Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojans.FakeAv!, Backdoor.Tidserf!, Hacktool.root kit Attack Need Help


  • This topic is locked This topic is locked
21 replies to this topic

#1 Shownuff808

Shownuff808

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 14 May 2010 - 11:36 AM

I contracted a pretty nasty infection of some kind and I’m in desperate need of some knowledgeable assistance. Last night while working my computer gave me a warning that my firewall was being disabled. I then attempted to re-enable it and a slew of Norton static and trojan activity and began a loop of deleting, quarantining, and repairing the same files (hacktools.rootkit, trojans, backdoors). I assume it was making copies of itself. I disconnected from the net and attempted to hunt down the root of the prob, which I assume came from the install of some plugin's from a questionable source.

1. Initially the System locked me out of component services, control panel, Norton
2. Attempted a reboot and a scan in safe mode with Norton Corp to no avail - hangs while loading.
3. Restarted normally and installed malware bits found errors (Lsass.exe on C:\, smss.exe & rza.exe in temp directory, eqoxym.exe....) and repaired and rebooted.
4. Rescanned with malbits on reboot no infections.
5. Noticed two smss.exe and a questionable svhost .exe(both sourced in the hidden c:\system volume information file) services running and occasional random iexplore.exe execution (always 3 attempts every couple of minutes). Not sure but I think the trojan is in my System recovery location.
6. My comp will not shut down normally, systems twice as slow, hangs in admin tools, double boot time, and still cannot start in safe mode.
Now I'm here in need of help before I attempt to repair and kill my chances for recovery. Thank you in Advance!


DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 17:57:51.28 on Thu 05/13/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2583 [GMT -7:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

Executable.exe 4
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\SYSTEM32\astsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files\Dynex G USB Network Adapter\DynexWCUI.exe
C:\Program Files\PIXELA\ImageMixer 3 SE Ver.3\CameraMonitor.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
F:\Software\Software Storage\Sys Utilities\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://news.google.com/nwshp?hl=en&tab=wn
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [M5T8QL3YW3] c:\windows\temp\Jzc.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\shortc~1.lnk - c:\program files\symantec antivirus\VPTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dynexw~1.lnk - c:\program files\dynex g usb network adapter\DynexWCUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se ver.3\CameraMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272519596421
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/05/03 21:12:09];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-3-13 87536]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-10-7 1822648]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2010-4-28 38656]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\ct20xut.sys [2009-6-4 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\ctexfifx.sys [2009-6-4 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\cthwiut.sys [2009-6-4 72728]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-4-28 102448]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-5-12 38224]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100510.002\naveng.sys [2010-5-10 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100510.002\navex15.sys [2010-5-10 1324720]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-4-17 115944]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-5-1 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\ct20xut.sys [2009-6-4 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\ctexfifx.sys [2009-6-4 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\cthwiut.sys [2009-6-4 72728]
S3 NdisWDM;Dynex Wireless G USB Network Adapter Service;c:\windows\system32\drivers\NdisWDM.sys [2010-4-28 198144]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664]
S4 NIHardwareService;NIHardwareService;c:\program files\common files\native instruments\hardware\NIHardwareService.exe [2010-2-26 3623424]
S4 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2009-12-18 57344]

=============== Created Last 30 ================

2010-05-13 23:42:58 0 d-----w- c:\windows\pss
2010-05-13 23:35:00 27 ----a-w- C:\deletprefetch.bat
2010-05-13 23:23:41 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2010-05-13 23:23:41 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-05-13 21:06:51 0 ----a-w- c:\documents and settings\administrator\defogger_reenable
2010-05-13 17:57:29 2855 ----a-w- c:\windows\system32\edit.PIF
2010-05-13 05:16:57 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-05-13 05:16:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-13 05:16:35 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-13 05:16:34 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-13 05:16:34 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-13 03:06:54 0 d-----w- C:\spoolerlogs
2010-05-13 03:03:22 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-05-13 03:03:22 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-05-13 03:03:21 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-05-13 03:03:21 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-05-13 03:03:10 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-05-13 03:03:10 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-05-13 03:02:25 39 ----a-w- C:\config.ini
2010-05-12 09:23:39 0 d-----w- c:\docume~1\admini~1\applic~1\Proxima Software
2010-05-12 09:21:57 0 d-----w- c:\program files\FontExpert
2010-05-12 07:04:06 0 d-----w- c:\docume~1\admini~1\applic~1\NeatImage PS
2010-05-12 06:45:22 0 d-----w- c:\docume~1\admini~1\applic~1\NeatImage SL
2010-05-12 06:45:13 0 d-----w- c:\program files\Neat Image
2010-05-12 04:45:07 0 d-----w- c:\docume~1\admini~1\applic~1\Mask Pro 4.0
2010-05-12 04:29:21 0 d-----w- c:\docume~1\alluse~1\applic~1\Nik Software
2010-05-11 23:08:59 0 d-----w- c:\program files\Nik Software
2010-05-11 18:48:30 227840 ----a-w- c:\windows\system32\Deco_32.dll
2010-05-11 18:48:30 0 d-----w- c:\program files\common files\onOne Software Shared
2010-05-11 16:38:45 0 d-----r- c:\docume~1\admini~1\applic~1\Brother
2010-05-11 16:27:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Brother
2010-05-11 16:27:52 0 d-----w- c:\program files\Brownie
2010-05-11 16:27:45 0 d-----w- c:\program files\Brother
2010-05-11 16:12:15 0 d-----w- c:\program files\common files\Hewlett-Packard
2010-05-11 16:10:44 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2010-05-11 16:10:44 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2010-05-11 16:10:44 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2010-05-11 16:10:43 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2010-05-11 16:10:43 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2010-05-11 16:10:43 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2010-05-11 16:10:41 306688 ----a-w- c:\windows\IsUninst.exe
2010-05-11 16:10:09 0 d-----w- c:\program files\HP
2010-05-11 16:08:53 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2010-05-11 16:08:53 21744 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2010-05-11 16:08:53 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-05-11 16:08:04 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
2010-05-11 16:08:04 274432 ----a-w- c:\windows\system32\HPZc3212.dll
2010-05-11 16:07:32 393216 ----a-w- c:\windows\system32\hpzcon12.dll
2010-05-11 16:07:31 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
2010-05-11 16:06:27 0 d-----w- C:\temp
2010-05-11 16:04:10 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-05-11 16:04:10 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-05-11 16:03:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-05-11 16:03:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-05-11 06:15:13 0 d--h--w- c:\windows\PIF
2010-05-10 19:01:47 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{9C7F59A9-3AB2-4916-B380-B78FF1C3637D}
2010-05-10 19:01:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Native Instruments
2010-05-10 19:01:07 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{20EFD19B-675C-417B-A498-B0161D72FF88}
2010-05-10 19:01:03 0 d-----w- c:\program files\common files\Native Instruments
2010-05-10 19:00:50 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{B5F0C192-874D-49A8-88D7-8431E3714756}
2010-05-10 19:00:47 0 d-----w- c:\program files\Native Instruments
2010-05-08 16:21:04 0 d-----w- c:\program files\Winamp Detect
2010-05-06 04:27:48 87 ----a-w- c:\windows\system32\ssprs.tgz
2010-05-06 04:27:48 73 ----a-w- c:\windows\system32\ssprs.dll
2010-05-06 04:27:48 219 ----a-w- c:\windows\system32\lsprst7.tgz
2010-05-06 04:27:48 21 ----a-w- c:\windows\SurCode.INI
2010-05-06 04:27:48 205 ----a-w- c:\windows\system32\lsprst7.dll
2010-05-06 04:27:48 1025 ----a-w- c:\windows\system32\sysprs7.tgz
2010-05-06 04:27:48 1025 ----a-w- c:\windows\system32\sysprs7.dll
2010-05-06 04:27:48 1025 ----a-w- c:\windows\system32\clauth2.dll
2010-05-06 04:27:48 1025 ----a-w- c:\windows\system32\clauth1.dll
2010-05-06 04:27:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Minnetonka Audio Software
2010-05-05 07:20:04 57344 ----a-w- c:\windows\system32\ASTSRV.EXE
2010-05-05 07:20:04 0 d-----w- c:\docume~1\admini~1\applic~1\onOne Software
2010-05-05 07:20:01 0 d-----w- c:\docume~1\alluse~1\applic~1\onOne Software
2010-05-05 07:20:00 0 d-----w- c:\program files\onOne Software
2010-05-05 07:12:05 0 d-----w- c:\program files\QuickSFV
2010-05-05 06:08:33 0 d-----w- c:\program files\Rosetta Stone
2010-05-05 06:08:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Rosetta Stone
2010-05-04 05:57:41 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-05-04 04:35:18 0 d-----w- c:\program files\InterActual
2010-05-04 04:11:59 0 d-----w- c:\program files\common files\CyberLink
2010-05-04 04:10:21 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-05-03 23:35:01 0 d-----w- c:\program files\Audible
2010-05-03 07:58:53 23392 ----a-w- c:\windows\system32\nscompat.tlb
2010-05-03 07:58:53 16832 ----a-w- c:\windows\system32\amcompat.tlb
2010-05-03 07:02:54 0 d-----w- c:\program files\Windows Media Connect 2
2010-05-03 06:33:24 9856 ----a-w- c:\windows\system32\drivers\pfc.sys
2010-05-03 06:33:24 671744 ----a-w- c:\windows\system32\DolbyHph.dll
2010-05-03 05:05:17 0 d-----w- c:\program files\PIXELA
2010-05-02 01:40:02 788 ----a-w- c:\windows\system32\DVCState-{00000005-00000000-00000002-00001102-00000005-00231102}.rfx
2010-05-02 01:40:02 53992 ----a-w- c:\windows\system32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00231102}.rfx
2010-05-02 01:40:02 53992 ----a-w- c:\windows\system32\BMXState-{00000005-00000000-00000002-00001102-00000005-00231102}.rfx
2010-05-02 01:37:14 0 d-----w- c:\program files\common files\Creative Labs Shared
2010-05-01 16:33:30 0 d-----w- c:\documents and settings\administrator\ZipForm
2010-05-01 16:32:54 0 d--h--w- c:\program files\Zero G Registry
2010-05-01 16:32:54 0 d-----w- c:\program files\ZipLogix
2010-05-01 16:32:43 0 d--h--w- c:\documents and settings\administrator\InstallAnywhere
2010-05-01 15:52:36 1952 ----a-w- c:\windows\Sandboxie.ini
2010-05-01 15:51:58 0 d-----w- c:\program files\Sandboxie
2010-05-01 08:32:17 0 d-----w- c:\program files\uTorrent
2010-05-01 08:31:45 0 d-----w- c:\docume~1\admini~1\applic~1\uTorrent
2010-04-30 19:43:59 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2010-04-30 19:41:53 0 d-----w- c:\windows\Logs
2010-04-30 18:17:11 0 d-----w- c:\docume~1\alluse~1\applic~1\ALM
2010-04-30 18:02:26 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-04-30 18:02:25 46928 ----a-w- c:\windows\system32\AdobePDF.dll
2010-04-30 17:41:31 0 d-----w- c:\program files\common files\Macrovision Shared
2010-04-30 17:30:56 11392 ----a-w- c:\windows\system32\drivers\hh9help.sys
2010-04-30 17:04:54 0 d-----w- c:\windows\system32\NtmsData
2010-04-30 09:07:02 29200 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-30 08:39:12 0 d-----w- c:\docume~1\admini~1\applic~1\Windows Search
2010-04-30 07:40:50 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-04-30 07:40:49 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-04-30 07:40:49 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-04-30 07:40:48 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-04-30 07:29:41 0 d-----w- c:\docume~1\admini~1\applic~1\Blancco
2010-04-30 06:26:15 0 d-----w- c:\program files\MSXML 4.0
2010-04-30 05:32:04 0 ----a-w- c:\windows\vpc32.INI
2010-04-30 00:49:54 0 d-----w- c:\program files\common files\eSellerate
2010-04-30 00:45:18 0 d-----w- c:\program files\NewBlue
2010-04-30 00:13:07 0 d-----w- c:\program files\Sony
2010-04-30 00:11:48 0 d-----w- c:\windows\system32\LogFiles
2010-04-29 23:09:14 0 d-----w- c:\docume~1\admini~1\applic~1\Windows Desktop Search
2010-04-29 23:06:07 0 d-----w- c:\windows\system32\GroupPolicy
2010-04-29 23:06:07 0 d-----w- c:\program files\Windows Desktop Search
2010-04-29 23:04:32 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2010-04-29 23:04:32 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2010-04-29 23:04:32 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2010-04-29 22:54:36 3254 ----a-w- c:\windows\system32\wbem\Outlook_01cae7eef0cd97de.mof
2010-04-29 22:53:43 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-04-29 22:53:43 215920 ----a-w- c:\windows\system32\muweb.dll
2010-04-29 22:53:43 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-04-29 21:20:48 58 ----a-w- c:\windows\mchguid.ini
2010-04-29 21:19:10 0 d-----w- c:\program files\Microsoft WSE
2010-04-29 21:18:40 1064960 ----a-w- c:\windows\system32\cdintf300.dll
2010-04-29 21:18:40 1064960 ----a-w- c:\windows\system32\acXMLParser.dll
2010-04-29 21:18:25 0 d-----w- C:\PNTDATA
2010-04-29 21:18:08 0 d-----w- C:\PNTTEMPL
2010-04-29 21:18:04 0 d-----w- C:\WINPOINT
2010-04-29 21:17:58 571 ----a-w- c:\windows\winpoint.ini
2010-04-29 21:11:45 0 d-----w- c:\windows\system32\URTTEMP
2010-04-29 18:21:21 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{DE2577C6-E1D5-499A-9BA7-C7089B68CEA6}
2010-04-29 18:21:19 0 d-----w- c:\program files\Blancco
2010-04-29 18:17:58 0 d-----w- c:\program files\common files\Blancco
2010-04-29 17:34:55 0 d-----r- C:\Sandbox
2010-04-29 08:24:21 30568 ----a-w- c:\windows\system32\mdimon.dll
2010-04-29 08:24:15 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-04-29 08:21:05 0 d-----w- c:\windows\SHELLNEW
2010-04-29 07:42:33 0 d-sh--w- c:\documents and settings\administrator\IECompatCache
2010-04-29 07:41:25 0 d-sh--w- c:\documents and settings\administrator\PrivacIE
2010-04-29 07:40:05 0 d-sh--w- c:\documents and settings\administrator\IETldCache
2010-04-29 07:35:00 0 dc-h--w- c:\windows\ie8
2010-04-29 07:16:15 0 d-----w- c:\windows\system32\scripting
2010-04-29 07:16:15 0 d-----w- c:\windows\system32\en
2010-04-29 07:16:15 0 d-----w- c:\windows\system32\bits
2010-04-29 07:16:15 0 d-----w- c:\windows\l2schemas
2010-04-29 07:13:20 0 d-----w- c:\windows\network diagnostic
2010-04-29 07:05:41 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2010-04-29 06:28:12 0 d-----w- c:\program files\MSXML 6.0
2010-04-29 06:24:17 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-29 06:22:43 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-04-29 06:21:37 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-04-29 06:21:37 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-04-29 06:21:23 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-04-29 06:13:25 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-04-29 06:09:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-04-29 06:09:55 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-04-29 06:09:04 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2010-04-29 06:08:26 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-04-29 06:07:48 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-04-29 06:07:18 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-29 06:07:18 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-04-29 06:07:12 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-04-29 05:43:20 0 d-----w- c:\windows\system32\PreInstall
2010-04-29 05:43:18 0 d--h--w- c:\windows\$hf_mig$
2010-04-29 05:40:35 13646 ----a-w- c:\windows\system32\wpa.bak
2010-04-29 05:40:33 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2010-04-29 05:40:33 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2010-04-29 05:40:32 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2010-04-29 05:40:32 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2010-04-29 05:40:32 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-04-29 05:39:44 0 d-sh--w- c:\documents and settings\administrator\UserData
2010-04-29 05:34:16 0 d-----w- c:\program files\VSTplugins
2010-04-29 05:30:32 0 d-----w- c:\windows\system32\appmgmt
2010-04-29 05:14:19 0 d-----w- c:\windows\system32\XPSViewer
2010-04-29 05:13:42 14048 ------w- c:\windows\system32\spmsg2.dll
2010-04-29 05:12:02 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-04-29 05:02:14 129520 ------w- c:\windows\system32\pxafs.dll
2010-04-29 04:45:48 0 d-----w- c:\program files\Symantec
2010-04-29 04:45:43 0 d-----w- c:\program files\Symantec AntiVirus
2010-04-29 04:45:43 0 d-----w- c:\program files\common files\Symantec Shared
2010-04-29 04:45:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-04-29 04:39:18 0 d-----w- c:\program files\iPod
2010-04-29 04:39:16 0 d-----w- c:\program files\iTunes
2010-04-29 04:39:16 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-29 04:38:36 0 d-----w- c:\program files\Bonjour
2010-04-29 04:33:03 0 d-----w- c:\program files\ASUS
2010-04-29 04:31:09 0 d-----w- c:\program files\Creative
2010-04-29 04:30:41 0 d-----w- c:\program files\OpenAL
2010-04-29 04:25:01 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2010-04-29 04:24:57 0 d-----w- c:\program files\NVIDIA Corporation
2010-04-29 04:21:50 0 d-----w- c:\program files\Dynex G USB Network Adapter
2010-04-29 04:10:26 0 d-sh--w- c:\documents and settings\all users\DRM
2010-04-29 04:08:14 0 d-----w- c:\program files\common files\MSSoap
2010-04-29 04:05:52 0 d-----w- c:\program files\Online Services
2010-04-29 04:05:45 0 d-----w- c:\program files\MessengerOFF
2010-04-29 04:05:33 0 d-----w- c:\program files\MSN Gaming Zone
2010-04-29 04:04:33 0 d-----w- c:\program files\Windows NT
2010-04-28 20:57:59 0 d-----w- c:\program files\common files\ODBC
2010-04-28 20:57:51 0 d-----w- c:\program files\common files\SpeechEngines
2010-04-28 20:56:55 0 d-----r- c:\documents and settings\all users\Documents

==================== Find3M ====================

2010-05-11 21:23:57 3072 ----a-w- c:\windows\system32\Viveza2FC32.dll
2010-05-11 08:49:46 30456 ----a-w- c:\windows\fonts\7 hours.ttf
2010-05-02 01:36:38 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-05-02 01:36:38 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-04-29 04:45:59 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-29 04:45:59 8014 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-04-29 04:45:59 48768 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-29 04:45:59 110952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-29 04:06:11 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-04-16 15:33:36 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 15:33:36 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-08 20:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 20:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-04 02:23:18 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-04 02:23:16 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-04 02:23:16 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-04 02:23:16 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-04 02:23:16 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-04 02:22:54 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-04-03 22:55:32 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-04-03 22:55:32 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-04-03 22:55:32 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-03 22:55:32 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-03 22:55:32 227944 ----a-w- c:\windows\system32\nvcodins.dll
2010-04-03 22:55:32 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-04-03 22:55:32 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-03 22:55:32 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-04-03 22:55:32 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-04-03 22:55:32 1097728 ----a-w- c:\windows\system32\nvapi.dll
2010-04-03 22:55:32 10232128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-04-03 22:55:31 227944 ----a-w- c:\windows\system32\nvcod.dll
2010-03-20 01:05:50 4874240 ----a-w- c:\windows\system32\dllcache\wmp.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2006-06-23 21:48:54 32768 ----a-w- c:\windows\inf\UpdateUSB.exe

============= FINISH: 17:58:08.35 ===============


Attached File  Attach1.txt   28.03KB   12 downloads

Attached File  GmerLog.log   10.61KB   14 downloads

Attached Files

  • Attached File  DDS1.txt   25.21KB   9 downloads

Edited by Shownuff808, 14 May 2010 - 01:32 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:00 PM

Posted 15 May 2010 - 10:30 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Shownuff808

Shownuff808
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 15 May 2010 - 01:25 PM

Thanks Marty,

The OTLs are too long to post OTL is 400kb and Extras is 68kb. Ill break the logs into two posts.

OTL logfile created on: 5/15/2010 9:49:33 AM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 81.73 Gb Free Space | 35.10% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 65.84 Gb Free Space | 28.27% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 298.09 Gb Total Space | 258.15 Gb Free Space | 86.60% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 931.51 Gb Total Space | 652.36 Gb Free Space | 70.03% Space Free | Partition Type: NTFS
Drive N: | 1003.45 Mb Total Space | 986.16 Mb Free Space | 98.28% Space Free | Partition Type: FAT

Computer Name: AMERITRUST-808
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - File not found -- C:\System Volume Information\_restore{d5fffa500b1b}\svchost.exe
PRC - File not found -- C:\System Volume Information\_restore{d5fffa500b1b}\smss.exe
PRC - [2010/04/26 18:34:40 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/07 20:48:40 | 000,125,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/10/07 20:48:32 | 001,822,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/10/07 20:48:24 | 000,031,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2007/07/26 19:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2007/05/29 16:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2007/05/29 16:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2010/04/26 18:34:40 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/05/01 18:37:14 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/04/30 10:41:31 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/17 03:56:06 | 000,073,960 | ---- | M] (tzuk) [Auto | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/26 09:19:54 | 003,623,424 | ---- | M] (Native Instruments GmbH) [Disabled | Stopped] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2009/12/18 02:58:28 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Disabled | Stopped] -- C:\WINDOWS\system32\nlssrv32.exe -- (nlsX86cc)
SRV - [2009/07/23 14:43:08 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\ASTSRV.EXE -- (astcc)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2007/10/07 20:48:36 | 000,116,664 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/10/07 20:48:32 | 001,822,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/10/07 20:48:24 | 000,031,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/08/28 19:04:25 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/08/27 17:14:00 | 000,214,408 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/07/26 19:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2007/05/29 16:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/05/29 16:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/04/28 21:45:59 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/04/22 09:44:52 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100510.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/04/22 09:44:52 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/04/22 09:44:52 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/04/22 09:44:52 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100510.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/04/17 03:56:02 | 000,115,944 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/04/03 15:55:32 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/03/13 12:58:52 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/05/03 21:12:09] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2009/06/04 02:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/04 02:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/04 02:47:50 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/04 02:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/04 02:47:34 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/04 02:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/04 02:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/04 02:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/06/04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctexfifx.sys -- (CTEXFIFX)
DRV - [2009/06/04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/06/04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cthwiut.sys -- (CTHWIUT)
DRV - [2009/06/04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/06/04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ct20xut.sys -- (CT20XUT)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2008/04/13 11:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\changer.sys -- (Changer)
DRV - [2008/04/13 11:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2007/12/18 01:14:04 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/10/09 14:33:00 | 000,198,144 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NdisWDM.sys -- (NdisWDM)
DRV - [2007/08/27 17:13:36 | 000,189,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/08/27 17:13:32 | 000,023,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/07/26 19:25:18 | 000,400,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/03/15 14:12:02 | 000,038,656 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2004/10/11 12:28:18 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2004/08/14 02:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555



IE - HKU\S-1-5-21-1202660629-1292428093-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&tab=wn
IE - HKU\S-1-5-21-1202660629-1292428093-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1202660629-1292428093-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1202660629-1292428093-725345543-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\Run: [M5T8QL3YW3] C:\WINDOWS\TEMP\Jzc.exe File not found
O4 - HKU\S-1-5-18..\Run: [M5T8QL3YW3] C:\WINDOWS\TEMP\Jzc.exe File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Shortcut to VPTray.lnk = C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dynex Wireless Networking Utility.lnk = C:\Program Files\Dynex G USB Network Adapter\DynexWCUI.exe (Dynex)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.3.lnk = C:\Program Files\PIXELA\ImageMixer 3 SE Ver.3\CameraMonitor.exe (PIXELA CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1202660629-1292428093-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1272519596421 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/28 21:11:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/04/28 13:43:27 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/05/15 09:47:46 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/05/13 17:05:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/05/13 16:42:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/05/13 16:23:41 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2010/05/13 14:40:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\other
[2010/05/13 06:27:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/05/12 23:10:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\backups
[2010/05/12 22:16:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/05/12 22:16:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/12 22:16:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/12 22:16:34 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/12 22:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/12 21:13:50 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
[2010/05/12 20:06:54 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/05/12 20:03:22 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys
[2010/05/12 20:03:22 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010/05/12 20:03:21 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010/05/12 20:03:10 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
[2010/05/12 20:03:10 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010/05/12 20:01:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\chtcxxvxg
[2010/05/12 02:23:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Proxima Software
[2010/05/12 02:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\FontExpert
[2010/05/12 02:19:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Fonts
[2010/05/12 00:04:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\NeatImage PS
[2010/05/11 23:45:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\NeatImage SL
[2010/05/11 23:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\Neat Image
[2010/05/11 23:09:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations
[2010/05/11 21:45:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mask Pro 4.0
[2010/05/11 21:29:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nik Software
[2010/05/11 16:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\Nik Software
[2010/05/11 11:48:30 | 000,227,840 | ---- | C] (Iterated Systems, Inc.) -- C:\WINDOWS\System32\Deco_32.dll
[2010/05/11 11:48:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\onOne Software Shared
[2010/05/11 09:47:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\HP
[2010/05/11 09:38:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Application Data\Brother
[2010/05/11 09:27:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Brother
[2010/05/11 09:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\Brownie
[2010/05/11 09:27:46 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BROSNMP.DLL
[2010/05/11 09:27:46 | 000,100,920 | ---- | C] (Brother Industries Ltd) -- C:\WINDOWS\System32\BRRBTOOL.EXE
[2010/05/11 09:27:45 | 000,192,512 | ---- | C] (brother) -- C:\WINDOWS\System32\Pdrvinst.dll
[2010/05/11 09:27:45 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BRLMW03A.DLL
[2010/05/11 09:27:45 | 000,024,223 | ---- | C] (Brother Industries, Ltd) -- C:\WINDOWS\System32\brlm03a.dll
[2010/05/11 09:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2010/05/11 09:12:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/05/11 09:10:44 | 000,069,632 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
[2010/05/11 09:10:44 | 000,061,440 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZinw12.exe
[2010/05/11 09:10:44 | 000,057,344 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZisn12.dll
[2010/05/11 09:10:43 | 000,278,584 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZidr12.dll
[2010/05/11 09:10:43 | 000,204,800 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZipr12.dll
[2010/05/11 09:10:43 | 000,094,208 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZipt12.dll
[2010/05/11 09:10:41 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2010/05/11 09:10:09 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/05/11 09:09:49 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2010/05/11 09:08:04 | 000,278,528 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpgwiamd.dll
[2010/05/11 09:08:04 | 000,274,432 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPZc3212.dll
[2010/05/11 09:07:32 | 000,393,216 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpzcon12.dll
[2010/05/11 09:07:31 | 000,196,608 | ---- | C] (HP) -- C:\WINDOWS\System32\hpzcoi12.dll
[2010/05/11 09:06:27 | 000,000,000 | ---D | C] -- C:\temp
[2010/05/11 09:04:10 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2010/05/11 09:03:45 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2010/05/10 23:15:13 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/05/10 12:08:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Native Instruments
[2010/05/10 12:01:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{9C7F59A9-3AB2-4916-B380-B78FF1C3637D}
[2010/05/10 12:01:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2010/05/10 12:01:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{20EFD19B-675C-417B-A498-B0161D72FF88}
[2010/05/10 12:01:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2010/05/10 12:00:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{B5F0C192-874D-49A8-88D7-8431E3714756}
[2010/05/10 12:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments
[2010/05/08 09:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2010/05/08 09:20:50 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2010/05/08 09:20:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Winamp
[2010/05/05 21:27:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2010/05/05 00:20:04 | 000,057,344 | ---- | C] (Nalpeiron Ltd.) -- C:\WINDOWS\System32\ASTSRV.EXE
[2010/05/05 00:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\onOne Software
[2010/05/05 00:20:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\onOne Software
[2010/05/05 00:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\onOne Software
[2010/05/05 00:12:05 | 000,000,000 | ---D | C] -- C:\Program Files\QuickSFV
[2010/05/04 23:08:33 | 000,000,000 | ---D | C] -- C:\Program Files\Rosetta Stone
[2010/05/04 23:08:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/05/03 21:35:18 | 000,000,000 | ---D | C] -- C:\Program Files\InterActual
[2010/05/03 21:12:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Cyberlink
[2010/05/03 21:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\CyberLink
[2010/05/03 21:12:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CyberLink
[2010/05/03 21:12:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2010/05/03 21:11:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CyberLink
[2010/05/03 21:10:21 | 000,029,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2010/05/03 21:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2010/05/03 16:35:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Audible
[2010/05/03 16:35:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Audible
[2010/05/03 16:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\Audible
[2010/05/03 00:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/05/03 00:03:13 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/05/03 00:02:54 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/05/02 23:55:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/05/02 23:33:24 | 000,671,744 | ---- | C] (Lake Technology Limited, http://www.lake.com.au) -- C:\WINDOWS\System32\DolbyHph.dll
[2010/05/02 23:33:24 | 000,009,856 | ---- | C] (Padus, Inc.) -- C:\WINDOWS\System32\drivers\pfc.sys
[2010/05/02 22:05:17 | 000,000,000 | ---D | C] -- C:\Program Files\PIXELA
[2010/05/01 18:37:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative Labs Shared
[2010/05/01 09:33:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\ZipForm
[2010/05/01 09:32:54 | 000,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry
[2010/05/01 09:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\ZipLogix
[2010/05/01 09:32:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\InstallAnywhere
[2010/05/01 08:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2010/05/01 01:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/05/01 01:31:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/04/30 23:45:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Adobe
[2010/04/30 23:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Merit Startup
[2010/04/30 23:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\unsorted misc
[2010/04/30 23:21:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Iphone
[2010/04/30 23:17:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\personal tax
[2010/04/30 23:17:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\loss mitigation
[2010/04/30 23:17:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\court
[2010/04/30 23:16:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Marketing Web
[2010/04/30 23:16:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Forms
[2010/04/30 23:15:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Job
[2010/04/30 23:04:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/04/30 21:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/04/30 12:44:19 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2010/04/30 12:44:18 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2010/04/30 12:44:18 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2010/04/30 12:44:17 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2010/04/30 12:44:17 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2010/04/30 12:44:16 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2010/04/30 12:44:16 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2010/04/30 12:44:15 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2010/04/30 12:44:15 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2010/04/30 12:44:14 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2010/04/30 12:44:14 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2010/04/30 12:44:14 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2010/04/30 12:44:13 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2010/04/30 12:44:13 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2010/04/30 12:44:12 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2010/04/30 12:44:12 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2010/04/30 12:44:11 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2010/04/30 12:44:11 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2010/04/30 12:44:11 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2010/04/30 12:44:10 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2010/04/30 12:44:10 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2010/04/30 12:44:09 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2010/04/30 12:44:09 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2010/04/30 12:44:09 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2010/04/30 12:44:08 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2010/04/30 12:44:08 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2010/04/30 12:44:08 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2010/04/30 12:44:07 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2010/04/30 12:44:07 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2010/04/30 12:44:06 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2010/04/30 12:44:06 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2010/04/30 12:44:05 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2010/04/30 12:44:05 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2010/04/30 12:44:05 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2010/04/30 12:44:04 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2010/04/30 12:44:03 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2010/04/30 12:44:03 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2010/04/30 12:44:02 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2010/04/30 12:44:02 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2010/04/30 12:44:02 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2010/04/30 12:44:01 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2010/04/30 12:44:00 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2010/04/30 12:44:00 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2010/04/30 12:43:59 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2010/04/30 12:43:59 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2010/04/30 12:43:58 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2010/04/30 12:43:58 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2010/04/30 12:43:58 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2010/04/30 12:43:57 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2010/04/30 12:43:57 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2010/04/30 12:43:56 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2010/04/30 12:43:56 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2010/04/30 12:43:56 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2010/04/30 12:43:56 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2010/04/30 12:43:54 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2010/04/30 12:43:52 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2010/04/30 12:43:52 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2010/04/30 12:43:49 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2010/04/30 12:43:49 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2010/04/30 12:43:48 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2010/04/30 12:43:48 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2010/04/30 12:43:47 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2010/04/30 12:43:47 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2010/04/30 12:43:47 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2010/04/30 12:43:47 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2010/04/30 12:43:46 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2010/04/30 12:43:46 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2010/04/30 12:43:46 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2010/04/30 12:43:45 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2010/04/30 12:43:38 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2010/04/30 12:43:37 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2010/04/30 12:43:37 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2010/04/30 12:43:37 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2010/04/30 12:43:36 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2010/04/30 12:43:36 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2010/04/30 12:43:35 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2010/04/30 12:43:35 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2010/04/30 12:43:35 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2010/04/30 12:43:33 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2010/04/30 12:41:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/04/30 11:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/04/30 11:17:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ALM
[2010/04/30 11:02:26 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\WINDOWS\System32\AdobePDFUI.dll
[2010/04/30 11:02:25 | 000,046,928 | ---- | C] (Adobe Systems Inc) -- C:\WINDOWS\System32\AdobePDF.dll
[2010/04/30 10:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/04/30 10:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/04/30 10:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/04/30 10:30:56 | 000,011,392 | ---- | C] (H+H Software GmbH) -- C:\WINDOWS\System32\drivers\hh9help.sys
[2010/04/30 10:30:47 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Documents\Virtual CDs
[2010/04/30 10:04:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/04/30 01:39:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2010/04/30 00:40:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2010/04/30 00:40:49 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2010/04/30 00:40:48 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2010/04/30 00:29:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Blancco
[2010/04/29 23:45:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/04/29 23:45:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/04/29 23:45:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/04/29 23:45:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/04/29 23:45:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/04/29 23:45:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/04/29 23:45:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/04/29 23:45:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/04/29 23:45:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/04/29 23:45:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/04/29 23:45:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/04/29 23:45:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/04/29 23:45:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/04/29 23:45:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/04/29 23:45:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/04/29 23:45:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/04/29 23:45:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/04/29 23:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/04/29 22:38:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\New Venture
[2010/04/29 22:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Royal Financial Holdings, Inc
[2010/04/29 22:38:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Person
[2010/04/29 17:49:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\eSellerate
[2010/04/29 17:45:18 | 000,000,000 | ---D | C] -- C:\Program Files\NewBlue
[2010/04/29 17:13:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/04/29 17:13:07 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2010/04/29 17:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/04/29 17:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/04/29 16:09:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities
[2010/04/29 16:09:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2010/04/29 16:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2010/04/29 16:06:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/04/29 16:04:32 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2010/04/29 16:04:32 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2010/04/29 16:04:32 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2010/04/29 15:53:43 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/04/29 15:53:43 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/04/29 14:19:13 | 000,135,680 | ---- | C] (Fannie Mae) -- C:\WINDOWS\System32\escli32.dll
[2010/04/29 14:19:13 | 000,091,136 | ---- | C] (Sax Software Corp.) -- C:\WINDOWS\System32\saxcom32.dll
[2010/04/29 14:19:13 | 000,045,568 | ---- | C] (Sax Software) -- C:\WINDOWS\System32\saxxfr32.dll
[2010/04/29 14:19:12 | 001,175,552 | ---- | C] (Tidestone Technologies, Inc.) -- C:\WINDOWS\System32\TTF16.ocx
[2010/04/29 14:19:12 | 000,458,752 | ---- | C] (Office OCX - Office Viewer ActiveX Control) -- C:\WINDOWS\System32\OA_FullVersion.ocx
[2010/04/29 14:19:12 | 000,448,192 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System32\Tab32x30.ocx
[2010/04/29 14:19:12 | 000,172,032 | ---- | C] (Software Artisans, Inc. (http://www.softartisans.com)) -- C:\WINDOWS\System32\SAXFile.dll
[2010/04/29 14:19:12 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMAPI32.OCX
[2010/04/29 14:19:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2010/04/29 14:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2010/04/29 14:18:40 | 001,064,960 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf300.dll
[2010/04/29 14:18:40 | 001,064,960 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\acXMLParser.dll
[2010/04/29 14:18:25 | 000,000,000 | ---D | C] -- C:\PNTDATA
[2010/04/29 14:18:08 | 000,000,000 | ---D | C] -- C:\PNTTEMPL
[2010/04/29 14:18:04 | 000,000,000 | ---D | C] -- C:\WINPOINT
[2010/04/29 14:11:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2010/04/29 13:42:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/04/29 11:21:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{DE2577C6-E1D5-499A-9BA7-C7089B68CEA6}
[2010/04/29 11:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\Blancco
[2010/04/29 11:19:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PackageAware
[2010/04/29 11:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blancco
[2010/04/29 10:34:55 | 000,000,000 | R--D | C] -- C:\Sandbox
[2010/04/29 01:32:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/04/29 01:24:21 | 000,030,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdimon.dll
[2010/04/29 01:24:15 | 000,032,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2010/04/29 01:24:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/04/29 01:23:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/04/29 01:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/04/29 01:21:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/04/29 01:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2010/04/29 01:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/04/29 01:20:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/04/29 01:20:10 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/04/29 00:42:33 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2010/04/29 00:41:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010/04/29 00:40:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/04/29 00:36:10 | 011,070,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/04/29 00:36:10 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/04/29 00:36:10 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/04/29 00:36:10 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/04/29 00:36:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/04/29 00:35:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/04/29 00:35:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/04/29 00:26:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/04/29 00:16:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/04/29 00:16:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/04/29 00:16:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/04/29 00:16:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/04/29 00:13:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/04/29 00:10:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/04/29 00:06:29 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2010/04/29 00:06:29 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2010/04/29 00:06:29 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2010/04/29 00:06:29 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2010/04/29 00:06:29 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2010/04/29 00:06:29 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2010/04/29 00:06:27 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2010/04/29 00:06:27 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2010/04/29 00:06:27 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2010/04/29 00:06:27 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2010/04/29 00:06:27 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2010/04/29 00:06:27 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2010/04/29 00:06:27 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2010/04/29 00:06:26 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2010/04/29 00:06:26 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2010/04/29 00:06:26 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2010/04/29 00:05:41 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2010/04/29 00:05:41 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2010/04/29 00:05:41 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2010/04/29 00:05:41 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2010/04/29 00:05:41 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2010/04/29 00:05:41 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2010/04/29 00:05:41 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2010/04/29 00:05:41 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2010/04/29 00:05:41 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2010/04/29 00:05:41 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2010/04/29 00:05:41 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2010/04/29 00:05:41 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2010/04/29 00:05:41 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2010/04/29 00:05:41 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2010/04/29 00:05:41 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2010/04/29 00:05:41 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2010/04/29 00:05:41 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2010/04/29 00:05:41 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2010/04/29 00:05:41 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2010/04/29 00:05:41 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2010/04/29 00:05:41 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2010/04/29 00:05:41 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2010/04/28 23:39:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2010/04/28 23:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
[2010/04/28 23:35:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2010/04/28 23:35:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment
[2010/04/28 23:30:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/04/28 23:28:12 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/04/28 23:24:17 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/04/28 23:22:43 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/04/28 23:21:37 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/04/28 23:21:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/04/28 23:21:23 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/04/28 23:10:30 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2010/04/28 23:10:29 | 002,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/04/28 23:10:29 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/04/28 23:10:28 | 002,024,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/04/28 23:09:55 | 000,689,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll
[2010/04/28 23:08:26 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2010/04/28 23:07:48 | 000,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2010/04/28 23:07:18 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/04/28 23:07:12 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2010/04/28 22:43:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/04/28 22:43:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/04/28 22:43:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/04/28 22:40:33 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2010/04/28 22:40:33 | 000,021,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2010/04/28 22:40:33 | 000,017,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui
[2010/04/28 22:40:32 | 000,015,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui
[2010/04/28 22:40:32 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2010/04/28 22:40:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/04/28 22:39:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\UserData
[2010/04/28 22:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\VSTplugins
[2010/04/28 22:34:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Publish Providers
[2010/04/28 22:34:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/28 22:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sony
[2010/04/28 22:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sony
[2010/04/28 22:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2010/04/28 22:30:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/28 22:30:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/04/28 22:16:12 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/04/28 22:14:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/04/28 22:14:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010/04/28 22:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/04/28 22:13:42 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2010/04/28 22:12:34 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/04/28 22:12:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/04/28 22:12:02 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2010/04/28 22:04:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sony Setup
[2010/04/28 22:02:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2010/04/28 22:02:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2010/04/28 22:02:14 | 001,858,032 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2010/04/28 22:02:14 | 000,670,192 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2010/04/28 22:02:14 | 000,551,408 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2010/04/28 22:02:14 | 000,436,720 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2010/04/28 22:02:14 | 000,219,632 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2010/04/28 22:02:14 | 000,129,520 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2010/04/28 22:02:14 | 000,096,752 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2010/04/28 22:02:14 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2010/04/28 22:02:03 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/04/28 22:02:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/04/28 21:46:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Symantec
[2010/04/28 21:45:56 | 000,110,952 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/04/28 21:45:56 | 000,048,768 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/04/28 21:45:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010/04/28 21:45:50 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\capicom.dll
[2010/04/28 21:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/04/28 21:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/04/28 21:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec AntiVirus
[2010/04/28 21:45:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/04/28 21:39:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2010/04/28 21:39:39 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/04/28 21:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/28 21:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/28 21:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/28 21:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/28 21:38:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/04/28 21:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple
[2010/04/28 21:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/04/28 21:38:46 | 003,003,680 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2010/04/28 21:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/28 21:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/04/28 21:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/04/28 21:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[2010/04/28 21:33:03 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS
[2010/04/28 21:31:20 | 000,102,400 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\cttele32.dll
[2010/04/28 21:31:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Creative
[2010/04/28 21:31:15 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys
[2010/04/28 21:31:10 | 000,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys
[2010/04/28 21:31:09 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2010/04/28 21:31:06 | 000,056,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys
[2010/04/28 21:31:02 | 000,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys
[2010/04/28 21:30:59 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmkaud.sys
[2010/04/28 21:30:57 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mskssrv.sys
[2010/04/28 21:30:56 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspqm.sys
[2010/04/28 21:30:54 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspclock.sys
[2010/04/28 21:30:41 | 000,444,952 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010/04/28 21:30:41 | 000,109,080 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2010/04/28 21:30:41 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2010/04/28 21:30:31 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2010/04/28 21:30:31 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys
[2010/04/28 21:30:31 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2010/04/28 21:30:31 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2010/04/28 21:30:31 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2010/04/28 21:30:31 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2010/04/28 21:30:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2010/04/28 21:30:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll
[2010/04/28 21:30:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Data
[2010/04/28 21:30:18 | 022,691,984 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\AppSetup.exe
[2010/04/28 21:29:05 | 000,038,656 | R--- | C] (Attansic Technology corporation.) -- C:\WINDOWS\System32\drivers\atl01_xp.sys
[2010/04/28 21:29:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Attansic
[2010/04/28 21:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/04/28 21:27:17 | 000,142,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\system32\DRIVERS\usbport.sys
[2010/04/28 21:27:17 | 000,095,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\system32\DRIVERS\atapi.sys
[2010/04/28 21:27:17 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\system32\usbui.dll
[2010/04/28 21:27:17 | 000,068,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\system32\DRIVERS\pci.sys
[2010/04/28 21:27:17 | 000,057,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\system32\DRIVERS\usbhub.sys
[2010/04/28 21:27:17 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\system32\DRIVERS\pciidex.sys
[2010/04/28 21:27:17 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\system32\DRIVERS\usbuhci.sys
[2010/04/28 21:27:17 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\system32\DRIVERS\pciide.sys
[2010/04/28 21:27:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\system32
[2010/04/28 21:27:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\INF
[2010/04/28 21:27:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\system32\DRIVERS
[2010/04/28 21:26:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/04/28 21:26:12 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/04/28 21:26:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/04/28 21:26:04 | 000,000,000 | ---D | C] -- C:\Intel
[2010/04/28 21:25:13 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010/04/28 21:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2010/04/28 21:24:57 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/04/28 21:22:45 | 014,757,888 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2010/04/28 21:22:45 | 010,232,128 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2010/04/28 21:22:45 | 010,232,128 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
[2010/04/28 21:22:45 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010/04/28 21:22:44 | 002,646,632 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2010/04/28 21:22:44 | 002,030,184 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2010/04/28 21:22:43 | 011,647,592 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2010/04/28 21:22:43 | 006,432,128 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2010/04/28 21:22:43 | 006,432,128 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_disp.dll
[2010/04/28 21:22:43 | 004,075,520 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2010/04/28 21:22:43 | 001,097,728 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2010/04/28 21:22:43 | 000,227,944 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcodins.dll
[2010/04/28 21:22:43 | 000,227,944 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcod.dll
[2010/04/28 21:22:36 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/04/28 21:21:56 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVCP71.DLL
[2010/04/28 21:21:56 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVCR71.DLL
[2010/04/28 21:21:56 | 000,198,144 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\NdisWDM.sys
[2010/04/28 21:21:55 | 001,089,536 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libeay32.dll
[2010/04/28 21:21:55 | 000,044,032 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\wltrynt.dll
[2010/04/28 21:21:55 | 000,033,664 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\drivers\bcmwlnpf.sys
[2010/04/28 21:21:55 | 000,017,992 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\bcm42rly.sys
[2010/04/28 21:21:54 | 000,184,320 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\bcmwlu00.exe
[2010/04/28 21:21:54 | 000,081,920 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\bcmwliss.dll
[2010/04/28 21:21:54 | 000,069,632 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\bcmwlpkt.dll
[2010/04/28 21:21:52 | 002,129,920 | ---- | C] (BCGSoft Ltd) -- C:\WINDOWS\System32\WLBCGCBPRO731.DLL
[2010/04/28 21:21:52 | 000,700,416 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\BCMLogon.dll
[2010/04/28 21:21:50 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/04/28 21:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\Dynex G USB Network Adapter
[2010/04/28 21:21:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2010/04/28 21:21:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2010/04/28 21:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/04/28 21:16:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2010/04/28 21:16:49 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/04/28 21:16:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2010/04/28 21:16:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2010/04/28 21:16:38 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2010/04/28 21:16:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2010/04/28 21:16:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2010/04/28 21:16:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2010/04/28 21:16:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2010/04/28 21:16:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2010/04/28 21:16:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2010/04/28 21:16:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2010/04/28 21:16:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2010/04/28 21:16:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2010/04/28 21:16:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2010/04/28 21:16:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2010/04/28 21:16:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2010/04/28 21:16:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/04/28 21:16:32 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/04/28 21:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/04/28 21:16:31 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/04/28 21:15:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/04/28 21:15:44 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/04/28 21:13:07 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2010/04/28 21:13:07 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2010/04/28 21:13:06 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2010/04/28 21:13:06 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2010/04/28 21:13:06 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2010/04/28 21:13:06 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2010/04/28 21:13:05 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2010/04/28 21:13:05 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2010/04/28 21:13:05 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2010/04/28 21:13:04 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2010/04/28 21:13:04 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2010/04/28 21:13:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2010/04/28 21:13:04 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2010/04/28 21:13:03 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2010/04/28 21:13:03 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2010/04/28 21:13:02 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2010/04/28 21:13:02 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2010/04/28 21:13:01 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2010/04/28 21:13:00 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2010/04/28 21:13:00 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2010/04/28 21:13:00 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2010/04/28 21:13:00 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2010/04/28 21:12:59 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2010/04/28 21:12:59 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2010/04/28 21:12:59 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2010/04/28 21:12:59 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2010/04/28 21:12:58 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2010/04/28 21:12:57 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2010/04/28 21:12:56 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2010/04/28 21:12:54 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2010/04/28 21:12:54 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2010/04/28 21:12:52 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2010/04/28 21:12:51 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2010/04/28 21:12:51 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2010/04/28 21:12:51 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2010/04/28 21:12:51 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2010/04/28 21:12:51 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2010/04/28 21:12:51 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2010/04/28 21:12:51 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2010/04/28 21:12:51 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2010/04/28 21:12:51 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2010/04/28 21:12:51 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2010/04/28 21:12:51 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2010/04/28 21:12:51 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2010/04/28 21:12:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2010/04/28 21:12:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2010/04/28 21:12:50 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2010/04/28 21:12:50 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2010/04/28 21:12:50 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2010/04/28 21:12:48 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2010/04/28 21:12:48 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2010/04/28 21:12:47 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/04/28 21:12:47 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/04/28 21:12:46 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2010/04/28 21:12:45 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2010/04/28 21:12:45 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2010/04/28 21:12:45 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2010/04/28 21:12:44 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2010/04/28 21:12:43 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2010/04/28 21:12:42 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2010/04/28 21:12:42 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2010/04/28 21:12:42 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2010/04/28 21:12:41 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2010/04/28 21:12:41 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2010/04/28 21:12:40 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2010/04/28 21:12:40 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2010/04/28 21:12:40 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2010/04/28 21:12:39 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2010/04/28 21:12:39 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2010/04/28 21:12:38 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2010/04/28 21:12:38 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2010/04/28 21:12:38 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2010/04/28 21:12:38 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2010/04/28 21:12:37 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2010/04/28 21:12:36 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2010/04/28 21:12:35 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2010/04/28 21:12:30 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2010/04/28 21:12:29 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2010/04/28 21:12:27 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2010/04/28 21:12:27 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2010/04/28 21:12:27 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2010/04/28 21:12:26 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2010/04/28 21:12:26 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2010/04/28 21:12:24 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2010/04/28 21:12:24 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2010/04/28 21:12:24 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2010/04/28 21:12:24 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2010/04/28 21:12:24 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2010/04/28 21:12:23 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2010/04/28 21:12:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2010/04/28 21:12:23 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2010/04/28 21:12:23 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2010/04/28 21:12:23 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2010/04/28 21:12:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2010/04/28 21:12:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2010/04/28 21:12:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2010/04/28 21:12:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2010/04/28 21:12:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2010/04/28 21:12:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2010/04/28 21:12:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2010/04/28 21:12:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2010/04/28 21:12:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2010/04/28 21:12:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2010/04/28 21:12:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2010/04/28 21:12:22 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2010/04/28 21:12:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2010/04/28 21:12:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2010/04/28 21:12:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2010/04/28 21:12:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2010/04/28 21:12:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2010/04/28 21:12:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2010/04/28 21:12:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2010/04/28 21:12:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2010/04/28 21:12:22 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2010/04/28 21:12:22 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2010/04/28 21:12:22 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2010/04/28 21:12:21 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2010/04/28 21:12:21 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2010/04/28 21:12:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2010/04/28 21:12:20 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2010/04/28 21:12:20 | 000,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2010/04/28 21:12:19 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2010/04/28 21:12:19 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2010/04/28 21:12:19 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2010/04/28 21:12:19 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2010/04/28 21:12:19 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2010/04/28 21:12:19 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2010/04/28 21:12:19 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2010/04/28 21:12:18 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2010/04/28 21:12:18 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2010/04/28 21:12:18 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2010/04/28 21:12:18 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2010/04/28 21:12:18 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2010/04/28 21:12:18 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2010/04/28 21:12:17 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2010/04/28 21:12:17 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2010/04/28 21:12:17 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2010/04/28 21:12:17 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2010/04/28 21:12:17 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2010/04/28 21:12:17 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2010/04/28 21:12:17 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2010/04/28 21:12:17 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2010/04/28 21:12:16 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2010/04/28 21:12:16 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2010/04/28 21:12:16 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2010/04/28 21:12:16 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2010/04/28 21:12:10 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2010/04/28 21:11:59 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2010/04/28 21:11:57 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2010/04/28 21:11:55 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2010/04/28 21:11:55 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2010/04/28 21:11:55 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2010/04/28 21:11:54 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2010/04/28 21:11:54 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2010/04/28 21:11:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2010/04/28 21:11:53 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2010/04/28 21:11:53 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2010/04/28 21:11:52 | 000,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
[2010/04/28 21:11:52 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010/04/28 21:11:52 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010/04/28 21:11:52 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010/04/28 21:11:52 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2010/04/28 21:11:50 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2010/04/28 21:11:49 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2010/04/28 21:11:48 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2010/04/28 21:11:47 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2010/04/28 21:11:47 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2010/04/28 21:11:47 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2010/04/28 21:11:46 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2010/04/28 21:11:46 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2010/04/28 21:11:46 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2010/04/28 21:11:45 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2010/04/28 21:11:45 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2010/04/28 21:11:45 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2010/04/28 21:11:44 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2010/04/28 21:11:44 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2010/04/28 21:11:44 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2010/04/28 21:11:44 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2010/04/28 21:11:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2010/04/28 21:11:44 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2010/04/28 21:11:42 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/04/28 21:11:42 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2010/04/28 21:11:42 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2010/04/28 21:11:38 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2010/04/28 21:11:37 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2010/04/28 21:11:37 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2010/04/28 21:11:37 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2010/04/28 21:11:36 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2010/04/28 21:11:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2010/04/28 21:11:34 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2010/04/28 21:11:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2010/04/28 21:11:33 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2010/04/28 21:11:28 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2010/04/28 21:11:28 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2010/04/28 21:11:27 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2010/04/28 21:11:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2010/04/28 21:11:27 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2010/04/28 21:11:27 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2010/04/28 21:11:25 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2010/04/28 21:11:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/04/28 21:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/04/28 21:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/04/28 21:10:55 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2010/04/28 21:10:26 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/04/28 21:10:20 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/04/28 21:10:20 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/04/28 21:09:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010/04/28 21:08:44 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notiflag.exe
[2010/04/28 21:08:44 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atrace.dll
[2010/04/28 21:08:44 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2010/04/28 21:08:43 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brpinfo.dll
[2010/04/28 21:08:42 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe
[2010/04/28 21:08:42 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hcappres.dll
[2010/04/28 21:08:23 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe
[2010/04/28 21:08:22 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wb32.exe
[2010/04/28 21:08:22 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2010/04/28 21:08:22 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmevtmsg.dll
[2010/04/28 21:08:22 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cb32.exe
[2010/04/28 21:08:21 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acctres.dll
[2010/04/28 21:08:21 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2010/04/28 21:08:21 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe
[2010/04/28 21:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/04/28 21:08:16 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2010/04/28 21:08:16 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icfgnt5.dll
[2010/04/28 21:08:16 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/04/28 21:08:15 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoap1.dll
[2010/04/28 21:08:15 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2010/04/28 21:08:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2010/04/28 21:08:15 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll
[2010/04/28 21:08:15 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wisc10.dll
[2010/04/28 21:08:15 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoapr.dll
[2010/04/28 21:08:15 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2010/04/28 21:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/04/28 21:08:13 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieinfo5.ocx
[2010/04/28 21:08:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/04/28 21:08:03 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpband.dll
[2010/04/28 21:08:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/04/28 21:08:02 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe
[2010/04/28 21:08:01 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpvis.dll
[2010/04/28 21:08:00 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2010/04/28 21:07:59 | 000,786,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migrate.exe
[2010/04/28 21:07:59 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll
[2010/04/28 21:07:58 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2010/04/28 21:07:57 | 000,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2010/04/28 21:07:57 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2010/04/28 21:07:57 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2010/04/28 21:07:56 | 000,004,639 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2010/04/28 21:07:54 | 000,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2010/04/28 21:07:54 | 000,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2010/04/28 21:07:54 | 000,209,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2010/04/28 21:07:54 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2010/04/28 21:07:53 | 001,929,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2010/04/28 21:07:52 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2010/04/28 21:07:52 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2010/04/28 21:07:52 | 000,217,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2010/04/28 21:07:52 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2010/04/28 21:07:52 | 000,053,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2010/04/28 21:07:52 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2010/04/28 21:07:52 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2010/04/28 21:07:51 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2010/04/28 21:07:51 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2010/04/28 21:07:50 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2010/04/28 21:07:37 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/04/28 21:07:37 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010/04/28 21:07:25 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2010/04/28 21:07:25 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2010/04/28 21:07:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2010/04/28 21:07:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2010/04/28 21:07:13 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltmc.exe
[2010/04/28 21:07:11 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2010/04/28 21:07:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/04/28 21:07:08 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2010/04/28 21:07:08 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2010/04/28 21:07:08 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2010/04/28 21:07:07 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2010/04/28 21:07:07 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2010/04/28 21:06:57 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2010/04/28 21:06:57 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2010/04/28 21:06:57 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010/04/28 21:06:54 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2010/04/28 21:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010/04/28 21:06:46 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2010/04/28 21:06:44 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2010/04/28 21:06:44 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2010/04/28 21:06:44 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2010/04/28 21:06:44 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2010/04/28 21:06:30 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2010/04/28 21:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/04/28 21:06:26 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/04/28 21:06:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/04/28 21:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/04/28 21:05:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/04/28 21:05:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/04/28 21:05:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010/04/28 21:05:52 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/04/28 21:05:45 | 000,000,000 | ---D | C] -- C:\Program Files\MessengerOFF
[2010/04/28 21:05:44 | 000,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2010/04/28 21:05:43 | 001,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2010/04/28 21:05:43 | 000,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2010/04/28 21:05:42 | 000,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2010/04/28 21:05:42 | 000,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2010/04/28 21:05:42 | 000,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2010/04/28 21:05:41 | 000,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2010/04/28 21:05:41 | 000,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2010/04/28 21:05:41 | 000,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2010/04/28 21:05:40 | 002,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2010/04/28 21:05:40 | 000,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2010/04/28 21:05:40 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2010/04/28 21:05:39 | 001,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2010/04/28 21:05:39 | 000,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2010/04/28 21:05:39 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2010/04/28 21:05:39 | 000,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2010/04/28 21:05:38 | 000,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2010/04/28 21:05:37 | 000,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2010/04/28 21:05:37 | 000,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2010/04/28 21:05:34 | 001,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2010/04/28 21:05:34 | 000,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2010/04/28 21:05:34 | 000,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2010/04/28 21:05:34 | 000,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2010/04/28 21:05:34 | 000,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2010/04/28 21:05:33 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2010/04/28 21:05:33 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2010/04/28 21:05:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2010/04/28 21:05:20 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2010/04/28 21:05:20 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2010/04/28 21:05:20 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2010/04/28 21:05:20 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2010/04/28 21:05:20 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2010/04/28 21:05:20 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2010/04/28 21:05:20 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2010/04/28 21:05:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2010/04/28 21:05:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2010/04/28 21:05:20 | 000,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll
[2010/04/28 21:05:19 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2010/04/28 21:05:19 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2010/04/28 21:05:09 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2010/04/28 21:05:09 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2010/04/28 21:05:09 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2010/04/28 21:05:09 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2010/04/28 21:05:09 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2010/04/28 21:05:09 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2010/04/28 21:05:08 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2010/04/28 21:05:08 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2010/04/28 21:05:08 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2010/04/28 21:05:08 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2010/04/28 21:05:08 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2010/04/28 21:05:08 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2010/04/28 21:05:07 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2010/04/28 21:05:07 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2010/04/28 21:05:07 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2010/04/28 21:05:07 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe
[2010/04/28 21:05:07 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2010/04/28 21:05:07 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe
[2010/04/28 21:05:07 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2010/04/28 21:05:07 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe
[2010/04/28 21:05:07 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2010/04/28 21:05:07 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe
[2010/04/28 21:05:07 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2010/04/28 21:05:07 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe
[2010/04/28 21:05:05 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2010/04/28 21:05:05 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe
[2010/04/28 21:05:05 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2010/04/28 21:05:05 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qwinsta.exe
[2010/04/28 21:05:05 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2010/04/28 21:05:05 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qappsrv.exe
[2010/04/28 21:05:05 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2010/04/28 21:05:05 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe
[2010/04/28 21:05:05 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2010/04/28 21:05:05 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe
[2010/04/28 21:05:05 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2010/04/28 21:05:05 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcfgex.dll
[2010/04/28 21:05:04 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2010/04/28 21:05:04 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msg.exe
[2010/04/28 21:05:04 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtsadmin.tlb
[2010/04/28 21:05:04 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdmodem.dll
[2010/04/28 21:05:04 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2010/04/28 21:05:04 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2010/04/28 21:05:04 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe
[2010/04/28 21:05:03 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2010/04/28 21:05:03 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2010/04/28 21:05:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2010/04/28 21:05:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2010/04/28 21:05:02 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2010/04/28 21:05:02 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2010/04/28 21:05:02 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2010/04/28 21:05:02 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmi2xml.dll
[2010/04/28 21:05:02 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2010/04/28 21:04:58 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\updprov.dll
[2010/04/28 21:04:58 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipicmp.dll
[2010/04/28 21:04:58 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmimsg.dll
[2010/04/28 21:04:58 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.tlb
[2010/04/28 21:04:58 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmitimep.dll
[2010/04/28 21:04:58 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.tlb
[2010/04/28 21:04:58 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unsecapp.exe
[2010/04/28 21:04:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmtr.dll
[2010/04/28 21:04:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmt.exe
[2010/04/28 21:04:58 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.dll
[2010/04/28 21:04:57 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmplprov.dll
[2010/04/28 21:04:57 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trnsprov.dll
[2010/04/28 21:04:56 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll
[2010/04/28 21:04:56 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fwdprov.dll
[2010/04/28 21:04:56 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpcons.dll
[2010/04/28 21:04:55 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprov.dll
[2010/04/28 21:04:37 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010/04/28 21:04:35 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2010/04/28 21:04:35 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2010/04/28 21:04:34 | 000,347,136 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2010/04/28 21:04:34 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2010/04/28 21:04:34 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2010/04/28 21:04:34 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2010/04/28 21:04:33 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2010/04/28 21:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2010/04/28 21:04:32 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2010/04/28 21:04:31 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2010/04/28 21:04:27 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2010/04/28 21:04:27 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2010/04/28 21:04:27 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdtcp.sys
[2010/04/28 21:04:27 | 000,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdpipe.sys
[2010/04/28 21:04:26 | 002,066,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2010/04/28 21:04:26 | 000,407,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstsc.exe
[2010/04/28 21:04:25 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2010/04/28 21:04:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2010/04/28 21:04:25 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2010/04/28 21:04:25 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscupgrd.exe
[2010/04/28 21:04:25 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2010/04/28 21:04:24 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2010/04/28 21:04:24 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2010/04/28 21:04:24 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2010/04/28 21:04:24 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2010/04/28 21:04:24 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2010/04/28 21:04:23 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2010/04/28 21:04:23 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2010/04/28 21:04:23 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2010/04/28 21:04:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010/04/28 21:04:22 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2010/04/28 21:04:21 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2010/04/28 21:04:21 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2010/04/28 21:04:21 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2010/04/28 21:04:20 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2010/04/28 21:04:20 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2010/04/28 21:04:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010/04/28 21:04:19 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2010/04/28 21:04:19 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2010/04/28 21:04:19 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2010/04/28 21:04:18 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2010/04/28 21:04:18 | 000,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2010/04/28 21:04:05 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2010/04/28 21:04:03 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2010/04/28 21:04:03 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2010/04/28 21:04:03 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2010/04/28 21:03:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/04/28 13:59:33 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\enum1394.sys
[2010/04/28 13:58:42 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2010/04/28 13:57:59 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/04/28 13:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/04/28 13:57:58 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll
[2010/04/28 13:57:58 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll
[2010/04/28 13:57:55 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spttseng.dll
[2010/04/28 13:57:51 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2010/04/28 13:57:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010/04/28 13:57:49 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/04/28 13:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010/04/28 13:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2010/04/28 13:57:44 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2010/04/28 13:57:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdazel.dll
[2010/04/28 13:57:43 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2010/04/28 13:57:43 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2010/04/28 13:57:43 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuq.dll
[2010/04/28 13:57:43 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuf.dll
[2010/04/28 13:57:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2010/04/28 13:57:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2010/04/28 13:57:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2010/04/28 13:57:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2010/04/28 13:57:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtat.dll
[2010/04/28 13:57:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmon.dll
[2010/04/28 13:57:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkyr.dll
[2010/04/28 13:57:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdaze.dll
[2010/04/28 13:57:37 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2010/04/28 13:57:37 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2010/04/28 13:57:37 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2010/04/28 13:57:37 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2010/04/28 13:57:37 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2010/04/28 13:57:37 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2010/04/28 13:57:37 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2010/04/28 13:57:37 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2010/04/28 13:57:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycc.dll
[2010/04/28 13:57:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbduzb.dll
[2010/04/28 13:57:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdur.dll
[2010/04/28 13:57:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru1.dll
[2010/04/28 13:57:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru.dll
[2010/04/28 13:57:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkaz.dll
[2010/04/28 13:57:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbu.dll
[2010/04/28 13:57:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdblr.dll
[2010/04/28 13:57:31 | 000,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2010/04/28 13:57:31 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhept.dll
[2010/04/28 13:57:31 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2010/04/28 13:57:31 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela3.dll
[2010/04/28 13:57:31 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2010/04/28 13:57:31 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2010/04/28 13:57:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela2.dll
[2010/04/28 13:57:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgkl.dll
[2010/04/28 13:57:31 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2010/04/28 13:57:31 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2010/04/28 13:57:31 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2010/04/28 13:57:31 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe319.dll
[2010/04/28 13:57:31 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe220.dll
[2010/04/28 13:57:31 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe.dll
[2010/04/28 13:57:26 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2010/04/28 13:57:26 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2010/04/28 13:57:26 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2010/04/28 13:57:26 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv1.dll
[2010/04/28 13:57:26 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv.dll
[2010/04/28 13:57:26 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdest.dll
[2010/04/28 13:57:26 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2010/04/28 13:57:26 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2010/04/28 13:57:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt1.dll
[2010/04/28 13:57:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt.dll
[2010/04/28 13:57:19 | 000,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2010/04/28 13:57:19 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz.dll
[2010/04/28 13:57:19 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2010/04/28 13:57:19 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2010/04/28 13:57:19 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2010/04/28 13:57:19 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2010/04/28 13:57:19 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2010/04/28 13:57:19 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2010/04/28 13:57:19 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2010/04/28 13:57:19 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2010/04/28 13:57:19 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2010/04/28 13:57:19 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycl.dll
[2010/04/28 13:57:19 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl1.dll
[2010/04/28 13:57:19 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl.dll
[2010/04/28 13:57:19 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl.dll
[2010/04/28 13:57:19 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu.dll
[2010/04/28 13:57:19 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz2.dll
[2010/04/28 13:57:19 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz1.dll
[2010/04/28 13:57:19 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcr.dll
[2010/04/28 13:57:19 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdal.dll
[2010/04/28 13:57:19 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2010/04/28 13:57:19 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2010/04/28 13:57:19 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2010/04/28 13:57:19 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdro.dll
[2010/04/28 13:57:19 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl1.dll
[2010/04/28 13:57:19 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu1.dll
[2010/04/28 13:57:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010/04/28 13:57:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2010/04/28 13:57:14 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\dgrpsetu.dll
[2010/04/28 13:57:14 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll
[2010/04/28 13:57:14 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgsetup.dll
[2010/04/28 13:57:14 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll
[2010/04/28 13:57:13 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll
[2010/04/28 13:57:13 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnclass.dll
[2010/04/28 13:57:13 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010/04/28 13:57:13 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2010/04/28 13:57:12 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2010/04/28 13:57:12 | 000,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2010/04/28 13:57:12 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2010/04/28 13:57:11 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2010/04/28 13:57:11 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2010/04/28 13:57:11 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2010/04/28 13:57:11 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2010/04/28 13:57:11 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2010/04/28 13:57:10 | 000,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2010/04/28 13:57:10 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2010/04/28 13:57:10 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2010/04/28 13:57:08 | 000,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2010/04/28 13:57:08 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2010/04/28 13:57:08 | 000,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2010/04/28 13:57:08 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2010/04/28 13:57:08 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2010/04/28 13:57:08 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2010/04/28 13:57:08 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2010/04/28 13:57:07 | 000,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2010/04/28 13:57:07 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2010/04/28 13:57:07 | 000,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2010/04/28 13:57:06 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2010/04/28 13:57:06 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskman.exe
[2010/04/28 13:57:04 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irenum.sys
[2010/04/28 13:57:03 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\winspool.drv
[2010/04/28 13:57:03 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2010/04/28 13:57:02 | 000,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL
[2010/04/28 13:57:01 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2010/04/28 13:56:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/04/28 13:56:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/04/28 13:56:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2010/04/28 13:56:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2010/04/28 13:56:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2010/04/28 13:54:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/04/28 13:54:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010/04/28 13:54:50 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/04/28 13:54:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/04/28 13:54:07 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/04/28 13:54:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010/04/28 13:40:43 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010/04/28 13:40:43 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/04/28 13:40:43 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010/04/28 13:40:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010/04/28 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2009/06/04 00:57:38 | 000,060,928 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

#4 Shownuff808

Shownuff808
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 15 May 2010 - 01:28 PM

CONTINUED PART 2 OF LOG POST

========== Files - Modified Within 30 Days ==========

[2010/05/15 09:40:06 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1292428093-725345543-500UA.job
[2010/05/14 23:40:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1292428093-725345543-500Core.job
[2010/05/14 20:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/05/14 20:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/05/14 20:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/05/14 11:41:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/13 22:21:40 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/05/13 22:21:32 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/13 22:19:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/13 22:14:43 | 007,602,176 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/05/13 16:20:27 | 000,053,992 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00231102}.rfx
[2010/05/13 16:20:27 | 000,053,992 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000002-00001102-00000005-00231102}.rfx
[2010/05/13 16:20:27 | 000,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000002-00001102-00000005-00231102}.rfx
[2010/05/13 16:20:15 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/05/13 14:09:30 | 000,000,575 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Sys Utilities.lnk
[2010/05/13 14:06:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/05/13 12:16:40 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Shortcut to VPTray.lnk
[2010/05/13 11:52:24 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to VPTray.lnk
[2010/05/13 11:04:00 | 000,000,617 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/13 10:57:29 | 000,002,855 | ---- | M] () -- C:\WINDOWS\System32\edit.PIF
[2010/05/12 22:16:39 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/12 21:53:07 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/12 21:33:31 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/12 20:02:31 | 000,000,039 | ---- | M] () -- C:\config.ini
[2010/05/12 08:05:04 | 000,522,848 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/12 07:48:51 | 000,001,952 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2010/05/12 07:29:17 | 004,301,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/11 16:14:04 | 000,000,465 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/05/11 14:23:57 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\Viveza2FC32.dll
[2010/05/11 09:27:58 | 000,000,026 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2010/05/11 09:27:57 | 000,000,034 | ---- | M] () -- C:\WINDOWS\System32\bd4040cn.dat
[2010/05/11 09:27:55 | 000,020,605 | ---- | M] () -- C:\WINDOWS\HL-4040CN.INI
[2010/05/11 09:27:55 | 000,000,147 | ---- | M] () -- C:\WINDOWS\BRVIDEO.INI
[2010/05/11 09:27:55 | 000,000,023 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2010/05/11 09:27:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\brmx2001.ini
[2010/05/10 12:01:43 | 000,000,757 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Traktor.lnk
[2010/05/09 22:36:20 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Rosetta Stone Version 3.lnk
[2010/05/08 15:41:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/08 09:21:04 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2010/05/06 13:21:14 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2010/05/06 13:21:14 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2010/05/06 13:21:14 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2010/05/06 13:21:14 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll
[2010/05/06 13:21:14 | 000,000,021 | ---- | M] () -- C:\WINDOWS\SurCode.INI
[2010/05/05 21:27:48 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.tgz
[2010/05/05 21:27:48 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/05/05 21:27:48 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth2.dll
[2010/05/05 21:27:48 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth1.dll
[2010/05/04 12:54:31 | 000,000,347 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\My Documents.lnk
[2010/05/04 09:27:07 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 9 Pro.lnk
[2010/05/03 22:57:41 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/05/03 21:09:44 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2010/05/03 16:35:02 | 000,001,762 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
[2010/05/03 00:58:53 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/05/03 00:58:53 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/05/03 00:03:14 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/02 22:05:17 | 000,000,625 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.3.lnk
[2010/05/01 18:36:38 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010/05/01 18:36:38 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2010/05/01 08:51:58 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Sandboxed Web Browser.lnk
[2010/05/01 01:41:12 | 000,029,200 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/30 10:14:47 | 000,054,928 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000001-00001102-00000005-00231102}.rfx
[2010/04/29 23:28:12 | 000,543,350 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/29 23:28:12 | 000,464,962 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/29 23:28:12 | 000,079,104 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/29 22:32:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\vpc32.INI
[2010/04/29 17:13:26 | 000,001,645 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vegas Pro 9.0.lnk
[2010/04/29 17:12:18 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/04/29 17:11:51 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/04/29 16:06:17 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/04/29 14:22:46 | 000,000,571 | ---- | M] () -- C:\WINDOWS\winpoint.ini
[2010/04/29 14:20:48 | 000,000,058 | ---- | M] () -- C:\WINDOWS\mchguid.ini
[2010/04/29 14:20:48 | 000,000,058 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mchguid.ini
[2010/04/29 14:19:11 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/04/29 11:21:19 | 000,000,893 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Blancco - File Shredder.lnk
[2010/04/29 00:48:51 | 005,881,314 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/04/29 00:13:08 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/04/28 22:40:34 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/04/28 22:02:14 | 000,001,834 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Lightroom 2.7.lnk
[2010/04/28 21:45:59 | 000,110,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/04/28 21:45:59 | 000,048,768 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/04/28 21:45:59 | 000,008,014 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/04/28 21:45:59 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/04/28 21:27:10 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\INF\oem7.PNF
[2010/04/28 21:27:10 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\INF\oem7.inf
[2010/04/28 21:27:09 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\INF\oem6.PNF
[2010/04/28 21:27:09 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\INF\oem6.inf
[2010/04/28 21:27:01 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\INF\oem5.PNF
[2010/04/28 21:27:01 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\INF\oem5.inf
[2010/04/28 21:26:15 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\INF\oem4.PNF
[2010/04/28 21:26:15 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\INF\oem4.inf
[2010/04/28 21:25:08 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\INF\oem3.PNF
[2010/04/28 21:25:08 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\INF\oem3.inf
[2010/04/28 21:24:55 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\INF\oem2.PNF
[2010/04/28 21:24:55 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\INF\oem2.inf
[2010/04/28 21:21:58 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\INF\oem1.PNF
[2010/04/28 21:21:58 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\INF\oem1.inf
[2010/04/28 21:21:50 | 000,001,565 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dynex Wireless Networking Utility.lnk
[2010/04/28 21:21:25 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\INF\oem0.PNF
[2010/04/28 21:21:25 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\INF\oem0.inf
[2010/04/28 21:15:47 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/04/28 21:13:17 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/04/28 21:11:05 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/28 21:11:05 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/04/28 21:11:05 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/28 21:11:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2010/04/28 21:11:05 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/04/28 21:11:05 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/04/28 21:10:55 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/04/28 21:10:19 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/04/28 21:10:19 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/04/28 21:10:16 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/04/28 21:10:16 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/04/28 21:10:16 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/04/28 21:10:16 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/04/28 21:10:16 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/04/28 21:10:16 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/04/28 21:06:11 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/04/28 21:06:02 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/04/28 21:06:02 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2010/04/28 21:03:11 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/04/26 18:34:40 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/04/16 08:33:36 | 003,003,680 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/13 14:09:32 | 000,000,575 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Sys Utilities.lnk
[2010/05/13 14:06:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/05/13 12:16:40 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Shortcut to VPTray.lnk
[2010/05/13 11:52:24 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to VPTray.lnk
[2010/05/13 10:57:29 | 000,002,855 | ---- | C] () -- C:\WINDOWS\System32\edit.PIF
[2010/05/12 22:16:39 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/12 20:02:25 | 000,000,039 | ---- | C] () -- C:\config.ini
[2010/05/12 07:39:27 | 002,889,720 | ---- | C] () -- C:\Documents and Settings\Administrator\ProductContext7400.log
[2010/05/12 02:21:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/05/12 02:16:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/05/12 02:16:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/05/11 16:29:42 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Sandboxed Web Browser.lnk
[2010/05/11 09:27:58 | 000,000,465 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/05/11 09:27:58 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010/05/11 09:27:57 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\bd4040cn.dat
[2010/05/11 09:27:55 | 000,000,147 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2010/05/11 09:27:55 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2010/05/11 09:27:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2010/05/11 09:27:52 | 000,020,605 | ---- | C] () -- C:\WINDOWS\HL-4040CN.INI
[2010/05/11 09:27:46 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2010/05/11 09:27:45 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2010/05/11 09:27:45 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BAOCH06A.DAT
[2010/05/11 09:08:54 | 000,006,705 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/05/10 12:01:43 | 000,000,757 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Traktor.lnk
[2010/05/08 09:21:04 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2010/05/05 21:27:48 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.tgz
[2010/05/05 21:27:48 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/05/05 21:27:48 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2010/05/05 21:27:48 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2010/05/05 21:27:48 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.tgz
[2010/05/05 21:27:48 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2010/05/05 21:27:48 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\ssprs.tgz
[2010/05/05 21:27:48 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2010/05/05 21:27:48 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI
[2010/05/04 23:08:44 | 000,002,477 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Rosetta Stone Version 3.lnk
[2010/05/04 12:54:31 | 000,000,347 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\My Documents.lnk
[2010/05/03 22:57:41 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/05/03 16:35:02 | 000,001,762 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
[2010/05/03 00:58:53 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/05/03 00:58:53 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/05/02 22:05:17 | 000,000,625 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.3.lnk
[2010/05/01 18:40:02 | 000,053,992 | ---- | C] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00231102}.rfx
[2010/05/01 18:40:02 | 000,053,992 | ---- | C] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000002-00001102-00000005-00231102}.rfx
[2010/05/01 18:40:02 | 000,000,788 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000002-00001102-00000005-00231102}.rfx
[2010/05/01 08:52:36 | 000,001,952 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/04/30 11:01:55 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 9 Pro.lnk
[2010/04/30 02:07:02 | 000,029,200 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/29 22:32:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010/04/29 17:13:26 | 000,001,645 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vegas Pro 9.0.lnk
[2010/04/29 17:11:51 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/04/29 16:06:17 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/04/29 15:32:19 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/29 14:20:48 | 000,000,058 | ---- | C] () -- C:\WINDOWS\mchguid.ini
[2010/04/29 14:20:48 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mchguid.ini
[2010/04/29 14:19:13 | 000,011,691 | ---- | C] () -- C:\WINDOWS\System32\MODEM.LST
[2010/04/29 14:19:13 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\ini.bat
[2010/04/29 14:19:12 | 000,010,875 | ---- | C] () -- C:\WINDOWS\ESOA.INI
[2010/04/29 14:19:12 | 000,003,679 | ---- | C] () -- C:\WINDOWS\GrAddrBk.ini
[2010/04/29 14:19:12 | 000,000,995 | ---- | C] () -- C:\WINDOWS\GRACE.INI
[2010/04/29 14:19:12 | 000,000,053 | ---- | C] () -- C:\WINDOWS\PRSRVDLL.INI
[2010/04/29 14:19:11 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/04/29 14:17:58 | 000,000,571 | ---- | C] () -- C:\WINDOWS\winpoint.ini
[2010/04/29 11:21:19 | 000,000,893 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Blancco - File Shredder.lnk
[2010/04/29 00:06:30 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010/04/29 00:06:30 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010/04/29 00:06:30 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010/04/29 00:06:30 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010/04/29 00:06:30 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010/04/29 00:06:30 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010/04/29 00:06:30 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010/04/29 00:06:30 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010/04/29 00:06:30 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010/04/29 00:06:30 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010/04/29 00:06:30 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2010/04/29 00:06:30 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2010/04/29 00:06:30 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010/04/29 00:06:30 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010/04/29 00:06:30 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010/04/29 00:06:30 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010/04/29 00:06:30 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010/04/29 00:06:30 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010/04/29 00:06:30 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010/04/29 00:06:30 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010/04/29 00:06:30 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010/04/29 00:06:30 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010/04/29 00:06:30 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010/04/29 00:06:30 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010/04/29 00:06:30 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010/04/29 00:06:30 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010/04/29 00:06:30 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010/04/29 00:06:29 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010/04/29 00:06:29 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010/04/29 00:06:29 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010/04/29 00:06:28 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010/04/29 00:06:28 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010/04/29 00:06:28 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010/04/29 00:06:28 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010/04/29 00:06:28 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010/04/29 00:06:28 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010/04/29 00:06:28 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010/04/29 00:06:28 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010/04/29 00:06:28 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010/04/29 00:06:28 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010/04/29 00:06:27 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010/04/29 00:06:27 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010/04/29 00:06:27 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010/04/29 00:06:27 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010/04/29 00:06:27 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010/04/29 00:06:27 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010/04/29 00:06:27 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010/04/29 00:06:26 | 000,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
[2010/04/29 00:06:26 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/04/29 00:06:26 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010/04/29 00:06:26 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010/04/29 00:06:26 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010/04/29 00:06:26 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
[2010/04/29 00:06:25 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010/04/29 00:06:24 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010/04/29 00:06:22 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010/04/29 00:06:22 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/04/29 00:06:22 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010/04/29 00:06:22 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010/04/29 00:06:22 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010/04/29 00:06:22 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010/04/29 00:06:22 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010/04/29 00:06:22 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010/04/29 00:06:22 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010/04/29 00:06:22 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010/04/29 00:06:22 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010/04/29 00:05:41 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/04/28 23:35:53 | 000,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1292428093-725345543-500UA.job
[2010/04/28 23:35:52 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1292428093-725345543-500Core.job
[2010/04/28 22:40:35 | 000,013,646 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2010/04/28 22:02:14 | 000,001,834 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Lightroom 2.7.lnk
[2010/04/28 21:45:56 | 000,008,014 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/04/28 21:45:56 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/04/28 21:41:35 | 000,054,928 | ---- | C] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000001-00001102-00000005-00231102}.rfx
[2010/04/28 21:38:50 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/28 21:33:29 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2010/04/28 21:33:29 | 000,012,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2010/04/28 21:33:27 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2010/04/28 21:33:27 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2010/04/28 21:31:25 | 000,007,062 | ---- | C] () -- C:\WINDOWS\System32\audiopid.vxd
[2010/04/28 21:27:17 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\INF\oem7.PNF
[2010/04/28 21:27:17 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\INF\oem7.inf
[2010/04/28 21:27:17 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\INF\oem6.PNF
[2010/04/28 21:27:17 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\INF\oem6.inf
[2010/04/28 21:27:17 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\INF\oem5.PNF
[2010/04/28 21:27:17 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\INF\oem5.inf
[2010/04/28 21:27:17 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\INF\oem4.PNF
[2010/04/28 21:27:17 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\INF\oem4.inf
[2010/04/28 21:27:17 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\INF\oem3.PNF
[2010/04/28 21:27:17 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\INF\oem3.inf
[2010/04/28 21:27:17 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\INF\oem2.PNF
[2010/04/28 21:27:17 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\INF\oem2.inf
[2010/04/28 21:27:17 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\INF\oem1.PNF
[2010/04/28 21:27:17 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\INF\oem1.inf
[2010/04/28 21:27:17 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\INF\oem0.PNF
[2010/04/28 21:27:17 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\INF\oem0.inf
[2010/04/28 21:22:45 | 000,009,046 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/04/28 21:22:43 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/04/28 21:21:55 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/04/28 21:21:55 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\wltrysvc.exe
[2010/04/28 21:21:53 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/04/28 21:21:50 | 000,001,565 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dynex Wireless Networking Utility.lnk
[2010/04/28 21:21:24 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/04/28 21:16:40 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/04/28 21:16:39 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2010/04/28 21:16:38 | 007,602,176 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/04/28 21:15:47 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/04/28 21:13:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/04/28 21:13:10 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/04/28 21:12:43 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/04/28 21:12:42 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/04/28 21:12:40 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/04/28 21:12:25 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/04/28 21:12:24 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/04/28 21:12:19 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/04/28 21:12:19 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/04/28 21:12:17 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/04/28 21:12:04 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/04/28 21:11:57 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/04/28 21:11:45 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/04/28 21:11:42 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/04/28 21:11:42 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/04/28 21:11:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/04/28 21:11:41 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/04/28 21:11:41 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/04/28 21:11:41 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/04/28 21:11:41 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/04/28 21:11:41 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/04/28 21:11:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/04/28 21:11:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/04/28 21:11:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/04/28 21:11:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/04/28 21:11:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/04/28 21:11:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/04/28 21:11:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/04/28 21:11:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/04/28 21:11:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/04/28 21:11:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/04/28 21:11:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/04/28 21:11:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/04/28 21:11:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/04/28 21:11:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/04/28 21:11:40 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/04/28 21:11:40 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/04/28 21:11:40 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/04/28 21:11:40 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/04/28 21:11:40 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/04/28 21:11:40 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/04/28 21:11:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/04/28 21:11:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/04/28 21:11:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/04/28 21:11:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/04/28 21:11:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/04/28 21:11:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/04/28 21:11:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/04/28 21:11:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/04/28 21:11:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/04/28 21:11:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/04/28 21:11:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/04/28 21:11:39 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/04/28 21:11:39 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/04/28 21:11:39 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/04/28 21:11:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/04/28 21:11:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/04/28 21:11:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/04/28 21:11:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/04/28 21:11:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/04/28 21:11:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/04/28 21:11:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/04/28 21:11:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/04/28 21:11:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/04/28 21:11:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/04/28 21:11:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/04/28 21:11:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/04/28 21:11:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/04/28 21:11:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/04/28 21:11:38 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/04/28 21:11:38 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/04/28 21:11:38 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/04/28 21:11:38 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/04/28 21:11:05 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/28 21:11:05 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/04/28 21:11:05 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/04/28 21:11:05 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010/04/28 21:11:05 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010/04/28 21:11:02 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/04/28 21:10:19 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/04/28 21:10:19 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/04/28 21:10:16 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/04/28 21:10:16 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/04/28 21:10:16 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/04/28 21:10:16 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/04/28 21:10:16 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/04/28 21:10:16 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/04/28 21:09:57 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2010/04/28 21:08:35 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010/04/28 21:08:35 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010/04/28 21:08:23 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2010/04/28 21:06:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/04/28 21:05:13 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/04/28 21:05:13 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/04/28 21:05:13 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/04/28 21:05:13 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/04/28 21:05:12 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/04/28 21:05:11 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/04/28 21:05:11 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/04/28 21:05:11 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/04/28 21:05:11 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/04/28 21:05:11 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/04/28 21:05:11 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/04/28 21:05:10 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2010/04/28 21:05:10 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2010/04/28 21:05:10 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2010/04/28 21:05:10 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2010/04/28 21:05:10 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2010/04/28 21:05:09 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2010/04/28 21:05:09 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2010/04/28 21:05:09 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2010/04/28 21:05:07 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010/04/28 21:05:07 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010/04/28 21:05:04 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010/04/28 21:04:55 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2010/04/28 13:58:02 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/04/28 13:57:55 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2010/04/28 13:57:55 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2010/04/28 13:57:53 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2010/04/28 13:57:52 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2010/04/28 13:57:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
[2010/04/28 13:57:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2010/04/28 13:57:43 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls
[2010/04/28 13:57:43 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2010/04/28 13:57:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
[2010/04/28 13:57:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2010/04/28 13:57:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls
[2010/04/28 13:57:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2010/04/28 13:57:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
[2010/04/28 13:57:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2010/04/28 13:57:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls
[2010/04/28 13:57:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2010/04/28 13:57:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls
[2010/04/28 13:57:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2010/04/28 13:57:30 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls
[2010/04/28 13:57:30 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2010/04/28 13:57:30 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls
[2010/04/28 13:57:30 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2010/04/28 13:57:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls
[2010/04/28 13:57:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2010/04/28 13:57:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
[2010/04/28 13:57:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2010/04/28 13:57:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls
[2010/04/28 13:57:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2010/04/28 13:57:25 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls
[2010/04/28 13:57:25 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2010/04/28 13:57:25 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls
[2010/04/28 13:57:25 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2010/04/28 13:57:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
[2010/04/28 13:57:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2010/04/28 13:57:18 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls
[2010/04/28 13:57:18 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2010/04/28 13:57:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls
[2010/04/28 13:57:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2010/04/28 13:57:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls
[2010/04/28 13:57:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2010/04/28 13:57:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls
[2010/04/28 13:57:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2010/04/28 13:57:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
[2010/04/28 13:57:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2010/04/28 13:57:04 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/04/28 13:55:16 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/04/28 13:55:16 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/04/28 13:55:16 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/04/28 13:55:16 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/04/28 13:55:16 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/04/28 13:55:15 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/04/28 13:55:15 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/04/28 13:55:15 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/04/28 13:54:06 | 004,301,776 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/28 13:51:32 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2010/04/28 13:51:30 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/12/18 02:58:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\Viveza2FC32.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/04 01:37:08 | 000,021,093 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009/06/04 01:37:06 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/06/04 00:55:20 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2009/06/04 00:55:20 | 000,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2009/05/27 09:49:00 | 000,000,285 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2008/05/29 10:47:32 | 002,023,424 | ---- | C] () -- C:\WINDOWS\System32\QtCore4.dll
[2008/04/23 23:49:52 | 007,315,456 | ---- | C] () -- C:\WINDOWS\System32\QtGui4.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/08/04 05:00:00 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\isaxbox.sys

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/04/29 00:10:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/04/29 00:10:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/04/29 00:10:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/04/29 00:10:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\system32\DRIVERS\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 17:11:51 | 000,033,280 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\cryptdll.dll
[2008/04/13 17:11:55 | 000,094,720 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iphlpapi.dll
[2008/04/13 11:30:46 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvcrt40.dll
[2008/04/13 17:12:03 | 000,237,056 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasapi32.dll
[2008/04/13 17:12:03 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasman.dll
[2008/04/13 17:12:04 | 000,044,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rtutils.dll
[2008/04/13 17:12:05 | 000,007,168 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sensapi.dll
[2008/04/13 17:12:07 | 000,713,216 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sxs.dll
[2008/04/13 17:12:07 | 000,181,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\tapi32.dll
[2008/04/13 10:39:24 | 002,897,920 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\xpsp2res.dll
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/04/28 13:51:32 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/04/28 13:51:32 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/04/28 13:51:32 | 000,962,560 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 06:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/04/03 15:55:32 | 010,232,128 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys
[2010/04/28 21:45:59 | 000,110,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
[2010/04/16 08:33:36 | 000,041,472 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
< End of report >

OTL Extras logfile created on: 5/15/2010 9:49:33 AM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 81.73 Gb Free Space | 35.10% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 65.84 Gb Free Space | 28.27% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 298.09 Gb Total Space | 258.15 Gb Free Space | 86.60% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 931.51 Gb Total Space | 652.36 Gb Free Space | 70.03% Space Free | Partition Type: NTFS
Drive N: | 1003.45 Mb Total Space | 986.16 Mb Free Space | 98.28% Space Free | Partition Type: FAT

Computer Name: AMERITRUST-808
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Multidmedia Limited )

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"D:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe" = D:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()
"D:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe" = D:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Disabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Disabled:Rosetta Stone Version 3 Application -- (Multidmedia Limited )


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}" = NVIDIA DVD Decoder
"{07CEBBBD-E6EF-4265-BC65-777BD5C1FCD7}" = Point
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2085C617-589C-40F8-BE40-EDBC9E2CA2EB}" = Symantec AntiVirus
"{213D87A3-BE42-42CE-9B2C-7BF7A85710DD}" = Imagesynth 2
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2DFAC810-6DD8-4E23-96A4-BEB118408203}" = Mask Pro 4.1
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{32C7FDDF-8D18-4B29-B81A-CDA512093274}" = Intellihance Pro 4.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3A95D49D-0076-4DB7-A91E-0E685DC6D6AD}" = ImageMixer 3 SE Ver.3
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{49058C21-E4F6-4A99-B715-D62715E0A2A2}" = Vegas Pro 9.0
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{498D5FDC-5B04-4A0B-99BD-444129C9406B}" = Blancco - File Shredder
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4FB120F8-622C-4260-AB49-0F43A59CCF2A}" = iTunes
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{531D27E5-DE21-4777-9EDB-B7803087E7F3}" = Dynex Wireless G USB Network Adapter Setup
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6DA6F4E4-5A4E-4336-8F9E-708792242565}" = Brother HL-4040CN
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7C723788-585C-4537-92AC-CF616209197C}" = PhotoTune 2
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9EB46587-4354-411C-BBAC-A9BBB2131F3D}" = FocalPoint 1.0.2
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_932" = Adobe Acrobat 9.3.2 - CPSID_53951
"{B01DD5B7-9862-43D7-BCA3-7882A17E4328}" = PhotoTools 2.0.1 Professional Edition
"{B0513493-04B9-4F21-B4AB-83E750D54256}" = Adobe Photoshop Lightroom 2.7
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E871B6E5-6B93-4A69-AF76-1F8270AAA2F7}" = PhotoFrame Pro 3.0 Demo
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F05E2B98-DA04-4FFA-8D08-DA218E6A2B47}" = Point
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F751F153-0D23-4ED5-85D5-BAE46893D1F9}" = Point
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCADA4FF-142C-42A8-B73C-0A54A7F83345}" = Genuine Fractals 6.0 Professional Edition
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"AtcL1" = Attansic L1 Gigabit Ethernet Driver
"AudibleDownloadManager" = Audible Download Manager
"AudioCS" = Creative Audio Control Panel
"Blancco - File Shredder" = Blancco - File Shredder
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Console Launcher" = Creative Console Launcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"FontExpert 2009" = FontExpert 2009
"HijackThis" = HijackThis 1.99.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{213D87A3-BE42-42CE-9B2C-7BF7A85710DD}" = Imagesynth 2
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor" = Native Instruments Traktor
"Neat Image_is1" = Neat Image v6.0 Pro+
"NewBlue 3D Explosions for Windows" = NewBlue 3D Explosions for Windows
"NewBlue 3D Transformations for Windows" = NewBlue 3D Transformations for Windows
"NewBlue Art Blends for Windows" = NewBlue Art Blends for Windows
"NewBlue Art Effects for Windows" = NewBlue Art Effects for Windows
"NewBlue Film Effects for Windows" = NewBlue Film Effects for Windows
"NewBlue Motion Blends for Windows" = NewBlue Motion Blends for Windows
"NewBlue Motion Effects for Windows" = NewBlue Motion Effects for Windows
"NewBlue Video Essentials for Windows" = NewBlue Video Essentials for Windows
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"OUTLOOKR" = Microsoft Office Outlook 2007
"QuickSFV" = QuickSFV (Remove only)
"Sandboxie" = Sandboxie 3.442
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.17
"Viveza 2" = Viveza 2
"WaveStudio 7" = Creative WaveStudio 7
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XiphQT" = Xiph QuickTime Components
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"zipForm6" = zipForm6

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1202660629-1292428093-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/13/2010 5:11:03 AM | Computer Name = AMERITRUST-808 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Trojan.FakeAV!gen29 in File: F:\System Volume
Information\_restore{33433D77-F8EE-4738-8526-92372FB94049}\RP61\A0014464.exe by:
Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error - 5/13/2010 5:11:03 AM | Computer Name = AMERITRUST-808 | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Trojan.FakeAV!gen29 in File: F:\System Volume Information\_restore{33433D77-F8EE-4738-8526-92372FB94049}\RP61\A0014464.exe
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error - 5/13/2010 5:11:04 AM | Computer Name = AMERITRUST-808 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Trojan.FakeAV!gen29 in File: F:\System Volume
Information\_restore{33433D77-F8EE-4738-8526-92372FB94049}\RP61\A0014464.exe by:
Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error - 5/13/2010 5:40:05 AM | Computer Name = AMERITRUST-808 | Source = Google Update | ID = 20
Description =

Error - 5/13/2010 6:40:05 AM | Computer Name = AMERITRUST-808 | Source = Google Update | ID = 20
Description =

Error - 5/13/2010 7:40:05 AM | Computer Name = AMERITRUST-808 | Source = Google Update | ID = 20
Description =

Error - 5/13/2010 8:40:06 AM | Computer Name = AMERITRUST-808 | Source = Google Update | ID = 20
Description =

Error - 5/13/2010 6:57:50 PM | Computer Name = AMERITRUST-808 | Source = Application Hang | ID = 1002
Description = Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/13/2010 7:40:05 PM | Computer Name = AMERITRUST-808 | Source = Google Update | ID = 20
Description =

Error - 5/15/2010 12:40:05 PM | Computer Name = AMERITRUST-808 | Source = Google Update | ID = 20
Description =

[ Application Events ]
Error - 5/13/2010 5:11:03 AM | Computer Name = AMERITRUST-808 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Trojan.FakeAV!gen29 in File: F:\System Volume
Information\_restore{33433D77-F8EE-4738-8526-92372FB94049}\RP61\A0014464.exe by:
Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error - 5/13/2010 5:11:03 AM | Computer Name = AMERITRUST-808 | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Trojan.FakeAV!gen29 in File: F:\System Volume Information\_restore{33433D77-F8EE-4738-8526-92372FB94049}\RP61\A0014464.exe
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error - 5/13/2010 5:11:04 AM | Computer Name = AMERITRUST-808 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Trojan.FakeAV!gen29 in File: F:\System Volume
Information\_restore{33433D77-F8EE-4738-8526-92372FB94049}\RP61\A0014464.exe by:
Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error - 5/13/2010 5:40:05 AM | Computer Name = AMERITRUST-808 | Source = Google Update | ID = 20
Description =

Error - 5/13/2010 6:40:05 AM | Computer Name = AMERITRUST-808 | Source = Google Update | ID = 20
Description =

Error - 5/13/2010 7:40:05 AM | Computer Name = AMERITRUST-808 | Source = Google Update | ID = 20
Description =

Error - 5/13/2010 8:40:06 AM | Computer Name = AMERITRUST-808 | Source = Google Update | ID = 20
Description =

Error - 5/13/2010 6:57:50 PM | Computer Name = AMERITRUST-808 | Source = Application Hang | ID = 1002
Description = Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/13/2010 7:40:05 PM | Computer Name = AMERITRUST-808 | Source = Google Update | ID = 20
Description =

Error - 5/15/2010 12:40:05 PM | Computer Name = AMERITRUST-808 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 5/10/2010 1:29:40 AM | Computer Name = AMERITRUST-808 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 5/10/2010 3:04:18 PM | Computer Name = AMERITRUST-808 | Source = Service Control Manager | ID = 7034
Description = The NIHardwareService service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/11/2010 7:58:52 AM | Computer Name = AMERITRUST-808 | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.0.3 for the Network Card with network address
001CDF5278AF has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a
DHCPNACK message).

Error - 5/11/2010 11:48:30 AM | Computer Name = AMERITRUST-808 | Source = Service Control Manager | ID = 7034
Description = The Virtual CD v9 Management Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/11/2010 11:48:35 AM | Computer Name = AMERITRUST-808 | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 5/11/2010 11:48:46 AM | Computer Name = AMERITRUST-808 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 5/11/2010 11:48:50 AM | Computer Name = AMERITRUST-808 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 5/11/2010 11:49:05 AM | Computer Name = AMERITRUST-808 | Source = Service Control Manager | ID = 7034
Description = The NIHardwareService service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/11/2010 11:49:10 AM | Computer Name = AMERITRUST-808 | Source = Service Control Manager | ID = 7034
Description = The Sandboxie Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/11/2010 11:49:19 AM | Computer Name = AMERITRUST-808 | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.


< End of report >


#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:00 PM

Posted 15 May 2010 - 06:51 PM

Hi,

please try running a scan with ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 Shownuff808

Shownuff808
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 16 May 2010 - 11:55 PM

Hey Marti,

I was having an issue accessing the site from several PC's for a while. I've run combofix and the log is listed below. I have not reboot the affected PC awaiting your instructions. I did notice that I stilll have the svhost.exe and the smss.exe (duplicate service) running from my c:\system volume information\_restor{d5fffa500b1b} should I be concerned about these. Also I've disconnected the net and I noticed in the task manager that something keeps initializing iexplore.exe 3 times every couple of min.


ComboFix 10-05-16.01 - Administrator 05/16/2010 19:19:05.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2628 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Local Settings\Application Data\chtcxxvxg
c:\documents and settings\Administrator\Local Settings\Application Data\chtcxxvxg\upuoydetssd.exe
c:\windows\system32\lsprst7.dll
c:\windows\system32\ssprs.dll

.
((((((((((((((((((((((((( Files Created from 2010-04-17 to 2010-05-17 )))))))))))))))))))))))))))))))
.

2010-05-13 23:23 . 2008-04-13 18:40 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2010-05-13 23:23 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-05-13 17:57 . 2010-05-13 17:57 2855 ----a-w- c:\windows\system32\edit.PIF
2010-05-13 05:16 . 2010-05-13 05:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-13 05:16 . 2010-03-30 07:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-13 05:16 . 2010-05-13 05:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-13 05:16 . 2010-05-13 05:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-13 05:16 . 2010-03-30 07:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-13 03:32 . 2010-05-13 03:32 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-05-13 03:15 . 2010-05-13 03:15 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-05-13 03:15 . 2010-05-13 03:15 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2010-05-13 03:09 . 2010-05-13 03:09 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-05-13 03:06 . 2010-05-13 03:06 -------- d-----w- C:\spoolerlogs
2010-05-13 03:03 . 2008-04-13 18:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-05-13 03:03 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-05-13 03:03 . 2008-04-13 18:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-05-13 03:03 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-05-13 03:03 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-05-13 03:03 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-05-12 09:23 . 2010-05-12 09:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Proxima Software
2010-05-12 09:21 . 2010-05-12 09:24 -------- d-----w- c:\program files\FontExpert
2010-05-12 07:04 . 2010-05-12 07:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\NeatImage PS
2010-05-12 06:45 . 2010-05-12 06:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\NeatImage SL
2010-05-12 06:45 . 2010-05-12 06:45 -------- d-----w- c:\program files\Neat Image
2010-05-12 06:19 . 2009-07-23 21:43 3072 ----a-w- c:\documents and settings\Administrator\Application Data\Adobe\Lightroom\Modules\PhotoToolsConduit.lrplugin\win32\icudt42.dll
2010-05-12 06:19 . 2009-07-23 21:43 1387520 ----a-w- c:\documents and settings\Administrator\Application Data\Adobe\Lightroom\Modules\PhotoToolsConduit.lrplugin\win32\icuin42.dll
2010-05-12 06:19 . 2009-07-23 21:43 1176064 ----a-w- c:\documents and settings\Administrator\Application Data\Adobe\Lightroom\Modules\PhotoToolsConduit.lrplugin\win32\icuuc42.dll
2010-05-12 06:09 . 2010-05-12 06:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
2010-05-12 04:45 . 2010-05-12 04:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Mask Pro 4.0
2010-05-12 04:29 . 2010-05-12 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Nik Software
2010-05-11 23:08 . 2010-05-11 23:08 -------- d-----w- c:\program files\Nik Software
2010-05-11 19:17 . 2009-07-23 21:43 896512 ----a-w- c:\documents and settings\Administrator\Application Data\Adobe\Lightroom\Modules\PhotoToolsConduit.lrplugin\win32\PTPalette.exe
2010-05-11 19:17 . 2009-07-23 21:43 165376 ----a-w- c:\documents and settings\Administrator\Application Data\Adobe\Lightroom\Modules\PhotoToolsConduit.lrplugin\win32\OnOneWidgets.dll
2010-05-11 19:17 . 2009-07-23 21:43 208896 ----a-w- c:\documents and settings\Administrator\Application Data\Adobe\Lightroom\Modules\PhotoToolsConduit.lrplugin\win32\Interop.Photoshop.B.0.dll
2010-05-11 19:17 . 2009-07-23 21:43 208896 ----a-w- c:\documents and settings\Administrator\Application Data\Adobe\Lightroom\Modules\PhotoToolsConduit.lrplugin\win32\Interop.Photoshop.A.0.dll
2010-05-11 19:17 . 2009-07-23 21:43 204800 ----a-w- c:\documents and settings\Administrator\Application Data\Adobe\Lightroom\Modules\PhotoToolsConduit.lrplugin\win32\Interop.Photoshop.9.0.dll
2010-05-11 19:17 . 2009-07-23 21:43 773632 ----a-w- c:\documents and settings\Administrator\Application Data\Adobe\Lightroom\Modules\PhotoToolsConduit.lrplugin\win32\CoreFoundation.dll
2010-05-11 18:48 . 2008-11-26 19:12 399114 ----a-w- c:\documents and settings\Administrator\Application Data\Adobe\Lightroom\Modules\GenuineFractals6.lrplugin\win32\LaunchGF6.exe
2010-05-11 18:48 . 2008-11-26 19:12 159744 ----a-w- c:\documents and settings\Administrator\Application Data\Adobe\Lightroom\Modules\GenuineFractals6.lrplugin\win32\OnOneWidgets.dll
2010-05-11 18:48 . 2010-05-11 18:48 -------- d-----w- c:\program files\Common Files\onOne Software Shared
2010-05-11 18:48 . 2008-11-26 19:12 393216 ----a-w- c:\documents and settings\Administrator\Application Data\Adobe\Lightroom\Modules\GenuineFractals6.lrplugin\win32\GFPalette.exe
2010-05-11 18:48 . 2008-11-26 19:12 227840 ----a-w- c:\windows\system32\Deco_32.dll
2010-05-11 18:48 . 2008-11-26 19:12 454656 ----a-w- c:\documents and settings\Administrator\Application Data\Adobe\Lightroom\Modules\GenuineFractals6.lrplugin\win32\CoreFoundation.dll
2010-05-11 16:47 . 2010-05-11 16:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\HP
2010-05-11 16:38 . 2010-05-11 16:38 -------- d-----r- c:\documents and settings\Administrator\Application Data\Brother
2010-05-11 16:27 . 2010-05-11 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2010-05-11 16:27 . 2010-05-11 16:27 34 ----a-w- c:\windows\system32\bd4040cn.dat
2010-05-11 16:27 . 2010-05-11 16:27 -------- d-----w- c:\program files\Brownie
2010-05-11 16:27 . 2008-03-20 08:34 100920 ----a-w- c:\windows\system32\BRRBTOOL.EXE
2010-05-11 16:27 . 2006-12-21 18:23 176128 ----a-w- c:\windows\system32\BROSNMP.DLL
2010-05-11 16:27 . 2005-01-17 23:10 45056 ----a-w- c:\windows\system32\BRTCPCON.DLL
2010-05-11 16:27 . 2010-05-11 16:27 -------- d-----w- c:\program files\Brother
2010-05-11 16:27 . 2007-04-24 08:30 192512 ------w- c:\windows\system32\Pdrvinst.dll
2010-05-11 16:27 . 2007-01-16 07:00 24223 ------w- c:\windows\system32\brlm03a.dll
2010-05-11 16:27 . 2004-08-09 22:42 77824 ----a-w- c:\windows\system32\BRLMW03A.DLL
2010-05-11 16:27 . 1999-10-27 08:00 50 ----a-w- c:\windows\system32\BAOCH06A.DAT
2010-05-11 16:12 . 2010-05-11 16:12 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-05-11 16:10 . 2004-09-29 19:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2010-05-11 16:10 . 2004-09-29 19:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2010-05-11 16:10 . 2004-09-29 19:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2010-05-11 16:10 . 2004-09-29 19:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2010-05-11 16:10 . 2004-09-29 19:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2010-05-11 16:10 . 2004-09-29 19:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2010-05-11 16:10 . 1998-10-29 23:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-05-11 16:10 . 2010-05-13 21:00 -------- d-----w- c:\program files\HP
2010-05-11 16:08 . 2005-07-06 19:50 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2010-05-11 16:08 . 2005-07-06 19:50 21744 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2010-05-11 16:08 . 2005-07-06 19:50 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-05-11 16:08 . 2005-07-06 19:50 274432 ----a-w- c:\windows\system32\HPZc3212.dll
2010-05-11 16:08 . 2005-07-06 19:50 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
2010-05-11 16:07 . 2005-07-06 19:50 393216 ----a-w- c:\windows\system32\hpzcon12.dll
2010-05-11 16:07 . 2005-07-06 19:50 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
2010-05-11 16:06 . 2010-05-11 19:46 -------- d-----w- C:\temp
2010-05-11 16:04 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-05-11 16:04 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-05-11 16:03 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-05-11 16:03 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-05-11 06:15 . 2010-05-11 06:15 -------- d--h--w- c:\windows\PIF
2010-05-10 19:01 . 2010-05-10 19:01 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{9C7F59A9-3AB2-4916-B380-B78FF1C3637D}
2010-05-10 19:01 . 2010-04-15 18:33 4104960 -c--a-w- c:\documents and settings\All Users\Application Data\{9C7F59A9-3AB2-4916-B380-B78FF1C3637D}\Traktor Setup PC.exe
2010-05-10 19:01 . 2010-05-10 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Native Instruments
2010-05-10 19:01 . 2010-05-10 19:01 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{20EFD19B-675C-417B-A498-B0161D72FF88}
2010-05-10 19:01 . 2010-02-26 16:32 4079192 -c--a-w- c:\documents and settings\All Users\Application Data\{20EFD19B-675C-417B-A498-B0161D72FF88}\Controller Editor Setup PC.exe
2010-05-10 19:01 . 2010-05-10 19:01 -------- d-----w- c:\program files\Common Files\Native Instruments
2010-05-10 19:00 . 2010-05-10 19:00 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{B5F0C192-874D-49A8-88D7-8431E3714756}
2010-05-10 19:00 . 2010-03-17 18:21 4066656 -c--a-w- c:\documents and settings\All Users\Application Data\{B5F0C192-874D-49A8-88D7-8431E3714756}\Service Center Setup PC.exe
2010-05-10 19:00 . 2010-05-10 19:01 -------- d-----w- c:\program files\Native Instruments
2010-05-08 16:21 . 2010-05-08 16:21 -------- d-----w- c:\program files\Winamp Detect
2010-05-08 16:20 . 2010-05-08 16:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Winamp
2010-05-08 16:20 . 2010-05-08 16:21 -------- d-----w- c:\program files\Winamp
2010-05-06 04:27 . 2010-05-06 04:27 1025 ----a-w- c:\windows\system32\sysprs7.dll
2010-05-06 04:27 . 2010-05-06 04:27 1025 ----a-w- c:\windows\system32\clauth2.dll
2010-05-06 04:27 . 2010-05-06 04:27 1025 ----a-w- c:\windows\system32\clauth1.dll
2010-05-06 04:27 . 2010-05-06 04:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Minnetonka Audio Software
2010-05-05 07:20 . 2010-05-12 07:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\onOne Software
2010-05-05 07:20 . 2009-07-23 21:43 57344 ----a-w- c:\windows\system32\ASTSRV.EXE
2010-05-05 07:20 . 2010-05-11 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\onOne Software
2010-05-05 07:20 . 2010-05-12 06:18 -------- d-----w- c:\program files\onOne Software
2010-05-05 07:12 . 2010-05-05 07:12 -------- d-----w- c:\program files\QuickSFV
2010-05-05 06:08 . 2010-05-10 05:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Rosetta Stone
2010-05-05 06:08 . 2010-05-05 06:08 -------- d-----w- c:\program files\Rosetta Stone
2010-05-04 05:57 . 2010-05-04 05:57 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-05-04 04:35 . 2010-05-04 04:35 -------- d-----w- c:\program files\InterActual
2010-05-04 04:12 . 2010-05-04 04:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Cyberlink
2010-05-04 04:12 . 2010-05-04 04:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\CyberLink
2010-05-04 04:12 . 2010-05-04 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-05-04 04:11 . 2010-05-04 04:11 -------- d-----w- c:\program files\Common Files\CyberLink
2010-05-04 04:10 . 2010-05-04 04:12 -------- d-----w- c:\program files\CyberLink
2010-05-04 04:10 . 2010-05-04 04:09 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-05-03 23:35 . 2010-05-03 23:35 -------- d-----w- c:\program files\Audible
2010-05-03 07:10 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-05-03 07:03 . 2010-05-03 07:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-03 07:02 . 2010-05-03 07:55 -------- d-----w- c:\program files\Windows Media Connect 2
2010-05-03 06:55 . 2010-05-03 06:55 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-03 06:55 . 2010-05-03 06:55 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-05-03 06:50 . 2010-05-03 06:55 38784 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-03 06:33 . 2004-10-11 19:28 671744 ----a-w- c:\windows\system32\DolbyHph.dll
2010-05-03 06:33 . 2004-10-11 19:28 9856 ----a-w- c:\windows\system32\drivers\pfc.sys
2010-05-03 05:06 . 2010-05-03 05:06 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-03 05:05 . 2010-05-03 05:05 -------- d-----w- c:\program files\PIXELA
2010-05-02 01:37 . 2010-05-02 01:37 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2010-05-01 16:33 . 2010-05-01 17:48 -------- d-----w- c:\documents and settings\Administrator\ZipForm
2010-05-01 16:32 . 2010-05-01 16:32 -------- d--h--w- c:\program files\Zero G Registry
2010-05-01 16:32 . 2010-05-01 16:32 -------- d-----w- c:\program files\ZipLogix
2010-05-01 16:32 . 2010-05-01 16:32 -------- d--h--w- c:\documents and settings\Administrator\InstallAnywhere

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-17 02:07 . 2010-04-29 04:45 -------- d-----w- c:\program files\Symantec AntiVirus
2010-05-13 23:09 . 2010-04-29 04:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-12 15:05 . 2010-04-29 05:02 522848 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-11 21:23 . 2009-12-18 09:58 3072 ----a-w- c:\windows\system32\Viveza2FC32.dll
2010-05-06 03:08 . 2010-04-29 04:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2010-05-04 04:33 . 2010-04-29 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-05-04 04:33 . 2010-04-29 04:24 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-02 01:50 . 2010-04-29 04:31 -------- d-----w- c:\program files\Creative
2010-05-02 01:36 . 2010-04-29 04:30 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-05-02 01:36 . 2010-04-29 04:30 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-04-30 07:41 . 2010-04-29 04:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-04-30 07:40 . 2010-04-29 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-04-29 21:19 . 2010-04-29 21:19 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2010-04-29 21:19 . 2010-04-29 21:19 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}\ARPPRODUCTICON.exe
2010-04-29 21:19 . 2010-04-29 21:19 -------- d-----w- c:\program files\Microsoft WSE
2010-04-29 07:18 . 2010-04-29 04:05 -------- d-----w- c:\program files\MessengerOFF
2010-04-29 07:17 . 2010-04-29 04:10 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-29 05:02 . 2010-04-29 05:01 12907880 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative WaveStudio 7.12.00__\WAVESTD_PCAPP_LB_7_12_00.exe
2010-04-29 05:01 . 2010-04-29 04:48 62234496 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative Console Launcher 2.61.09__\CSL_PCAPP_LB_2_61_09.exe
2010-04-29 04:46 . 2010-04-29 04:45 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-29 04:45 . 2010-04-29 04:45 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-29 04:45 . 2010-04-29 04:45 8014 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-04-29 04:45 . 2010-04-29 04:45 48768 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-29 04:45 . 2010-04-29 04:45 110952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-29 04:45 . 2010-04-29 04:45 -------- d-----w- c:\program files\Symantec
2010-04-29 04:45 . 2010-04-29 04:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-04-29 04:39 . 2010-04-29 04:39 -------- d-----w- c:\program files\iTunes
2010-04-29 04:39 . 2010-04-29 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-29 04:39 . 2010-04-29 04:39 -------- d-----w- c:\program files\iPod
2010-04-29 04:39 . 2010-04-29 04:38 -------- d-----w- c:\program files\QuickTime
2010-04-29 04:38 . 2010-04-29 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-08 20:20 . 2010-04-08 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 20:20 . 2010-04-08 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-04 02:23 . 2010-04-04 02:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-04 02:23 . 2010-04-04 02:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-04 02:23 . 2010-04-04 02:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-04 02:23 . 2010-04-04 02:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-04 02:23 . 2010-04-04 02:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-04 02:22 . 2010-04-04 02:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-04-03 22:55 . 2010-04-29 04:22 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-04-03 22:55 . 2010-04-29 04:22 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-04-03 22:55 . 2010-04-29 04:22 10232128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-04-03 22:55 . 2010-04-29 04:22 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-03 22:55 . 2010-04-29 04:22 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-03 22:55 . 2010-04-29 04:22 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-04-03 22:55 . 2010-04-29 04:22 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-03 22:55 . 2010-04-29 04:22 227944 ----a-w- c:\windows\system32\nvcodins.dll
2010-04-03 22:55 . 2010-04-29 04:22 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-04-03 22:55 . 2010-04-29 04:22 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-04-03 22:55 . 2010-04-29 04:22 1097728 ----a-w- c:\windows\system32\nvapi.dll
2010-04-03 22:55 . 2010-04-29 04:22 227944 ----a-w- c:\windows\system32\nvcod.dll
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2004-08-04 12:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Shortcut to VPTray.lnk - c:\program files\Symantec AntiVirus\VPTray.exe [2007-10-7 125368]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-12-17 1795488]
Dynex Wireless Networking Utility.lnk - c:\program files\Dynex G USB Network Adapter\DynexWCUI.exe [2010-4-28 1462272]
ImageMixer 3 SE Camera Monitor Ver.3.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.3\CameraMonitor.exe [2010-5-2 253952]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"d:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/05/03 21:12];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [3/13/2010 12:58 PM 87536]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [4/28/2010 9:29 PM 38656]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\ct20xut.sys [6/4/2009 2:46 AM 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\ctexfifx.sys [6/4/2009 2:46 AM 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\cthwiut.sys [6/4/2009 2:46 AM 72728]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/28/2010 10:00 PM 102448]
R3 NdisWDM;Dynex Wireless G USB Network Adapter Service;c:\windows\system32\drivers\NdisWDM.sys [4/28/2010 9:21 PM 198144]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [5/1/2010 6:37 PM 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\ct20xut.sys [6/4/2009 2:46 AM 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\ctexfifx.sys [6/4/2009 2:46 AM 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\cthwiut.sys [6/4/2009 2:46 AM 72728]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/7/2007 8:48 PM 116664]
S4 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2/26/2010 9:19 AM 3623424]
S4 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [12/18/2009 2:58 AM 57344]
.
Contents of the 'Scheduled Tasks' folder

2010-05-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]

2010-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1292428093-725345543-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-29 06:35]

2010-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1292428093-725345543-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-29 06:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.google.com/nwshp?hl=en&tab=wn
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-16 19:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,33,45,06,6f,90,1a,bd,4d,a1,78,8b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,33,45,06,6f,90,1a,bd,4d,a1,78,8b,\

[HKEY_USERS\S-1-5-21-1202660629-1292428093-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bf,90,0a,c4,ae,3b,08,4b,af,66,6d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bf,90,0a,c4,ae,3b,08,4b,af,66,6d,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:47,d4,ba,f4,c8,f8,5b,9b,3d,ee,44,c7,bb,85,41,fc,f3,bb,84,0d,99,
eb,9c,e9,cf,94,0c,1a,e7,89,76,6b,73,5a,96,a0,ea,77,bd,50,8e,5f,67,3c,d3,5c,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:47,d4,ba,f4,c8,f8,5b,9b,3d,ee,44,c7,bb,85,41,fc,f3,bb,84,0d,99,
eb,9c,e9,cf,94,0c,1a,e7,89,76,6b,73,5a,96,a0,ea,77,bd,50,8e,5f,67,3c,d3,5c,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2010-05-16 19:26:06
ComboFix-quarantined-files.txt 2010-05-17 02:26

Pre-Run: 87,612,121,088 bytes free
Post-Run: 87,587,975,168 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - F5D147B45069073E654BE252402D3166


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:00 PM

Posted 17 May 2010 - 10:32 AM

Hi,

QUOTE
I did notice that I stilll have the svhost.exe and the smss.exe (duplicate service) running from my c:\system volume information\_restor{d5fffa500b1b} should I be concerned about these.

Yes. We will try to remove them now.

Open notepad and copy/paste the text in the quotebox below into it:

CODE
http://www.bleepingcomputer.com/forums/t/316776/trojansfakeav-backdoortidserf-hacktoolroot-kit-attack-need-help/
Collect::
C:\System Volume Information\_restore{d5fffa500b1b}\svchost.exe
C:\System Volume Information\_restore{d5fffa500b1b}\smss.exe
TDL::
c:\windows\system32\drivers\cdrom.sys


Save this as CFScript.txt





Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 Shownuff808

Shownuff808
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 17 May 2010 - 11:15 AM

Ok I have a few problems. I noticed during the combo fix process that I received a PEV.EXE Application error, and on reboot my admin account is asking me for a password (I never set up a password for this account). I am unable to log on. Has the Trojan Altered this.

What do I do?

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:00 PM

Posted 17 May 2010 - 02:57 PM

Hi,

could you just hit enter and let me know if that allows you to log into your PC?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 Shownuff808

Shownuff808
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 17 May 2010 - 03:07 PM

Yes, I tried that and it says: Unable to log you on because of an account restriction. Further, I did notice when after all this started that the Winlogon.exe process was at 50% bogging the system. Not sure if its related but I thought I'd add that.

Edited by Shownuff808, 17 May 2010 - 03:11 PM.


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:00 PM

Posted 17 May 2010 - 05:28 PM

Hi,

I'm gonna ask for advice. Is this your only user account on the machine?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 Shownuff808

Shownuff808
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 17 May 2010 - 05:40 PM

Fresh Install -30days old, no users, administrator account only with no password, nobody has access to the PC. Admin password added when we perfomed the latest combofix action.

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:00 PM

Posted 17 May 2010 - 05:48 PM

Hi,

please try booting into Last Known Good Configuration. To do so you need to press F8 once before Windows starts loading to bring up the selection between safe mode and normal mode and then hit F8 again, to bring up the advanced boot menu. You should then be able to see the option Last known good configuration.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 Shownuff808

Shownuff808
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 17 May 2010 - 06:27 PM

Ok that got me back in, but those two buggers are still there. Ready for the next move. FYI Nortan found a Backdoor.tidserv!inf A0028570.sys in system volume info.

Thanks Marti

ComboFix 10-05-16.02 - Administrator 05/17/2010 8:52.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2525 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: N:\CFScript.txt.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

file zipped: c:\system volume information\_restore{d5fffa500b1b}\smss.exe
file zipped: c:\system volume information\_restore{d5fffa500b1b}\svchost.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\system volume information\_restore{d5fffa500b1b}\smss.exe . . . . failed to delete
c:\system volume information\_restore{d5fffa500b1b}\svchost.exe . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2010-04-17 to 2010-05-17 )))))))))))))))))))))))))))))))
.

2010-05-13 23:23 . 2008-04-13 18:40 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2010-05-13 23:23 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-05-13 17:57 . 2010-05-13 17:57 2855 ----a-w- c:\windows\system32\edit.PIF
2010-05-13 05:16 . 2010-05-13 05:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-13 05:16 . 2010-03-30 07:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-13 05:16 . 2010-05-13 05:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-13 05:16 . 2010-05-13 05:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-13 05:16 . 2010-03-30 07:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-13 03:32 . 2010-05-13 03:32 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-05-13 03:15 . 2010-05-13 03:15 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-05-13 03:15 . 2010-05-13 03:15 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2010-05-13 03:09 . 2010-05-13 03:09 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-05-13 03:06 . 2010-05-13 03:06 -------- d-----w- C:\spoolerlogs
2010-05-13 03:03 . 2008-04-13 18:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-05-13 03:03 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-05-13 03:03 . 2008-04-13 18:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-05-13 03:03 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-05-13 03:03 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-05-13 03:03 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-05-12 09:23 . 2010-05-12 09:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Proxima Software
2010-05-12 09:21 . 2010-05-12 09:24 -------- d-----w- c:\program files\FontExpert
2010-05-12 07:04 . 2010-05-12 07:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\NeatImage PS
2010-05-12 06:45 . 2010-05-12 06:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\NeatImage SL
2010-05-12 06:45 . 2010-05-12 06:45 -------- d-----w- c:\program files\Neat Image
2010-05-12 06:09 . 2010-05-12 06:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
2010-05-12 04:45 . 2010-05-12 04:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Mask Pro 4.0
2010-05-12 04:29 . 2010-05-12 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Nik Software
2010-05-11 23:08 . 2010-05-11 23:08 -------- d-----w- c:\program files\Nik Software
2010-05-11 18:48 . 2010-05-11 18:48 -------- d-----w- c:\program files\Common Files\onOne Software Shared
2010-05-11 18:48 . 2008-11-26 19:12 227840 ----a-w- c:\windows\system32\Deco_32.dll
2010-05-11 16:47 . 2010-05-11 16:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\HP
2010-05-11 16:38 . 2010-05-11 16:38 -------- d-----r- c:\documents and settings\Administrator\Application Data\Brother
2010-05-11 16:27 . 2010-05-11 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2010-05-11 16:27 . 2010-05-11 16:27 34 ----a-w- c:\windows\system32\bd4040cn.dat
2010-05-11 16:27 . 2010-05-11 16:27 -------- d-----w- c:\program files\Brownie
2010-05-11 16:27 . 2008-03-20 08:34 100920 ----a-w- c:\windows\system32\BRRBTOOL.EXE
2010-05-11 16:27 . 2006-12-21 18:23 176128 ----a-w- c:\windows\system32\BROSNMP.DLL
2010-05-11 16:27 . 2005-01-17 23:10 45056 ----a-w- c:\windows\system32\BRTCPCON.DLL
2010-05-11 16:27 . 2010-05-11 16:27 -------- d-----w- c:\program files\Brother
2010-05-11 16:27 . 2007-04-24 08:30 192512 ------w- c:\windows\system32\Pdrvinst.dll
2010-05-11 16:27 . 2007-01-16 07:00 24223 ------w- c:\windows\system32\brlm03a.dll
2010-05-11 16:27 . 2004-08-09 22:42 77824 ----a-w- c:\windows\system32\BRLMW03A.DLL
2010-05-11 16:27 . 1999-10-27 08:00 50 ----a-w- c:\windows\system32\BAOCH06A.DAT
2010-05-11 16:12 . 2010-05-11 16:12 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-05-11 16:10 . 2004-09-29 19:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2010-05-11 16:10 . 2004-09-29 19:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2010-05-11 16:10 . 2004-09-29 19:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2010-05-11 16:10 . 2004-09-29 19:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2010-05-11 16:10 . 2004-09-29 19:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2010-05-11 16:10 . 2004-09-29 19:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2010-05-11 16:10 . 1998-10-29 23:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-05-11 16:10 . 2010-05-13 21:00 -------- d-----w- c:\program files\HP
2010-05-11 16:08 . 2005-07-06 19:50 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2010-05-11 16:08 . 2005-07-06 19:50 21744 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2010-05-11 16:08 . 2005-07-06 19:50 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-05-11 16:08 . 2005-07-06 19:50 274432 ----a-w- c:\windows\system32\HPZc3212.dll
2010-05-11 16:08 . 2005-07-06 19:50 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
2010-05-11 16:07 . 2005-07-06 19:50 393216 ----a-w- c:\windows\system32\hpzcon12.dll
2010-05-11 16:07 . 2005-07-06 19:50 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
2010-05-11 16:06 . 2010-05-11 19:46 -------- d-----w- C:\temp
2010-05-11 16:04 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-05-11 16:04 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-05-11 16:03 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-05-11 16:03 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-05-11 06:15 . 2010-05-11 06:15 -------- d--h--w- c:\windows\PIF
2010-05-10 19:01 . 2010-05-10 19:01 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{9C7F59A9-3AB2-4916-B380-B78FF1C3637D}
2010-05-10 19:01 . 2010-05-10 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Native Instruments
2010-05-10 19:01 . 2010-05-10 19:01 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{20EFD19B-675C-417B-A498-B0161D72FF88}
2010-05-10 19:01 . 2010-05-10 19:01 -------- d-----w- c:\program files\Common Files\Native Instruments
2010-05-10 19:00 . 2010-05-10 19:00 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{B5F0C192-874D-49A8-88D7-8431E3714756}
2010-05-10 19:00 . 2010-05-10 19:01 -------- d-----w- c:\program files\Native Instruments
2010-05-08 16:21 . 2010-05-08 16:21 -------- d-----w- c:\program files\Winamp Detect
2010-05-08 16:20 . 2010-05-08 16:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Winamp
2010-05-08 16:20 . 2010-05-08 16:21 -------- d-----w- c:\program files\Winamp
2010-05-06 04:27 . 2010-05-06 04:27 1025 ----a-w- c:\windows\system32\sysprs7.dll
2010-05-06 04:27 . 2010-05-06 04:27 1025 ----a-w- c:\windows\system32\clauth2.dll
2010-05-06 04:27 . 2010-05-06 04:27 1025 ----a-w- c:\windows\system32\clauth1.dll
2010-05-06 04:27 . 2010-05-06 04:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Minnetonka Audio Software
2010-05-05 07:20 . 2010-05-12 07:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\onOne Software
2010-05-05 07:20 . 2009-07-23 21:43 57344 ----a-w- c:\windows\system32\ASTSRV.EXE
2010-05-05 07:20 . 2010-05-11 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\onOne Software
2010-05-05 07:20 . 2010-05-12 06:18 -------- d-----w- c:\program files\onOne Software
2010-05-05 07:12 . 2010-05-05 07:12 -------- d-----w- c:\program files\QuickSFV
2010-05-05 06:08 . 2010-05-10 05:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Rosetta Stone
2010-05-05 06:08 . 2010-05-05 06:08 -------- d-----w- c:\program files\Rosetta Stone
2010-05-04 05:57 . 2010-05-04 05:57 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-05-04 04:35 . 2010-05-04 04:35 -------- d-----w- c:\program files\InterActual
2010-05-04 04:12 . 2010-05-04 04:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Cyberlink
2010-05-04 04:12 . 2010-05-04 04:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\CyberLink
2010-05-04 04:12 . 2010-05-04 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-05-04 04:11 . 2010-05-04 04:11 -------- d-----w- c:\program files\Common Files\CyberLink
2010-05-04 04:10 . 2010-05-04 04:12 -------- d-----w- c:\program files\CyberLink
2010-05-04 04:10 . 2010-05-04 04:09 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-05-03 23:35 . 2010-05-03 23:35 -------- d-----w- c:\program files\Audible
2010-05-03 07:03 . 2010-05-03 07:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-03 07:02 . 2010-05-03 07:55 -------- d-----w- c:\program files\Windows Media Connect 2
2010-05-03 06:55 . 2010-05-03 06:55 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-05-03 06:33 . 2004-10-11 19:28 671744 ----a-w- c:\windows\system32\DolbyHph.dll
2010-05-03 06:33 . 2004-10-11 19:28 9856 ----a-w- c:\windows\system32\drivers\pfc.sys
2010-05-03 05:06 . 2010-05-03 05:06 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-03 05:05 . 2010-05-03 05:05 -------- d-----w- c:\program files\PIXELA
2010-05-02 01:37 . 2010-05-02 01:37 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2010-05-01 16:33 . 2010-05-01 17:48 -------- d-----w- c:\documents and settings\Administrator\ZipForm
2010-05-01 16:32 . 2010-05-01 16:32 -------- d--h--w- c:\program files\Zero G Registry
2010-05-01 16:32 . 2010-05-01 16:32 -------- d-----w- c:\program files\ZipLogix
2010-05-01 16:32 . 2010-05-01 16:32 -------- d--h--w- c:\documents and settings\Administrator\InstallAnywhere
2010-05-01 15:51 . 2010-05-01 15:51 -------- d-----w- c:\program files\Sandboxie
2010-05-01 08:32 . 2010-05-01 08:32 -------- d-----w- c:\program files\uTorrent
2010-05-01 08:31 . 2010-05-12 15:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-05-01 06:04 . 2010-05-01 06:27 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-05-01 04:18 . 2010-05-01 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-04-30 19:43 . 2007-10-12 22:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2010-04-30 19:41 . 2010-04-30 19:41 -------- d-----w- c:\windows\Logs
2010-04-30 18:50 . 2010-04-30 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-04-30 18:17 . 2010-04-30 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM
2010-04-30 18:02 . 2009-08-20 06:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-04-30 18:02 . 2009-08-20 06:50 46928 ----a-w- c:\windows\system32\AdobePDF.dll
2010-04-30 17:51 . 2010-04-30 17:51 -------- d-----w- c:\program files\Adobe Media Player
2010-04-30 17:41 . 2010-04-30 17:41 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-04-30 17:34 . 2010-05-04 16:22 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-30 17:30 . 2006-09-20 19:42 11392 ----a-w- c:\windows\system32\drivers\hh9help.sys
2010-04-30 17:04 . 2010-04-30 17:04 -------- d-----w- c:\windows\system32\NtmsData
2010-04-30 09:07 . 2010-05-01 08:41 29200 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-30 08:39 . 2010-04-30 08:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2010-04-30 07:40 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\ptpusb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-17 23:10 . 2010-04-29 04:45 -------- d-----w- c:\program files\Symantec AntiVirus
2010-05-13 23:09 . 2010-04-29 04:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-12 15:05 . 2010-04-29 05:02 522848 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-11 21:23 . 2009-12-18 09:58 3072 ----a-w- c:\windows\system32\Viveza2FC32.dll
2010-05-06 03:08 . 2010-04-29 04:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2010-05-04 04:33 . 2010-04-29 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-05-04 04:33 . 2010-04-29 04:24 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-02 01:50 . 2010-04-29 04:31 -------- d-----w- c:\program files\Creative
2010-05-02 01:36 . 2010-04-29 04:30 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-05-02 01:36 . 2010-04-29 04:30 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-04-30 07:41 . 2010-04-29 04:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-04-30 07:40 . 2010-04-29 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-04-29 07:18 . 2010-04-29 04:05 -------- d-----w- c:\program files\MessengerOFF
2010-04-29 07:17 . 2010-04-29 04:10 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-29 04:46 . 2010-04-29 04:45 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-29 04:45 . 2010-04-29 04:45 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-29 04:45 . 2010-04-29 04:45 8014 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-04-29 04:45 . 2010-04-29 04:45 48768 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-29 04:45 . 2010-04-29 04:45 110952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-29 04:45 . 2010-04-29 04:45 -------- d-----w- c:\program files\Symantec
2010-04-29 04:45 . 2010-04-29 04:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-04-29 04:39 . 2010-04-29 04:39 -------- d-----w- c:\program files\iTunes
2010-04-29 04:39 . 2010-04-29 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-29 04:39 . 2010-04-29 04:39 -------- d-----w- c:\program files\iPod
2010-04-29 04:39 . 2010-04-29 04:38 -------- d-----w- c:\program files\QuickTime
2010-04-08 20:20 . 2010-04-08 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 20:20 . 2010-04-08 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-04 02:23 . 2010-04-04 02:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-04 02:23 . 2010-04-04 02:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-04 02:23 . 2010-04-04 02:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-04 02:23 . 2010-04-04 02:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-04 02:23 . 2010-04-04 02:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-04 02:22 . 2010-04-04 02:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-04-03 22:55 . 2010-04-29 04:22 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-04-03 22:55 . 2010-04-29 04:22 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-04-03 22:55 . 2010-04-29 04:22 10232128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-04-03 22:55 . 2010-04-29 04:22 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-03 22:55 . 2010-04-29 04:22 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-03 22:55 . 2010-04-29 04:22 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-04-03 22:55 . 2010-04-29 04:22 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-03 22:55 . 2010-04-29 04:22 227944 ----a-w- c:\windows\system32\nvcodins.dll
2010-04-03 22:55 . 2010-04-29 04:22 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-04-03 22:55 . 2010-04-29 04:22 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-04-03 22:55 . 2010-04-29 04:22 1097728 ----a-w- c:\windows\system32\nvapi.dll
2010-04-03 22:55 . 2010-04-29 04:22 227944 ----a-w- c:\windows\system32\nvcod.dll
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Shortcut to VPTray.lnk - c:\program files\Symantec AntiVirus\VPTray.exe [2007-10-7 125368]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-12-17 1795488]
Dynex Wireless Networking Utility.lnk - c:\program files\Dynex G USB Network Adapter\DynexWCUI.exe [2010-4-28 1462272]
ImageMixer 3 SE Camera Monitor Ver.3.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.3\CameraMonitor.exe [2010-5-2 253952]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"d:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/05/03 21:12];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [3/13/2010 12:58 PM 87536]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [4/28/2010 9:29 PM 38656]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\ct20xut.sys [6/4/2009 2:46 AM 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\ctexfifx.sys [6/4/2009 2:46 AM 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\cthwiut.sys [6/4/2009 2:46 AM 72728]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/28/2010 10:00 PM 102448]
R3 NdisWDM;Dynex Wireless G USB Network Adapter Service;c:\windows\system32\drivers\NdisWDM.sys [4/28/2010 9:21 PM 198144]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [5/1/2010 6:37 PM 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\ct20xut.sys [6/4/2009 2:46 AM 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\ctexfifx.sys [6/4/2009 2:46 AM 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\cthwiut.sys [6/4/2009 2:46 AM 72728]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/7/2007 8:48 PM 116664]
S4 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2/26/2010 9:19 AM 3623424]
S4 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [12/18/2009 2:58 AM 57344]
.
Contents of the 'Scheduled Tasks' folder

2010-05-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]

2010-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1292428093-725345543-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-29 06:35]

2010-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1292428093-725345543-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-29 06:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.google.com/nwshp?hl=en&tab=wn
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-17 16:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,33,45,06,6f,90,1a,bd,4d,a1,78,8b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,33,45,06,6f,90,1a,bd,4d,a1,78,8b,\

[HKEY_USERS\S-1-5-21-1202660629-1292428093-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bf,90,0a,c4,ae,3b,08,4b,af,66,6d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bf,90,0a,c4,ae,3b,08,4b,af,66,6d,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:47,d4,ba,f4,c8,f8,5b,9b,3d,ee,44,c7,bb,85,41,fc,f3,bb,84,0d,99,
eb,9c,e9,cf,94,0c,1a,e7,89,76,6b,73,5a,96,a0,ea,77,bd,50,8e,5f,67,3c,d3,5c,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:47,d4,ba,f4,c8,f8,5b,9b,3d,ee,44,c7,bb,85,41,fc,f3,bb,84,0d,99,
eb,9c,e9,cf,94,0c,1a,e7,89,76,6b,73,5a,96,a0,ea,77,bd,50,8e,5f,67,3c,d3,5c,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(1140)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SYSTEM32\astsrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\SearchIndexer.exe
c:\system volume information\_restore{d5fffa500b1b}\smss.exe
c:\system volume information\_restore{d5fffa500b1b}\svchost.exe
c:\windows\system32\taskmgr.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2010-05-17 16:21:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-17 23:21
ComboFix2.txt 2010-05-17 02:26

Pre-Run: 87,635,861,504 bytes free
Post-Run: 87,576,911,872 bytes free

- - End Of File - - 43D5513A00790B168F75D078AD2077B0

Edited by Shownuff808, 17 May 2010 - 06:59 PM.


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:00 PM

Posted 17 May 2010 - 07:16 PM

Hi,

the upload of the files failed. Could you please do this:
Please go to C:\qoobox\quarantine and locate the file [4]Submit_<date and time>.zip, where date and time are the date and time when you ran ComboFix.Afterwards please visit this site and follow the instructions for uploading the file.

Let me know once you're done, so I can check for the files.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users