\svchost.exe[3016] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001D0F6D
.text C:\WINDOWS\System32\svchost.exe[3016] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001D0F8A
.text C:\WINDOWS\System32\svchost.exe[3016] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001D0F9B
.text C:\WINDOWS\System32\svchost.exe[3016] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001D003D
.text C:\WINDOWS\System32\svchost.exe[3016] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001D00A4
.text C:\WINDOWS\System32\svchost.exe[3016] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001D0093
.text C:\WINDOWS\System32\svchost.exe[3016] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001D0F12
.text C:\WINDOWS\System32\svchost.exe[3016] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001D00B5
.text C:\WINDOWS\System32\svchost.exe[3016] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001D00C6
.text C:\WINDOWS\System32\svchost.exe[3016] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001D0FC0
.text C:\WINDOWS\System32\svchost.exe[3016] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001D0FE5
.text C:\WINDOWS\System32\svchost.exe[3016] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001D0F5C
.text C:\WINDOWS\System32\svchost.exe[3016] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001D002C
.text C:\WINDOWS\System32\svchost.exe[3016] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001D001B
.text C:\WINDOWS\System32\svchost.exe[3016] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001D0F37
.text C:\WINDOWS\System32\svchost.exe[3016] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002C0036
.text C:\WINDOWS\System32\svchost.exe[3016] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002C006C
.text C:\WINDOWS\System32\svchost.exe[3016] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002C001B
.text C:\WINDOWS\System32\svchost.exe[3016] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002C0FE5
.text C:\WINDOWS\System32\svchost.exe[3016] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002C005B
.text C:\WINDOWS\System32\svchost.exe[3016] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002C0000
.text C:\WINDOWS\System32\svchost.exe[3016] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002C0FAF
.text C:\WINDOWS\System32\svchost.exe[3016] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4C, 88]
.text C:\WINDOWS\System32\svchost.exe[3016] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002C0FC0
.text C:\WINDOWS\System32\svchost.exe[3016] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00410FBE
.text C:\WINDOWS\System32\svchost.exe[3016] msvcrt.dll!system 77C293C7 5 Bytes JMP 00410049
.text C:\WINDOWS\System32\svchost.exe[3016] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0041002E
.text C:\WINDOWS\System32\svchost.exe[3016] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00410000
.text C:\WINDOWS\System32\svchost.exe[3016] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00410FD9
.text C:\WINDOWS\System32\svchost.exe[3016] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0041001D
.text C:\WINDOWS\System32\svchost.exe[3016] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00790000
.text C:\WINDOWS\System32\svchost.exe[3016] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00790FE5
.text C:\WINDOWS\System32\svchost.exe[3016] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0079001B
.text C:\WINDOWS\System32\svchost.exe[3016] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00790FC0
.text C:\WINDOWS\System32\svchost.exe[3016] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001B0000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs MOBK.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\BTHUSB \Device\000000a0 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\000000a0 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\BTHUSB \Device\000000a2 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\000000a2 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 82CB0AC8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0010c6625867
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0010c6625867 (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\pt_PT.lproj\QuickTimeLocalized.qtr (size mismatch) 83232/163840 bytes executable
File C:\WINDOWS\system32\drivers\isapnp.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

"It's ironic that God gave Man both a pen*s and a brain, but unfortunately not enough blood supply to run both at the same time."

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:04 PM

Posted 29 April 2010 - 06:26 AM

Hi,

you can thank McAfee for the size. There's nothing wrong with the bloated part of your log. But (there's always a but, isn't there) this is very bad:
QUOTE
File C:\WINDOWS\system32\drivers\isapnp.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification


You have been infected by a nasty rootkit. It is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you decide to clean, then please run ComboFix and post the log in your next reply:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 H£nchman

H£nchman
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Location:London
  • Local time:06:04 PM

Posted 29 April 2010 - 03:57 PM

ComboFix Log

ComboFix 10-04-29.01 - Chris 29/04/2010 21:30:48.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.503.101 [GMT 1:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\drivers\isapnp.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-29 )))))))))))))))))))))))))))))))
.

2010-04-21 12:44 . 2010-04-21 12:44 -------- d-----w- C:\_OTM
2010-04-20 16:19 . 2010-04-12 16:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-20 12:48 . 2010-04-20 12:48 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-20 12:48 . 2010-04-22 21:37 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-20 12:48 . 2010-04-20 12:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-20 07:39 . 2010-04-20 07:40 10422352 ----a-w- c:\documents and settings\Chris\Application Data\Systweak\ASO3\ASO_Setup_4_20_2010.exe
2010-04-19 19:52 . 2010-04-19 19:52 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-19 19:52 . 2010-04-19 19:52 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-19 19:51 . 2010-04-19 19:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-04-19 19:51 . 2010-04-19 19:51 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-04-19 19:14 . 2010-04-19 19:14 52224 ----a-w- c:\documents and settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-19 19:14 . 2010-04-19 19:14 117760 ----a-w- c:\documents and settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-19 19:12 . 2010-04-19 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-19 19:11 . 2010-04-19 19:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-19 19:11 . 2010-04-19 19:11 -------- d-----w- c:\documents and settings\Chris\Application Data\SUPERAntiSpyware.com
2010-04-19 19:10 . 2010-04-19 19:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-19 10:01 . 2010-04-19 10:01 -------- d-----w- c:\documents and settings\Chris\Application Data\Backup Manager
2010-04-19 06:49 . 2010-02-19 17:49 288096 ----a-r- c:\documents and settings\Chris\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
2010-04-18 18:31 . 2010-04-18 18:31 -------- d-----w- c:\documents and settings\Chris\Application Data\Webroot
2010-04-18 17:40 . 2010-04-18 17:40 -------- d-----w- c:\documents and settings\Chris\Application Data\Javacool Software
2010-04-18 06:46 . 2010-04-18 06:46 -------- d-----w- c:\program files\EULAlyzer
2010-04-18 06:28 . 2010-04-18 06:28 -------- d-----w- c:\program files\ID-Blaster Plus
2010-04-18 06:15 . 2010-04-18 06:15 -------- d-----w- c:\program files\FileChecker
2010-04-18 05:56 . 2010-01-10 18:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-04-18 05:56 . 2010-04-18 05:56 -------- d-----w- c:\program files\SpywareBlaster
2010-04-18 05:08 . 2010-04-19 05:48 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Ashampoo
2010-04-17 05:08 . 2010-04-17 05:08 -------- d-----w- c:\documents and settings\Chris\Application Data\Malwarebytes
2010-04-17 05:07 . 2010-03-29 23:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-17 05:07 . 2010-04-17 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-17 05:07 . 2010-03-29 23:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-17 05:07 . 2010-04-17 05:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-15 15:10 . 2010-04-15 15:10 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\PC_Drivers_Headquarters
2010-04-15 15:07 . 2010-04-15 15:07 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2010-04-15 15:04 . 2010-04-15 15:04 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Downloaded Installations
2010-04-14 21:20 . 2010-04-14 22:15 -------- d-----w- c:\documents and settings\Chris\Application Data\Nero
2010-04-13 22:40 . 2010-04-13 22:40 3519152 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\DriverCure\Temp\DriverCure Installer.exe
2010-04-13 22:40 . 2010-04-13 22:40 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe
2010-04-13 22:00 . 2010-04-13 22:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel
2010-04-13 22:00 . 2010-04-13 22:00 -------- d-----w- c:\documents and settings\Default User\Application Data\Intel
2010-04-13 22:00 . 2010-04-13 22:00 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2010-04-13 21:58 . 2010-04-13 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2010-04-13 21:56 . 2010-04-13 21:56 -------- d-----w- c:\documents and settings\Chris\Application Data\Intel
2010-04-13 21:21 . 2010-04-13 21:21 -------- d-----w- C:\MPC
2010-04-13 21:17 . 2008-03-26 13:23 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-04-13 21:16 . 2010-04-13 21:16 -------- d-----w- C:\Intel
2010-04-13 20:03 . 2010-04-13 20:04 -------- d-----w- c:\documents and settings\Chris\Application Data\DriverCure
2010-04-13 20:00 . 2010-04-13 20:00 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-04-13 20:00 . 2010-04-14 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-04-13 20:00 . 2010-04-13 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-04-13 20:00 . 2010-04-13 20:00 -------- d-----w- c:\program files\ParetoLogic
2010-04-13 18:13 . 2010-04-13 18:13 -------- d-----w- c:\documents and settings\All Users\Uniblue
2010-04-13 15:29 . 2010-04-13 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2010-04-13 15:29 . 2010-04-18 20:58 -------- d-----w- c:\documents and settings\Chris\Application Data\Uniblue
2010-04-13 15:24 . 2010-04-18 20:58 -------- d-----w- c:\program files\Uniblue
2010-04-13 10:59 . 2010-04-13 10:59 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-04-13 10:37 . 2010-04-13 10:37 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-04-12 22:31 . 2008-02-28 12:26 1414440 ----a-w- c:\windows\system32\ShellManager310E2D762.dll
2010-04-12 20:12 . 2010-04-17 07:34 162968 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-12 20:09 . 2010-04-12 20:09 -------- d-----w- c:\program files\MSXML 4.0
2010-04-12 17:12 . 2010-04-12 17:12 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Nero
2010-04-12 15:47 . 2010-04-14 18:08 -------- d-----w- c:\program files\Windows Sidebar
2010-04-12 15:05 . 2010-04-14 20:11 -------- d-----w- c:\program files\Nero
2010-04-12 15:04 . 2010-04-14 20:12 -------- d-----w- c:\program files\Common Files\Nero
2010-04-12 03:27 . 2010-04-14 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-04-11 21:05 . 2010-04-11 21:05 -------- d-----w- c:\windows\Performance
2010-04-11 21:04 . 2010-04-11 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Corporation
2010-04-11 20:54 . 2010-04-13 21:22 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-11 07:36 . 2010-04-11 07:36 181096 ----a-w- c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\l8gdjogg.default\FlashGot.exe
2010-04-10 23:29 . 2010-04-10 23:29 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\WMTools Downloaded Files
2010-04-10 19:43 . 2010-04-10 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Systweak
2010-04-10 19:36 . 2010-01-30 14:00 17136 ----a-w- c:\windows\system32\sasnative32.exe
2010-04-10 19:36 . 2010-04-20 07:45 -------- d-----w- c:\program files\Advanced System Optimizer 3
2010-04-10 19:16 . 2010-04-10 19:38 -------- d-----w- c:\documents and settings\Chris\Application Data\Systweak
2010-04-05 18:08 . 2010-04-05 18:08 -------- d-----w- c:\program files\Haali
2010-04-05 06:47 . 2010-03-02 23:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-04-05 06:46 . 2010-04-05 06:47 -------- d-----w- c:\program files\ffdshow
2010-04-05 05:38 . 2010-04-11 15:36 -------- d-----w- c:\documents and settings\Chris\Application Data\Apple Computer
2010-04-05 05:33 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-04-05 05:33 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-04-05 05:27 . 2010-04-05 05:27 -------- d-----w- c:\program files\iPod
2010-04-05 05:26 . 2010-04-05 05:33 -------- d-----w- c:\program files\iTunes
2010-04-05 05:26 . 2010-04-05 05:33 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-05 05:20 . 2010-04-05 05:22 -------- d-----w- c:\program files\QuickTime
2010-04-05 05:20 . 2010-04-05 05:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-05 05:19 . 2010-04-05 05:19 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Apple
2010-04-05 05:19 . 2010-04-05 05:19 -------- d-----w- c:\program files\Apple Software Update
2010-04-05 05:17 . 2010-04-05 05:17 -------- d-----w- c:\program files\Bonjour
2010-04-05 05:16 . 2010-04-05 05:27 -------- d-----w- c:\program files\Common Files\Apple
2010-04-05 05:16 . 2010-04-05 05:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-04-05 05:15 . 2010-04-11 15:36 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Apple Computer
2010-04-05 04:07 . 2010-04-05 04:07 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-04-05 04:04 . 2010-04-05 04:04 -------- d-----w- c:\program files\Microsoft.NET
2010-04-05 04:04 . 2010-04-05 04:04 -------- d-----w- c:\documents and settings\All Users\Microsoft
2010-04-05 04:00 . 2010-04-05 04:00 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-04-05 03:53 . 2010-04-05 03:53 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-04-05 03:52 . 2010-04-05 04:07 -------- d-----w- c:\windows\SHELLNEW
2010-04-05 03:44 . 2010-04-05 03:44 -------- d-----r- C:\MSOCache
2010-04-05 02:55 . 2010-04-05 03:23 -------- d-----w- c:\documents and settings\Chris\Application Data\Download Manager
2010-04-05 01:41 . 2010-04-05 01:41 0 ----a-w- c:\windows\nsreg.dat
2010-04-05 01:40 . 2010-04-05 01:40 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Mozilla
2010-04-04 18:27 . 2010-04-04 18:27 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-04 17:57 . 2008-04-14 00:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-04-04 17:57 . 2008-04-14 00:12 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-04-04 17:57 . 2008-04-14 00:11 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2010-04-04 17:57 . 2008-04-14 00:11 28160 ----a-w- c:\windows\system32\irmon.dll
2010-04-04 17:57 . 2008-04-14 00:12 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2010-04-04 17:57 . 2008-04-14 00:12 151552 ----a-w- c:\windows\system32\irftp.exe
2010-04-04 10:11 . 2010-04-04 10:16 -------- d-----w- c:\windows\system32\Adobe
2010-04-04 05:06 . 2010-04-04 05:08 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-04 03:51 . 2010-04-04 03:51 -------- d-----w- c:\windows\Sun
2010-04-04 03:51 . 2010-04-04 03:51 -------- d-----w- c:\program files\Common Files\Java
2010-04-04 03:50 . 2010-04-04 03:50 503808 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6d108232-n\msvcp71.dll
2010-04-04 03:50 . 2010-04-04 03:50 12800 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-592bf186-n\decora-d3d.dll
2010-04-04 03:50 . 2010-04-04 03:50 499712 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6d108232-n\jmc.dll
2010-04-04 03:50 . 2010-04-04 03:50 61440 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-592bf186-n\decora-sse.dll
2010-04-04 03:50 . 2010-04-04 03:50 348160 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6d108232-n\msvcr71.dll
2010-04-04 03:48 . 2010-04-20 16:19 -------- d-----w- c:\program files\Java
2010-04-03 18:32 . 2010-04-03 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-04-03 17:15 . 2010-04-03 17:15 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Microsoft Help
2010-04-03 17:15 . 2010-04-05 05:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-03 14:47 . 2003-06-23 00:44 1415680 ----a-w- c:\windows\system32\wmv9vcm.dll
2010-04-03 01:23 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-04-03 01:20 . 2008-04-13 18:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-04-02 19:08 . 2010-04-02 19:08 50688 ----a-w- c:\windows\system32\wbhelp2.dll
2010-04-02 17:09 . 2010-04-02 17:09 -------- d-----w- c:\program files\McAfeeMOBK

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-27 13:11 . 2002-02-27 23:16 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys
2010-04-13 22:22 . 2010-04-01 06:03 -------- d-----w- c:\program files\Sigmatel
2010-04-13 22:00 . 2010-04-19 18:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intel
2010-04-02 03:44 . 2010-04-01 00:46 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-04-01 06:03 . 2010-04-01 06:03 -------- d-----w- c:\program files\CONEXANT
2010-04-01 00:47 . 2010-04-01 00:47 -------- d-----w- c:\program files\microsoft frontpage
2010-04-01 00:47 . 2010-04-01 00:47 2678 ----a-w- c:\windows\java\Packages\Data\VZ77FHBV.DAT
2010-04-01 00:47 . 2010-04-01 00:47 558142 ----a-w- c:\windows\java\Packages\7JX7HVJP.ZIP
2010-04-01 00:47 . 2010-04-01 00:47 2678 ----a-w- c:\windows\java\Packages\Data\7B7FVZZL.DAT
2010-04-01 00:47 . 2010-04-01 00:47 155995 ----a-w- c:\windows\java\Packages\0XZ9V393.ZIP
2010-04-01 00:47 . 2010-04-01 00:47 2678 ----a-w- c:\windows\java\Packages\Data\WGKZDZH7.DAT
2010-04-01 00:47 . 2010-04-01 00:47 2678 ----a-w- c:\windows\java\Packages\Data\IANPFTRT.DAT
2010-04-01 00:47 . 2010-04-01 00:47 2678 ----a-w- c:\windows\java\Packages\Data\DB7ZHVZ1.DAT
2010-04-01 00:39 . 2010-04-01 00:39 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-26 00:48 . 2010-03-26 00:48 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-10 06:15 . 2002-08-29 03:41 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 06:05 . 2010-02-26 06:05 81920 ------w- c:\windows\system32\ieencode.dll
2010-02-25 06:24 . 2006-06-23 10:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2002-08-29 01:59 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 08:10 . 2002-08-29 02:03 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2002-08-29 01:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:46 . 2010-02-12 10:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46 . 2010-02-12 10:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:33 . 2006-08-16 12:14 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2002-08-29 01:37 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-04-14 11:29 . 2010-04-05 05:37 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-03 20:12 556432 ----a-w- c:\progra~1\MI1933~1\Office14\URLREDIR.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-02-05 20:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-02-05 20:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-02-05 20:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F5D8051v3"="c:\program files\Belkin\F5D8051v3\Belkinwcui.exe" [2007-11-08 1630208]
"igfxtray"="c:\windows\System32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\System32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\System32\igfxpers.exe" [2005-10-14 114688]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-01 1180976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-03-04 999424]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-03-04 1101824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [17/11/2009 11:15 63080]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [02/04/2010 16:38 82952]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [02/04/2010 18:08 54776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11:15 66632]
R2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files\Advanced System Optimizer 3\ASO3DefragSrv.exe [10/04/2010 20:36 238824]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [02/04/2010 16:38 271480]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [02/04/2010 16:38 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [02/04/2010 16:38 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [02/04/2010 16:39 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [02/04/2010 16:39 141792]
R2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [05/02/2010 21:14 229688]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [02/04/2010 16:38 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [02/04/2010 16:38 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [02/04/2010 16:38 88480]
S3 ADASPROT;SYSTWEAKASO;c:\program files\Advanced System Optimizer 3\adasprot32.sys [10/04/2010 20:36 6656]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [02/04/2010 16:38 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [02/04/2010 16:38 83496]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [29/10/2009 10:22 30603640]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [26/09/2009 04:28 4639136]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11:15 12872]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2010-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2010-04-27 c:\windows\Tasks\ASO-AntiSpyware.job
- c:\program files\Advanced System Optimizer 3\systemprotector.exe [2010-04-10 16:15]

2010-04-27 c:\windows\Tasks\ASO-DiskOptimizer.job
- c:\program files\Advanced System Optimizer 3\DiskOptimizer.exe [2010-04-10 16:15]

2010-04-27 c:\windows\Tasks\ASO-Driver Updater.job
- c:\program files\Advanced System Optimizer 3\DriverUpdater.exe [2010-04-10 16:14]

2010-04-20 c:\windows\Tasks\ASO-OneClickCare.job
- c:\program files\Advanced System Optimizer 3\ASO3.exe [2010-04-10 16:15]

2010-04-27 c:\windows\Tasks\ASO-PrivacyProtector.job
- c:\program files\Advanced System Optimizer 3\PrivacyProtector.exe [2010-04-10 16:14]

2010-04-27 c:\windows\Tasks\ASO-RegistryCleaner.job
- c:\program files\Advanced System Optimizer 3\RegClean.exe [2010-04-10 16:15]

2010-04-27 c:\windows\Tasks\ASO-RegistryOptimizer.job
- c:\program files\Advanced System Optimizer 3\RegistryOptimizer.exe [2010-04-10 16:15]

2010-04-27 c:\windows\Tasks\ASO-SystemCleaner.job
- c:\program files\Advanced System Optimizer 3\SystemCleaner.exe [2010-04-10 16:15]

2010-04-26 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-02-27 20:58]

2010-04-29 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-04-16 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

2010-04-29 c:\windows\Tasks\User_Feed_Synchronization-{0AB6D372-B9CF-4FF3-99AE-F7BA2D56DDEE}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
Trusted Zone: internet
Trusted Zone: mcafee.com
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\l8gdjogg.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\progra~1\MI1933~1\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MI1933~1\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Ashampoo AntiSpyWare 2 Guard - c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-29 21:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1320)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\netprovcredman.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2010-04-29 21:46:10
ComboFix-quarantined-files.txt 2010-04-29 20:46

Pre-Run: 58,800,705,536 bytes free
Post-Run: 58,935,095,296 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut

- - End Of File - - 5505AB071D4455AD67CB5907E55A3BD1


I'd so much rather have the computer disinfected because re-installs or reboots would mean a loss of progams... heh I don't really want to go through all that again. But I will always use caution when using my computer... I doubt I'll use it for finance anyway or any other such personal matters.
"It's ironic that God gave Man both a pen*s and a brain, but unfortunately not enough blood supply to run both at the same time."

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:04 PM

Posted 30 April 2010 - 08:15 AM

Hi,

this is looking rather good. smile.gif How is your PC behaving?

Please provide a new log from OTL and a scan with Eset:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 H£nchman

H£nchman
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Location:London
  • Local time:06:04 PM

Posted 04 May 2010 - 12:52 PM

it seems to be much better now myrti, thanks a bunch.

heres the eset scan:

C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\isapnp.sys.vir Win32/Patched.EQ trojan deleted - quarantined
C:\_OTM\MovedFiles\04212010_134439\C_Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0OJ2QMEC\s002106201317r0809Rb9eec031X801e9ff7Ycbd00fb7Z0100f080[1].pdf JS/Exploit.Pdfka.NXM trojan cleaned by deleting - quarantined
C:\_OTM\MovedFiles\04212010_134439\C_Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NC0MR8LD\s002106201317r0809R01a6bd57X801d49b2Ycbd00fb7Z0100f080[1].pdf JS/Exploit.Pdfka.NXM trojan cleaned by deleting - quarantined
C:\_OTM\MovedFiles\04212010_134439\C_Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZYPFM4KH\s002106201317r0809Rbf6fdd63X801d4f9bYcbd00fb7Z0100f080[1].pdf JS/Exploit.Pdfka.NXM trojan cleaned by deleting - quarantined

it gives me a checkbox option to delete quarantined files.... should i check it?
"It's ironic that God gave Man both a pen*s and a brain, but unfortunately not enough blood supply to run both at the same time."

#11 H£nchman

H£nchman
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Location:London
  • Local time:06:04 PM

Posted 04 May 2010 - 01:24 PM

oh i forgot the OTL txt:

OTL logfile created on: 04/05/2010 18:54:27 - Run 2
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

503.00 Mb Total Physical Memory | 32.00 Mb Available Physical Memory | 6.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 36.00% Paging File free
Paging file location(s): C:\pagefile.sys 754 754 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 54.69 Gb Free Space | 73.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WORLD-GO1RMOOJQ
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/27 20:28:50 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
PRC - [2010/04/19 17:15:00 | 000,238,824 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
PRC - [2010/04/14 12:29:58 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2010/04/14 12:29:58 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
PRC - [2010/04/01 23:05:04 | 001,180,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/04/01 19:00:32 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/05 21:14:42 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe
PRC - [2010/01/05 18:04:02 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009/10/26 15:45:46 | 000,542,272 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
PRC - [2009/10/26 15:45:38 | 000,843,032 | ---- | M] () -- C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
PRC - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/04 14:55:56 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2008/03/04 14:46:16 | 000,999,424 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2008/03/04 14:44:12 | 000,364,544 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2008/03/04 14:41:50 | 001,101,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2008/03/04 14:37:38 | 000,688,128 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2008/03/04 14:34:38 | 001,187,840 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2008/03/04 14:30:12 | 000,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/11/08 11:06:38 | 001,630,208 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D8051v3\Belkinwcui.exe


========== Modules (SafeList) ==========

MOD - [2010/04/27 20:28:50 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/04/19 17:15:00 | 000,238,824 | ---- | M] (Systweak Inc., (www.systweak.com)) [Auto | Running] -- C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe -- (ASO3DiskOptimizer)
SRV - [2010/04/14 12:29:58 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/04/14 12:29:58 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/10 12:21:58 | 000,822,048 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\WINDOWS\Temp\0274241272957357mcinst.exe -- (0274241272957357mcinstcleanup) McAfee Application Installer Cleanup (0274241272957357)
SRV - [2010/03/10 11:16:56 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/02/05 21:14:42 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/01/05 18:04:02 | 000,170,144 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/29 10:22:50 | 030,603,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/09/26 04:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/03/04 14:55:56 | 000,823,296 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2008/03/04 14:44:12 | 000,364,544 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2008/03/04 14:34:38 | 001,187,840 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2008/03/04 14:30:12 | 000,483,328 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®


========== Driver Services (SafeList) ==========

DRV - [2010/04/14 12:29:58 | 000,385,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/04/14 12:29:58 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/04/14 12:29:58 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/04/14 12:29:58 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/04/14 12:29:58 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/04/14 12:29:58 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/04/14 12:29:58 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/04/14 12:29:58 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/04/14 12:29:58 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/04/14 12:29:58 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/05 21:13:48 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2010/01/30 15:00:22 | 000,006,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Advanced System Optimizer 3\adasprot32.sys -- (ADASPROT)
DRV - [2009/11/17 11:15:28 | 000,063,080 | ---- | M] (McAfee) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\McPvDrv.sys -- (McPvDrv)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/03/04 16:06:22 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/01/07 14:36:16 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2007/04/25 14:47:42 | 000,485,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 15:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1757981266-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com
IE - HKU\S-1-5-21-1757981266-162531612-725345543-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1757981266-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1757981266-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/04/21 01:12:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/27 20:13:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/20 17:19:46 | 000,000,000 | ---D | M]

[2010/04/05 02:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions
[2010/05/04 07:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\l8gdjogg.default\extensions
[2010/04/11 08:35:59 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\l8gdjogg.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/04/27 20:42:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\l8gdjogg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/05 03:12:16 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\l8gdjogg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/11 06:26:06 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\l8gdjogg.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/05/04 07:44:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/20 17:19:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/14 12:29:58 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/01 17:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 17:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/01 17:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/01 17:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2002/02/28 00:16:18 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20100427201358.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-1757981266-162531612-725345543-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1757981266-162531612-725345543-1003\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [F5D8051v3] C:\Program Files\Belkin\F5D8051v3\Belkinwcui.exe (Belkin)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1757981266-162531612-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1757981266-162531612-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1757981266-162531612-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1757981266-162531612-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1757981266-162531612-725345543-1003\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1757981266-162531612-725345543-1003\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1757981266-162531612-725345543-1003\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1757981266-162531612-725345543-1003\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1270089266859 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/01 01:47:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sasnative32) - C:\WINDOWS\System32\sasnative32.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/04 08:13:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/05/04 07:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/04/29 21:21:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/29 21:10:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/29 21:10:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/29 21:10:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/29 21:10:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/29 21:09:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/29 21:05:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/27 20:28:48 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2010/04/22 22:09:41 | 000,729,440 | ---- | C] (Iron Source) -- C:\Documents and Settings\Chris\Desktop\Babylon8_setup.exe
[2010/04/21 13:44:39 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/04/21 13:41:40 | 000,510,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTM.exe
[2010/04/20 17:19:46 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/20 17:19:46 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/20 17:19:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/20 17:19:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/20 13:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/19 20:12:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/19 20:11:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com
[2010/04/19 20:11:31 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/19 20:10:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/04/19 19:28:34 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\TFC.exe
[2010/04/19 11:01:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Backup Manager
[2010/04/19 11:01:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Backup Manager
[2010/04/18 19:31:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Webroot
[2010/04/18 18:40:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Javacool Software
[2010/04/18 07:46:20 | 000,000,000 | ---D | C] -- C:\Program Files\EULAlyzer
[2010/04/18 07:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\ID-Blaster Plus
[2010/04/18 07:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\FileChecker
[2010/04/18 06:56:40 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSSTDFMT.DLL
[2010/04/18 06:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/04/18 06:08:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Ashampoo
[2010/04/17 06:08:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Malwarebytes
[2010/04/17 06:07:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/17 06:07:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/17 06:07:18 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/17 06:07:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/17 05:22:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Spycheck
[2010/04/15 20:17:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/15 16:10:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/15 16:10:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\PC_Drivers_Headquarters
[2010/04/15 16:07:19 | 000,000,000 | ---D | C] -- C:\Program Files\PC Drivers HeadQuarters
[2010/04/15 16:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Downloaded Installations
[2010/04/14 22:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Nero
[2010/04/14 02:17:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\CD
[2010/04/13 23:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2010/04/13 23:00:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2010/04/13 22:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2010/04/13 22:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Intel
[2010/04/13 22:21:33 | 000,000,000 | ---D | C] -- C:\MPC
[2010/04/13 22:17:53 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2010/04/13 22:16:29 | 000,000,000 | ---D | C] -- C:\Intel
[2010/04/13 21:59:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloads
[2010/04/13 21:03:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\DriverCure
[2010/04/13 21:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2010/04/13 21:00:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/04/13 21:00:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/04/13 21:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2010/04/13 19:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue
[2010/04/13 16:29:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2010/04/13 16:29:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Uniblue
[2010/04/13 16:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/04/13 11:59:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/04/13 11:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/04/12 23:31:12 | 001,414,440 | ---- | C] (Nero AG) -- C:\WINDOWS\System32\ShellManager310E2D762.dll
[2010/04/12 21:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/04/12 20:28:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\NeroVision
[2010/04/12 18:12:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Nero
[2010/04/12 18:10:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Nero Collections
[2010/04/12 16:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/04/12 16:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/04/12 16:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/04/12 04:27:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010/04/12 04:26:26 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2010/04/11 22:05:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2010/04/11 22:04:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
[2010/04/11 21:54:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/04/11 00:47:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/04/11 00:29:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\WMTools Downloaded Files
[2010/04/10 20:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Systweak
[2010/04/10 20:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced System Optimizer 3
[2010/04/10 20:16:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Systweak
[2010/04/05 19:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\Haali
[2010/04/05 07:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2010/04/05 06:38:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Apple Computer
[2010/04/05 06:33:28 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/04/05 06:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/05 06:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/05 06:26:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/05 06:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/05 06:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/04/05 06:19:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Apple
[2010/04/05 06:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/04/05 06:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/05 06:16:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/04/05 06:16:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/04/05 06:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Apple Computer
[2010/04/05 05:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/04/05 05:06:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/04/05 05:04:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/04/05 05:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2010/04/05 05:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/04/05 04:53:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/04/05 04:52:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/04/05 04:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/04/05 04:44:27 | 000,000,000 | R--D | C] -- C:\MSOCache
[2010/04/05 03:55:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Download Manager
[2010/04/05 03:48:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\VBA
[2010/04/05 03:22:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Downloads
[2010/04/05 02:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla
[2010/04/05 02:40:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Mozilla
[2010/04/05 02:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/04/04 18:57:21 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2010/04/04 18:57:20 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe

========== Files - Modified Within 30 Days ==========

[2010/05/04 18:00:01 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/05/04 17:12:46 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0AB6D372-B9CF-4FF3-99AE-F7BA2D56DDEE}.job
[2010/05/04 11:38:37 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/04 07:39:25 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/05/04 07:38:43 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\esetsmartinstaller_enu.exe
[2010/05/04 07:31:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/04 07:31:28 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/04 07:31:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/30 10:43:57 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Chris\ntuser.ini
[2010/04/30 10:43:56 | 005,767,168 | ---- | M] () -- C:\Documents and Settings\Chris\NTUSER.DAT
[2010/04/30 03:08:38 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2010/04/30 01:04:27 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure.job
[2010/04/30 00:20:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ASO-RegistryOptimizer.job
[2010/04/30 00:20:00 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\ASO-PrivacyProtector.job
[2010/04/30 00:20:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\ASO-DiskOptimizer.job
[2010/04/30 00:20:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\ASO-SystemCleaner.job
[2010/04/30 00:20:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\ASO-AntiSpyware.job
[2010/04/30 00:20:00 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\ASO-RegistryCleaner.job
[2010/04/29 21:41:24 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/29 21:21:36 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2010/04/29 20:39:08 | 003,924,018 | R--- | M] () -- C:\Documents and Settings\Chris\Desktop\ComboFix.exe
[2010/04/27 20:28:50 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2010/04/27 14:11:16 | 000,037,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapnp.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/24 13:10:44 | 000,000,202 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\default.rss
[2010/04/24 13:09:49 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/22 22:37:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/22 22:09:42 | 000,729,440 | ---- | M] (Iron Source) -- C:\Documents and Settings\Chris\Desktop\Babylon8_setup.exe
[2010/04/21 20:22:45 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\gmer.zip
[2010/04/21 20:08:21 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\dds.scr
[2010/04/21 20:05:29 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Chris\defogger_reenable
[2010/04/21 19:58:14 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Defogger.exe
[2010/04/21 13:41:52 | 000,510,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTM.exe
[2010/04/20 13:48:42 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/20 08:44:45 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Smart PC Care.lnk
[2010/04/20 08:44:44 | 000,001,923 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced System Optimizer.lnk
[2010/04/20 07:33:41 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\ASO-OneClickCare.job
[2010/04/19 20:48:01 | 006,432,060 | -H-- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\IconCache.db
[2010/04/19 20:12:11 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/19 20:10:27 | 007,899,168 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\SUPERAntiSpyware.exe
[2010/04/19 19:28:36 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\TFC.exe
[2010/04/19 19:05:43 | 000,451,584 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\CKScanner.exe
[2010/04/19 07:05:18 | 000,000,212 | ---- | M] () -- C:\Boot.bak
[2010/04/18 21:58:16 | 000,000,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpeedUpMyPC.lnk
[2010/04/18 18:42:30 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegistryBooster.lnk
[2010/04/18 07:46:22 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\EULAlyzer.lnk
[2010/04/18 07:32:26 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\ID-Blaster Plus.lnk
[2010/04/18 06:56:43 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\SpywareBlaster.lnk
[2010/04/18 04:38:30 | 000,002,681 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Driver Detective.lnk
[2010/04/17 06:07:47 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/16 21:09:28 | 000,001,316 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\My DAP Downloads.lnk
[2010/04/14 20:32:11 | 000,002,327 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010/04/14 12:29:58 | 000,385,536 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/04/14 12:29:58 | 000,312,616 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/04/14 12:29:58 | 000,152,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/04/14 12:29:58 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/04/14 12:29:58 | 000,088,480 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/04/14 12:29:58 | 000,083,496 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/04/14 12:29:58 | 000,082,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/04/14 12:29:58 | 000,055,456 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/04/14 12:29:58 | 000,051,688 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/04/14 12:29:58 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/04/13 23:40:43 | 000,000,864 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ParetoLogic DriverCure.lnk
[2010/04/13 21:06:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/13 20:48:59 | 002,004,269 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/04/13 19:11:56 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DriverScanner.lnk
[2010/04/12 18:10:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\downloads.m3u
[2010/04/12 17:29:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/12 17:29:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/12 15:19:02 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/11 23:13:01 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/11 07:22:06 | 000,000,050 | ---- | M] () -- C:\WINDOWS\MegaManager.INI
[2010/04/11 00:18:07 | 000,000,177 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010/04/10 19:25:19 | 000,466,928 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/10 19:25:19 | 000,080,472 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/10 19:25:18 | 000,553,154 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/05 20:38:16 | 000,070,760 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/05 06:51:05 | 000,270,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/05 06:34:08 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/05 06:21:54 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/05 04:57:26 | 000,000,592 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/05 02:41:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/04/05 02:40:21 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2010/05/04 07:38:32 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\esetsmartinstaller_enu.exe
[2010/05/04 07:32:16 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/04/29 21:21:35 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2010/04/29 21:21:24 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/29 21:10:48 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/29 21:10:47 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/29 21:10:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/29 21:10:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/29 21:10:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/29 20:38:04 | 003,924,018 | R--- | C] () -- C:\Documents and Settings\Chris\Desktop\ComboFix.exe
[2010/04/21 20:26:03 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\gmer.exe
[2010/04/21 20:22:44 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\gmer.zip
[2010/04/21 20:08:20 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\dds.scr
[2010/04/21 20:05:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Chris\defogger_reenable
[2010/04/21 19:58:12 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Defogger.exe
[2010/04/20 13:48:42 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/20 13:48:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/19 20:12:11 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/19 20:09:41 | 007,899,168 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\SUPERAntiSpyware.exe
[2010/04/19 19:05:21 | 000,451,584 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\CKScanner.exe
[2010/04/18 21:58:16 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpeedUpMyPC.lnk
[2010/04/18 18:42:30 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegistryBooster.lnk
[2010/04/18 07:46:22 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\EULAlyzer.lnk
[2010/04/18 07:32:26 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\ID-Blaster Plus.lnk
[2010/04/18 06:56:43 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\SpywareBlaster.lnk
[2010/04/17 06:07:47 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/15 16:07:20 | 000,002,681 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Driver Detective.lnk
[2010/04/14 20:32:11 | 000,002,327 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010/04/13 21:03:53 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/04/13 21:01:26 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\DriverCure.job
[2010/04/13 21:01:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2010/04/13 21:01:01 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ParetoLogic DriverCure.lnk
[2010/04/13 19:11:56 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriverScanner.lnk
[2010/04/12 23:31:13 | 000,774,144 | ---- | C] () -- C:\WINDOWS\System32\NEROINSTAEC43759.DB
[2010/04/12 21:12:09 | 000,162,968 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/12 18:24:26 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/12 18:10:40 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\default.rss
[2010/04/12 18:10:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\downloads.m3u
[2010/04/11 07:17:38 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2010/04/11 02:18:33 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\ASO-RegistryOptimizer.job
[2010/04/11 02:16:40 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\ASO-SystemCleaner.job
[2010/04/11 02:16:23 | 000,000,440 | ---- | C] () -- C:\WINDOWS\tasks\ASO-PrivacyProtector.job
[2010/04/11 02:16:08 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\ASO-RegistryCleaner.job
[2010/04/11 02:15:36 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\ASO-DiskOptimizer.job
[2010/04/11 02:14:56 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\ASO-AntiSpyware.job
[2010/04/11 01:21:51 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\ASO-OneClickCare.job
[2010/04/11 00:17:04 | 000,000,177 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2010/04/10 20:36:57 | 000,017,136 | ---- | C] () -- C:\WINDOWS\System32\sasnative32.exe
[2010/04/10 20:36:40 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Smart PC Care.lnk
[2010/04/10 20:36:39 | 000,001,923 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced System Optimizer.lnk
[2010/04/05 07:47:05 | 000,050,688 | ---- | C] () -- C:\WINDOWS\System32\ff_acm.acm
[2010/04/05 07:47:05 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/04/05 07:47:01 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/04/05 06:34:08 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/05 06:21:54 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/05 06:19:50 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/05 02:41:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/05 02:40:21 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/04/01 02:15:39 | 000,005,226 | ---- | C] () -- C:\WINDOWS\System32\ucuiinfo.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/07/20 10:14:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[1998/08/31 10:40:10 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\vbcrc.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84098FD3
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:010ADD2C
< End of report >

smile.gif
"It's ironic that God gave Man both a pen*s and a brain, but unfortunately not enough blood supply to run both at the same time."

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:04 PM

Posted 10 May 2010 - 10:10 AM

Hi,

the log is actually looking good. The files found are in the quarantine of OTL and ComboFix which we used earlier. We will remove them once everything else is cleared.

Is there anything left that isn't working as supposed to?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 H£nchman

H£nchman
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Location:London
  • Local time:06:04 PM

Posted 12 May 2010 - 10:42 AM

Hey thank you so much, I'm indebted to you,

that's a relief... Everything seems to be running perfectly in order.
Now all thats left I guess, is the clearing up of my desktop? And to enable the thing from the defogger program?

Chris
"It's ironic that God gave Man both a pen*s and a brain, but unfortunately not enough blood supply to run both at the same time."

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:04 PM

Posted 12 May 2010 - 11:31 AM

Hi,

since your software seems up to date I think that all that is left to do is to remove the programs we used indeed.
To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Please do the following to clean up your PC:
  1. Delete the tools used during the disinfection:
  2. Uninstall ComboFix.exe And all Backups of the files it deleted
    • Click START then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Download OTC from the following mirror and save it to your desktop:
    • Double click on
    • Push the large "Cleanup" button.
    • Allow your system to reboot.
  3. If OTC faild to remove all programs from your Desktop, please delete the rest manually.
Please read these advices, in order to prevent reinfecting your PC:
  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  2. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holeswill allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  3. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  4. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variantsevery single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing sad.gif.
Some more links you might find of interest:Have a nice day
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 H£nchman

H£nchman
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Location:London
  • Local time:06:04 PM

Posted 12 May 2010 - 04:46 PM

Thank you once again Myrti,

TFC and Eset were left behind are these needed? Also what should i do with all these logs hehe?

Chris
"It's ironic that God gave Man both a pen*s and a brain, but unfortunately not enough blood supply to run both at the same time."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users