Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Potential rootkit infection.


  • This topic is locked This topic is locked
66 replies to this topic

#31 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:30 PM

Posted 23 June 2010 - 03:34 PM

Do you have your windows cd handy?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

BC AdBot (Login to Remove)

 


#32 Faran

Faran
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sweden
  • Local time:05:30 PM

Posted 24 June 2010 - 10:00 AM

Yes I do have a Windows CD handy. Though it is an old XP CD which doesn't have any SP versions on it. I hope that is no problem?

#33 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:30 PM

Posted 26 June 2010 - 07:04 AM

Hi,

Let's run the Windows System File Checker utility

You will need your XP CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the XP CD when asked.


Let me know what happens, and how your computer behaves after running the utility.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#34 Faran

Faran
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sweden
  • Local time:05:30 PM

Posted 26 June 2010 - 03:16 PM

Hi,

How am I suppose to do that when I can't boot up the OS that needs to be scanned? I tried to use the Live WinXPE (or what it was called) but it didn't have that command/executable. I even tried to use the one on the hard drive while in WinXPE but it didn't work. And last I tried Recovery Console but it can't execute *.exe files it seems or if it is possible, I don't know how.

Remember the OS can't be loaded. We have to find a way to do that scan remotely. From a Live CD or something. If not "sfc" is able to redirect the scan to another drive (and I couldn't find that possibility) then I can't do it.

#35 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:30 PM

Posted 27 June 2010 - 06:59 AM

Sorry. Can you perform a repair install?

http://www.microsoft.com/windowsxp/using/h...ips/doug92.mspx
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#36 Faran

Faran
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sweden
  • Local time:05:30 PM

Posted 28 June 2010 - 02:06 AM

Hi,

Nothing is going as planed... got a new blue-screen while doing the repair and now the partition can no longer be found by the Windows XP Install CD.. but I can access it in Linux, and while booting up normally it gives an error, that it can't find or thinks the (C:\Windows\system32\config\SYSTEM) file is corrupt... and I think the file might be corrupt as I have checked that folder and the file is there. But I can't fix it because the install CD I used can't even examine the hard drive now for some reason. I can replace the file manually from Linux though... I have tested with another WinXP language version, and there it can examine the disk but it doesn't recognize it as an NTFS (Unknown/RAW) partition (while Linux does), but as said it is a different language version so I don't feel like testing it to use as a repair disk.

OK I'm trying to get a newer version of the Win XP install CD and see if it can do another repair attempt. Will keep you updated.

Edit: Ok I just tested with a windows XP CD that was in the same language/version... and it can't access the Unknown/RAW partition and there for can't fix the SYSTEM file. But as I said I can do it manually with the help of Linux (it recognize the partition as NTFS) but I don't know where to find/get a replacement SYSTEM file. And In the same folder there is backed up version of the file and other files, dating back to when we run ComboFix.

Well if there is a way to convert this Unknown/RAW partition to a genuine NTFS partition without damaging the data in the process, there should be hope of redo the repair process with my other Windows XP disk (Which seems to be more reliable).

Edit2: I have confirmed that the SYSTEM file is corrupted... I replaced it with the backed up one and it got past the Error screen, but didn't do anything more than showing the Windows XP screen with the load indicator. Though it hadn't freezed it just didn't do anything and no hard drive activity either.

Edited by Faran, 28 June 2010 - 12:39 PM.


#37 Faran

Faran
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sweden
  • Local time:05:30 PM

Posted 29 June 2010 - 04:43 AM

Ok I have solved the problem with the corrupt NTFS partition... fixed it with CHKDSK /F command. Gonna try to continue the repair.

Edit: As I said the NTFS partition is working but the repair can't continue thanks to the Corrupted SYSTEM file. So now I'm stuck as I do not have an replacement SYSTEM file that is needed. And it seems I can't get one from the install CD either.

So it looks like I'm stuck again. mellow.gif


Important: I'm going away for a week and I will not be able to do anything on my computer under that time so if you think it is necessary to close the thread for the time being, please do. I will PM you when I'm back and are able to continue working on the computer again.
But if you have some suggestions on what to do next, please post it before you close the thread, thanks. smile.gif

Edited by Faran, 30 June 2010 - 01:08 AM.


#38 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:30 PM

Posted 30 June 2010 - 02:20 PM

A repair install should work and replace the system hive. How is your knowledge in working with Recovery Console?


regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#39 Faran

Faran
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sweden
  • Local time:05:30 PM

Posted 30 June 2010 - 04:00 PM

I can tell you this, I have never used it before. This is the first time I ever used it. So my knowledge isn't that good.

#40 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:30 PM

Posted 03 July 2010 - 04:02 AM

Ok,

Please follow the steps here smile.gif

http://support.microsoft.com/?kbid=307545
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#41 Faran

Faran
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sweden
  • Local time:05:30 PM

Posted 06 July 2010 - 09:22 AM

Thanks! I will take a look at it when I get home! =)

#42 Faran

Faran
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sweden
  • Local time:05:30 PM

Posted 09 July 2010 - 10:40 AM

Righto,

The system is finally up and running again, after a second repair attempt.

So Now we can screw it up again. ;)

By the way, the OS is on Service Pack 2 now. Should I update it now or after continuing the malware removal process?
Waiting for instructions. =)

And it seems those Temp folders has stopped popping up. But I want to make sure it is gone anyway. ;)

#43 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:30 PM

Posted 10 July 2010 - 08:11 AM

First, please post back with a fresh OTL logfile smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#44 Faran

Faran
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sweden
  • Local time:05:30 PM

Posted 10 July 2010 - 12:14 PM

Ok here it is! As you might notice I didn't have my other drives attached this time:


OTL logfile created on: 7/10/2010 10:59:58 PM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000041D | Country: Sweden | Language: SVE | Date Format: yyyy-MM-dd

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 4.57 Gb Free Space | 23.39% Space Free | Partition Type: NTFS
Drive D: | 133.13 Gb Total Space | 64.96 Gb Free Space | 48.80% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2010/05/27 08:38:28 | 000,717,552 | ---- | M] (Immunet Corporation) [Auto] -- C:\Program Files\ClamAV for Windows\1.0.26\agent.exe -- (ImmunetProtect)
SRV - [2010/05/23 11:55:32 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/05/23 11:55:31 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/04/29 07:22:08 | 000,870,096 | ---- | M] (Voddler) [Disabled] -- C:\Program Files\Voddler\service\voddler.exe -- (VoddlerNet)
SRV - [2009/12/17 08:37:54 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/10/06 20:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/09/28 10:06:02 | 004,463,400 | ---- | M] (Wacom Technology, Corp.) [Auto] -- C:\WINDOWS\system32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2009/09/15 09:41:04 | 000,099,704 | ---- | M] (Dynamic Network Services, Inc.) [Disabled] -- C:\Program Files\DynDNS Updater\DynUpSvc.exe -- (DynDNS Updater)
SRV - [2009/02/23 06:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/10/15 11:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Disabled] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/08/08 12:51:48 | 000,410,904 | ---- | M] (Acronis) [Auto] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/05/10 21:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) [Auto] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)
SRV - [2007/04/12 18:20:02 | 000,512,000 | ---- | M] (Locktime Software) [Auto] -- C:\Program Files\NetLimiter 2 Pro\nlsvc.exe -- (nlsvc)
SRV - [2007/02/01 20:09:48 | 001,204,416 | ---- | M] (SiSoftware) [On_Demand] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exe -- (SandraTheSrv)
SRV - [2007/02/01 20:06:46 | 000,118,784 | ---- | M] (SiSoftware) [On_Demand] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\Win32\RpcDataSrv.exe -- (SandraDataSrv)
SRV - [2007/01/22 12:22:38 | 000,118,784 | ---- | M] (NVIDIA) [Auto] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (SenFiltService)
DRV - File not found [Kernel | On_Demand] -- -- (ProtoWall)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand] -- -- (lvpopflt)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (CTSBLFX.DLL)
DRV - File not found [Kernel | On_Demand] -- -- (CTHWIUT.DLL)
DRV - File not found [Kernel | On_Demand] -- -- (CTEXFIFX.DLL)
DRV - File not found [Kernel | On_Demand] -- -- (CTERFXFX.DLL)
DRV - File not found [Kernel | On_Demand] -- -- (CTEDSPSY.DLL)
DRV - File not found [Kernel | On_Demand] -- -- (CTEDSPIO.DLL)
DRV - File not found [Kernel | On_Demand] -- -- (CTEDSPFX.DLL)
DRV - File not found [Kernel | On_Demand] -- -- (CTEAPSFX.DLL)
DRV - File not found [Kernel | On_Demand] -- -- (CTAUDFX.DLL)
DRV - File not found [Kernel | On_Demand] -- -- (CT20XUT.DLL)
DRV - File not found [Kernel | On_Demand] -- -- (COMMONFX.DLL)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | On_Demand] -- -- (AEAudio)
DRV - File not found [Kernel | On_Demand] -- -- (ADIHdAudAddService)
DRV - File not found [Kernel | On_Demand] -- -- (ADIDTSFiltService)
DRV - [2010/05/27 08:38:28 | 000,038,856 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | System] -- C:\WINDOWS\system32\drivers\ImmunetProtect.sys -- (ImmunetProtectDriver)
DRV - [2010/05/27 08:38:28 | 000,029,640 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | System] -- C:\WINDOWS\system32\drivers\ImmunetSelfProtect.sys -- (ImmunetSelfProtectDriver)
DRV - [2010/05/27 08:38:28 | 000,020,040 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | System] -- C:\WINDOWS\system32\drivers\ImmunetMonitor.sys -- (ImmunetMonitorDriver)
DRV - [2010/05/23 11:55:52 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/23 11:55:31 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/05/23 11:55:31 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/10/07 04:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 04:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
DRV - [2009/10/07 04:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/06 20:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/08/27 10:06:32 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009/07/14 14:54:00 | 007,741,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/06/03 21:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/03 21:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/03 21:47:50 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/03 21:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/03 21:47:34 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/03 21:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/03 21:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/03 21:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/03 21:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/06/03 21:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/03 21:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/06/03 21:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/03 21:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/06/03 21:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2009/05/20 06:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/05/07 11:22:07 | 000,279,712 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/05/07 11:22:06 | 000,025,888 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/04/09 04:26:12 | 000,026,816 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\Perfect Uninstaller\sfilter.sys -- (sfilter)
DRV - [2009/04/09 04:26:06 | 000,011,840 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\Perfect Uninstaller\FDelFile.sys -- (FDelFile)
DRV - [2009/04/03 14:25:56 | 000,215,872 | ---- | M] (TrueCrypt Foundation) [Kernel | System] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2008/11/12 10:58:38 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2008/08/01 04:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 04:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/07/29 14:39:22 | 000,008,960 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bautopw.sys -- (bautopw)
DRV - [2008/07/26 09:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/04/13 16:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/02/16 05:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/02 18:16:57 | 000,611,064 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/01/22 12:23:20 | 000,006,912 | ---- | M] (NVidia Corp.) [Kernel | On_Demand] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2006/09/21 09:39:16 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006/09/13 18:01:40 | 000,076,160 | ---- | M] (Locktime Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\nltdi.sys -- (nltdi)
DRV - [2006/06/01 08:15:20 | 000,509,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\xnacc.sys -- (xnacc)
DRV - [2006/01/10 04:50:20 | 000,024,576 | R--- | M] () [Kernel | System] -- C:\WINDOWS\system32\AsIO.dll -- (AsIO)
DRV - [2005/10/26 12:30:00 | 000,014,720 | ---- | M] (Creative Technology Pte Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CtUsbMs.sys -- (CtUsbMs)
DRV - [2005/04/20 05:53:00 | 000,458,208 | R--- | M] (SMC Networks, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SMCWPCIT.sys -- (SMCWPCIT)
DRV - [2005/03/09 15:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2004/12/01 12:55:32 | 000,022,488 | ---- | M] (IVT Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2004/11/05 06:39:08 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2004/10/19 08:40:56 | 000,028,207 | ---- | M] (IVT Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2004/10/19 08:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2004/10/19 06:39:26 | 000,020,096 | ---- | M] (IVT Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2004/09/21 13:18:02 | 000,011,604 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2004/09/21 13:15:34 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/04 01:05:44 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 17:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/04/21 11:51:00 | 000,016,384 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\wlanndi5.sys -- (wlanndi5)
DRV - [2002/04/11 06:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2001/08/17 07:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2001/07/13 08:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)
DRV - [2001/04/09 16:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\PenClass.sys -- (PenClass)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Faran_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\Faran_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.se/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.8
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..network.proxy.http: "83.252.14.87"
FF - prefs.js..network.proxy.http_port: 3128

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/05/23 11:55:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 04:04:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/13 06:33:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/04/23 15:22:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2008/02/10 03:13:01 | 000,000,000 | ---D | M]

[2008/09/02 10:30:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faran\Application Data\Mozilla\Extensions
[2010/05/23 05:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faran\Application Data\Mozilla\Firefox\Profiles\6six4qyi.default\extensions
[2007/02/02 18:32:47 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Faran\Application Data\Mozilla\Firefox\Profiles\6six4qyi.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/05/29 06:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faran\Application Data\Mozilla\Firefox\Profiles\ftb2ouaa.default\extensions
[2009/06/23 02:27:47 | 000,000,000 | ---D | M] (Media Converter) -- C:\Documents and Settings\Faran\Application Data\Mozilla\Firefox\Profiles\ftb2ouaa.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2010/05/27 09:21:21 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Faran\Application Data\Mozilla\Firefox\Profiles\ftb2ouaa.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/05/06 02:15:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Faran\Application Data\Mozilla\Firefox\Profiles\ftb2ouaa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/25 03:53:01 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Faran\Application Data\Mozilla\Firefox\Profiles\ftb2ouaa.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2008/09/03 04:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faran\Application Data\Mozilla\Firefox\Profiles\ftb2ouaa.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/05/29 06:03:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/13 06:33:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 11:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/14 13:54:26 | 000,001,470 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allaannonser-sv-SE.xml
[2007/11/03 03:09:33 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2007/11/03 03:09:33 | 000,001,077 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/14 13:54:26 | 000,002,670 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\prisjakt-sv-SE.xml
[2010/03/14 13:54:26 | 000,000,948 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\tyda-sv-SE.xml
[2010/03/14 13:54:26 | 000,001,174 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-sv-SE.xml
[2010/03/14 13:54:26 | 000,000,951 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-sv-SE.xml

O1 HOSTS File: ([2010/05/27 09:03:16 | 000,397,887 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: HP3D3422 HP001CC43D3422
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 13734 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Faran_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.16\AsRunHelp.exe ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [Immunet Protect] C:\Program Files\ClamAV for Windows\1.0.26\iptray.exe (Sourcefire, Inc.)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [POINTER] File not found
O4 - HKLM..\Run: [VoddlerNet Manager] C:\Program Files\Voddler\service\VNetManager.exe ()
O4 - HKU\Faran_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\Faran_ON_C..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = X:\I386\SYSTEM32\WTablet\TabUserW.exe File not found
O4 - Startup: C:\Documents and Settings\Faran\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Faran\Start Menu\Programs\Startup\Shortcut to G6FTPSrv.lnk = N:\Downloads\G6 FTP Server\G6FTPSrv.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Faran_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Faran_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xportera till Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} https://horizons.eu.istaria.com/controls/launcher.ocx (Launcher Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15110/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: L:\Spel\Bethesda Softworks\Oblivion\ScreenShot2.bmp
O24 - Desktop BackupWallPaper: L:\Spel\Bethesda Softworks\Oblivion\ScreenShot2.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/02 22:10:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{8752ce9c-a90f-11dd-9b2c-001a9242d44b}\Shell - "" = AutoRun
O33 - MountPoints2\{8752ce9c-a90f-11dd-9b2c-001a9242d44b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8752ce9c-a90f-11dd-9b2c-001a9242d44b}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b2f2ff28-16fd-11de-8dd8-001a9242d44b}\Shell - "" = AutoRun
O33 - MountPoints2\{b2f2ff28-16fd-11de-8dd8-001a9242d44b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\OblivionLauncher.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/09 14:25:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/07/09 14:22:28 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2010/07/09 14:22:28 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2010/07/09 14:22:28 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2010/07/09 14:22:27 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2010/07/09 14:22:27 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2010/07/09 14:22:27 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2010/07/09 14:22:27 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2010/07/09 14:22:26 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2010/07/09 14:22:26 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2010/07/09 14:22:26 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2010/07/09 14:22:20 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2010/07/09 14:22:19 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2010/07/09 14:22:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2010/07/09 14:22:18 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2010/07/09 14:22:18 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2010/07/09 14:22:18 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2010/07/09 14:22:18 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2010/07/09 14:22:18 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2010/07/09 14:22:18 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2010/07/09 14:22:18 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2010/07/09 14:22:18 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2010/07/09 14:22:16 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2010/07/09 14:22:16 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2010/07/09 14:22:16 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2010/07/09 14:22:16 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2010/07/09 14:22:15 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2010/07/09 14:22:14 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2010/07/09 14:22:14 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2010/07/09 14:22:13 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2010/07/09 14:22:13 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2010/07/09 14:22:13 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2010/07/09 14:22:13 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2010/07/09 14:22:13 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2010/07/09 14:22:13 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2010/07/09 14:22:13 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2010/07/09 14:22:13 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2010/07/09 14:22:13 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2010/07/09 14:22:13 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2010/07/09 14:22:12 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2010/07/09 14:22:12 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2010/07/09 14:22:12 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2010/07/09 14:22:12 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2010/07/09 14:22:12 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2010/07/09 14:22:12 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2010/07/09 14:22:12 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2010/07/09 14:22:12 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2010/07/09 14:22:12 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2010/07/09 14:22:12 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2010/07/09 14:22:12 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpapi.dll
[2010/07/09 14:22:12 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2010/07/09 14:22:12 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2010/07/09 14:22:11 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2010/07/09 14:22:11 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2010/07/09 14:22:11 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2010/07/09 14:22:11 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2010/07/09 14:22:11 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2010/07/09 14:22:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2010/07/09 14:22:06 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seo.dll
[2010/07/09 14:22:06 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2010/07/09 14:22:06 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2010/07/09 14:22:05 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/07/09 14:22:05 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/07/09 14:22:05 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/07/09 14:22:05 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2010/07/09 14:22:05 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwnh.dll
[2010/07/09 14:22:04 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2010/07/09 14:22:03 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2010/07/09 14:22:03 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2010/07/09 14:22:02 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2010/07/09 14:22:02 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2010/07/09 14:22:01 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2010/07/09 14:22:01 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2010/07/09 14:22:00 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2010/07/09 14:22:00 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2010/07/09 14:22:00 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2010/07/09 14:22:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2010/07/09 14:21:59 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2010/07/09 14:21:59 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2010/07/09 14:21:59 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2010/07/09 14:21:58 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2010/07/09 14:21:58 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2010/07/09 14:21:58 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2010/07/09 14:21:55 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2010/07/09 14:21:55 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2010/07/09 14:21:55 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2010/07/09 14:21:52 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2010/07/09 14:21:51 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2010/07/09 14:21:48 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2010/07/09 14:21:48 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2010/07/09 14:21:42 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2010/07/09 14:21:42 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2010/07/09 14:21:42 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2010/07/09 14:21:42 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2010/07/09 14:21:41 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2010/07/09 14:21:41 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2010/07/09 14:21:41 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2010/07/09 14:21:40 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2010/07/09 14:21:40 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2010/07/09 14:21:40 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2010/07/09 14:21:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2010/07/09 14:21:39 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2010/07/09 14:21:37 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2010/07/09 14:21:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2010/07/09 14:21:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2010/07/09 14:21:36 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2010/07/09 14:21:36 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2010/07/09 14:21:36 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2010/07/09 14:21:36 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2010/07/09 14:21:36 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2010/07/09 14:21:36 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2010/07/09 14:21:36 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2010/07/09 14:21:36 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2010/07/09 14:21:36 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2010/07/09 14:21:36 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2010/07/09 14:21:36 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2010/07/09 14:21:36 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2010/07/09 14:21:36 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2010/07/09 14:21:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2010/07/09 14:21:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2010/07/09 14:21:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2010/07/09 14:21:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2010/07/09 14:21:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2010/07/09 14:21:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2010/07/09 14:21:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2010/07/09 14:21:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2010/07/09 14:21:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2010/07/09 14:21:35 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2010/07/09 14:21:34 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2010/07/09 14:21:34 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2010/07/09 14:21:34 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2010/07/09 14:21:34 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2010/07/09 14:21:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2010/07/09 14:21:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2010/07/09 14:21:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2010/07/09 14:21:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2010/07/09 14:21:34 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2010/07/09 14:21:34 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2010/07/09 14:21:32 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2010/07/09 14:21:32 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2010/07/09 14:21:32 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2010/07/09 14:21:32 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2010/07/09 14:21:31 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2010/07/09 14:21:31 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2010/07/09 14:21:30 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2010/07/09 14:21:30 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2010/07/09 14:21:29 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2010/07/09 14:21:29 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2010/07/09 14:21:29 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2010/07/09 14:21:29 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2010/07/09 14:21:28 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2010/07/09 14:21:28 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2010/07/09 14:21:28 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2010/07/09 14:21:28 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2010/07/09 14:21:28 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2010/07/09 14:21:28 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2010/07/09 14:21:28 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2010/07/09 14:21:25 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2010/07/09 14:21:18 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2010/07/09 14:21:18 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2010/07/09 14:21:18 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2010/07/09 14:21:18 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2010/07/09 14:21:16 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2010/07/09 14:21:15 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2010/07/09 14:21:15 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2010/07/09 14:21:14 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2010/07/09 14:21:14 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2010/07/09 14:21:13 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2010/07/09 14:21:13 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2010/07/09 14:21:13 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2010/07/09 14:21:13 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2010/07/09 14:21:13 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2010/07/09 14:21:13 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2010/07/09 14:21:13 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2010/07/09 14:21:13 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2010/07/09 14:21:13 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2010/07/09 14:21:13 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2010/07/09 14:21:13 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2010/07/09 14:21:13 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2010/07/09 14:21:13 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2010/07/09 14:21:13 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2010/07/09 14:21:13 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2010/07/09 14:21:12 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2010/07/09 14:21:12 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2010/07/09 14:21:12 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2010/07/09 14:21:12 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2010/07/09 14:21:12 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2010/07/09 14:21:12 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2010/07/09 14:21:12 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2010/07/09 14:21:12 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2010/07/09 14:21:12 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2010/07/09 14:21:11 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2010/07/09 14:21:11 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2010/07/09 14:21:11 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2010/07/09 14:21:10 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2010/07/09 14:21:10 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2010/07/09 14:21:10 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2010/07/09 14:21:10 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2010/07/09 14:21:10 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2010/07/09 14:21:09 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010/07/09 14:21:09 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010/07/09 14:21:09 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010/07/09 14:21:09 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2010/07/09 14:21:03 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2010/07/09 14:21:02 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2010/07/09 14:21:02 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2010/07/09 14:21:01 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2010/07/09 14:21:01 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2010/07/09 14:21:00 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2010/07/09 14:20:59 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2010/07/09 14:20:59 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2010/07/09 14:20:59 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2010/07/09 14:20:59 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2010/07/09 14:20:59 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2010/07/09 14:20:58 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2010/07/09 14:20:58 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2010/07/09 14:20:58 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2010/07/09 14:20:58 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2010/07/09 14:20:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2010/07/09 14:20:58 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2010/07/09 14:20:56 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/07/09 14:20:56 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2010/07/09 14:20:56 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2010/07/09 14:20:51 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2010/07/09 14:20:50 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2010/07/09 14:20:42 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2010/07/09 14:20:42 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2010/07/09 14:20:42 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2010/07/09 14:20:42 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2010/07/09 14:20:42 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2010/07/09 14:20:41 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2010/07/09 14:20:40 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2010/07/09 14:20:40 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2010/07/09 14:20:35 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2010/07/09 14:20:35 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2010/07/09 14:20:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2010/07/09 14:20:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2010/07/09 14:20:30 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2010/07/09 14:20:30 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2010/07/09 14:20:30 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2010/07/09 14:20:30 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2010/07/09 14:20:29 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpadm.dll
[2010/07/09 14:20:29 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2010/07/09 14:20:29 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2010/07/09 14:20:25 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2010/07/09 14:20:24 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2010/07/09 14:20:24 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2010/07/09 14:20:24 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2010/07/09 14:20:24 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2010/07/09 14:20:24 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2010/07/09 14:20:24 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2010/07/09 14:20:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2010/07/09 14:20:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2010/07/09 14:20:24 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2010/07/09 14:20:24 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2010/07/09 14:20:23 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2010/07/09 14:20:23 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2010/07/09 14:20:23 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2010/07/09 14:20:23 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2010/07/09 14:20:23 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2010/07/09 14:20:23 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2010/07/09 14:20:23 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2010/07/09 14:20:23 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2010/07/09 14:20:23 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2010/07/09 14:20:22 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2010/07/09 14:20:22 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2010/07/09 14:20:22 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2010/07/09 14:20:22 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2010/07/09 14:20:22 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2010/07/09 14:20:22 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2010/07/09 14:20:22 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2010/07/09 14:20:22 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2010/07/09 14:20:22 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2010/07/09 14:20:22 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2010/07/09 14:20:21 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2010/07/09 14:20:21 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2010/07/09 14:20:21 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2010/07/09 14:20:21 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2010/07/09 14:20:20 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2010/07/09 14:20:20 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2010/07/09 14:20:20 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2010/07/09 14:20:20 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2010/07/09 14:20:20 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2010/07/09 14:20:20 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2010/07/09 14:20:19 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2010/07/09 14:18:32 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2010/07/09 14:18:32 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2010/07/09 14:18:32 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll
[2010/07/09 14:18:32 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2010/07/09 14:18:10 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabimp.dll
[2010/07/09 14:18:10 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/07/09 14:18:10 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabfind.dll
[2010/07/09 14:18:10 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabmig.exe
[2010/07/09 14:18:09 | 002,479,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoeres.dll
[2010/07/09 14:18:09 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oeimport.dll
[2010/07/09 14:18:09 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup50.exe
[2010/07/09 14:18:09 | 000,060,416 | --S- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msimn.exe
[2010/07/09 14:18:09 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemig50.exe
[2010/07/09 14:18:09 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemiglib.dll
[2010/07/09 14:18:07 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn1.exe
[2010/07/09 14:18:07 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwhelp.dll
[2010/07/09 14:18:07 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn2.exe
[2010/07/09 14:18:07 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn.dll
[2010/07/09 14:18:07 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwutil.dll
[2010/07/09 14:18:07 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdl.dll
[2010/07/09 14:18:07 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwrmind.exe
[2010/07/09 14:18:07 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetwiz.exe
[2010/07/09 14:17:59 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hmmapi.dll
[2010/07/09 14:17:58 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2010/07/09 14:17:58 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedw.exe
[2010/07/09 10:46:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/07/09 10:41:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2010/07/09 10:41:39 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010/07/09 10:41:39 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2010/07/09 10:41:39 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010/07/09 10:41:39 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2010/07/09 09:20:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\tmp
[2010/06/29 06:25:40 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/06/21 10:28:03 | 000,552,960 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2010/06/12 10:52:44 | 000,000,000 | ---D | C] -- C:\_OTL
[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/09 14:54:30 | 001,572,864 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/07/09 14:54:30 | 001,572,864 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/07/09 14:54:30 | 000,054,568 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000007-00001102-00000005-002C1102}.rfx
[2010/07/09 14:54:30 | 000,054,568 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000007-00001102-00000005-002C1102}.rfx
[2010/07/09 14:54:30 | 000,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000007-00001102-00000005-002C1102}.rfx
[2010/07/09 14:54:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/09 14:54:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/09 14:54:07 | 018,087,936 | -H-- | M] () -- C:\Documents and Settings\Faran\NTUSER.DAT
[2010/07/09 14:54:07 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Faran\ntuser.ini
[2010/07/09 14:30:33 | 000,239,007 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/07/09 14:29:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/09 14:27:37 | 000,541,738 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/09 14:27:37 | 000,457,090 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/09 14:27:37 | 000,074,618 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/09 14:25:51 | 000,021,032 | ---- | M] () -- C:\Documents and Settings\Faran\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/09 14:25:22 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/07/09 14:24:45 | 000,134,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/09 14:24:40 | 001,214,705 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2010/07/09 14:23:11 | 000,000,287 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/07/09 14:20:05 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/07/09 14:20:04 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/07/09 14:20:04 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/09 14:19:51 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/09 14:18:58 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/07/09 14:18:58 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/07/09 14:18:52 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/07/09 14:18:52 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/07/09 14:18:52 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/07/09 14:18:52 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/07/09 14:18:52 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/07/09 14:18:52 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/07/09 14:18:38 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/09 14:17:16 | 000,023,348 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/09 14:15:33 | 000,000,282 | -HS- | M] () -- C:\boot.ini
[2010/07/09 14:14:49 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/09 13:38:48 | 000,001,326 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/09 10:41:58 | 002,005,724 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/07/09 09:04:22 | 000,542,127 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/07/09 08:35:16 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/09 14:22:36 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/07/09 14:22:00 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/07/09 14:22:00 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/07/09 14:21:38 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/07/09 14:21:37 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/07/09 14:21:31 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/07/09 14:21:29 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/07/09 14:21:15 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/07/09 14:21:11 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/07/09 14:20:59 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/07/09 14:20:55 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/07/09 14:20:55 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/07/09 14:20:55 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/07/09 14:20:55 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/07/09 14:20:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/07/09 14:20:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/07/09 14:20:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/07/09 14:20:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/07/09 14:20:54 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/07/09 14:20:54 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/07/09 14:20:54 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/07/09 14:20:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/07/09 14:20:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/07/09 14:20:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/07/09 14:20:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/07/09 14:20:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/07/09 14:20:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/07/09 14:20:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/07/09 14:20:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/07/09 14:20:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/07/09 14:20:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/07/09 14:20:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/07/09 14:20:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/07/09 14:20:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/07/09 14:20:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/07/09 14:20:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/07/09 14:20:53 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/07/09 14:20:53 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/07/09 14:20:53 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/07/09 14:20:53 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/07/09 14:20:53 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/07/09 14:20:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/07/09 14:20:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/07/09 14:20:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/07/09 14:20:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/07/09 14:20:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/07/09 14:20:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/07/09 14:20:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/07/09 14:20:52 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/07/09 14:20:52 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/07/09 14:20:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/07/09 14:20:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/07/09 14:20:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/07/09 14:20:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/07/09 14:20:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/07/09 14:20:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/07/09 14:20:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/07/09 14:20:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/07/09 14:20:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/07/09 14:20:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/07/09 14:20:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/07/09 14:20:51 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/07/09 14:20:51 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/07/09 14:20:51 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/07/09 14:20:51 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/07/09 14:20:51 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/07/09 14:20:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/07/09 14:20:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/07/09 14:20:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/07/09 14:20:50 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/07/09 14:18:58 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/07/09 14:18:52 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/07/09 14:18:52 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/07/09 14:18:52 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/07/09 14:18:52 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/07/09 14:18:52 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/07/09 10:41:26 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/07/09 10:41:26 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/07/09 10:41:26 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/07/09 10:41:26 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/07/09 10:41:26 | 000,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/07/09 10:41:26 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/07/09 10:41:26 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/07/09 10:41:26 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/07/09 10:41:26 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/07/09 10:41:26 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/07/09 10:41:26 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/07/09 10:41:26 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/07/09 10:41:26 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/07/09 10:41:26 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/07/09 10:41:26 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/07/09 10:41:26 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/07/09 10:41:26 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/07/09 10:41:25 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/07/09 10:41:25 | 000,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/05/28 14:21:07 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\Faran\defogger_reenable
[2010/05/22 21:20:24 | 000,000,095 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/10/27 19:04:59 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Faran\.recently-used.xbel
[2009/10/24 19:49:41 | 000,061,144 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/10/06 20:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/06 20:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/06/04 06:30:58 | 000,006,979 | ---- | C] () -- C:\WINDOWS\UN080616.INI
[2009/06/03 20:37:08 | 000,021,093 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009/06/03 20:37:06 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/06/03 19:55:20 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2009/06/03 19:55:20 | 000,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2009/05/27 04:49:00 | 000,000,285 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2009/05/18 08:24:05 | 000,026,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfilter.sys
[2009/05/18 08:24:05 | 000,011,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\FDelFile.sys
[2009/05/07 11:22:07 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/05/07 11:22:06 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/04/30 17:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/04/11 08:21:03 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2009/03/01 06:03:51 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
[2009/02/19 14:18:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI
[2009/02/06 04:08:28 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Faran\Local Settings\Application Data\PUTTY.RND
[2008/11/25 07:18:15 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS
[2008/11/25 07:18:15 | 000,000,543 | ---- | C] () -- C:\WINDOWS\SWISV3.INI
[2008/11/25 07:18:14 | 000,000,287 | ---- | C] () -- C:\WINDOWS\SKNIFE.INI
[2008/11/25 07:17:37 | 000,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI
[2008/10/07 03:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 03:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/08/28 17:54:48 | 000,000,769 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008/08/28 17:16:21 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2008/02/10 13:32:55 | 000,001,918 | ---- | C] () -- C:\WINDOWS\scummvm.ini
[2008/01/05 08:15:00 | 000,000,374 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/12/09 08:37:45 | 002,118,370 | ---- | C] () -- C:\Documents and Settings\Faran\ProductContextC5100.log
[2007/12/09 08:37:29 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Faran\Local Settings\Application Data\fusioncache.dat
[2007/12/09 08:28:27 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/12/09 08:28:13 | 000,000,168 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/11/18 05:22:56 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Faran\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/10 06:40:16 | 000,002,763 | ---- | C] () -- C:\Documents and Settings\Faran\info.dat
[2007/08/28 17:11:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\wgsrvins.dll
[2007/06/23 13:46:05 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/06/23 13:46:05 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/05/17 05:37:11 | 000,000,377 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/04/16 10:48:05 | 000,001,836 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/04/12 17:44:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/04/12 17:44:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/04/12 17:44:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/04/12 17:44:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/04/12 17:44:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/03/27 12:46:48 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/03/27 12:46:48 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/03/03 16:22:49 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/02/24 15:46:38 | 000,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2007/02/24 15:46:38 | 000,011,604 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2007/02/23 00:29:56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/02/14 16:54:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2007/02/07 11:42:31 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/02/03 09:53:08 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2007/02/03 09:52:35 | 000,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2007/02/03 09:52:35 | 000,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2007/02/03 07:00:15 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/02/02 23:58:36 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2007/02/02 22:31:09 | 000,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2007/02/02 22:31:09 | 000,000,400 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2007/02/02 22:30:27 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/02/02 22:30:20 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/02/02 22:29:33 | 000,020,480 | -H-- | C] () -- C:\Documents and Settings\Faran\ntuser.dat.LOG
[2007/02/02 22:29:33 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Faran\ntuser.ini
[2007/02/02 22:29:32 | 018,087,936 | -H-- | C] () -- C:\Documents and Settings\Faran\NTUSER.DAT
[2007/02/02 22:27:04 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2007/02/02 22:27:03 | 001,572,864 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2007/02/02 22:27:03 | 001,572,864 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2007/02/02 22:27:03 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2007/02/02 22:27:03 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2007/02/02 22:27:03 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2007/02/02 19:40:59 | 000,001,414 | ---- | C] () -- C:\WINDOWS\WORDFIND.INI
[2007/02/02 18:40:16 | 000,000,084 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007/01/09 19:59:52 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2006/12/12 12:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2005/10/22 20:55:02 | 000,000,705 | ---- | C] () -- C:\WINDOWS\GBAMedia.ini
[2004/12/10 08:35:06 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\frapsvid.dll
[2004/08/04 00:56:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/07/17 11:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/04/26 19:29:58 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2004/04/26 19:29:58 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2002/04/11 06:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2001/07/06 22:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/05/27 13:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faran\Application Data\.purple
[2009/05/07 11:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faran\Application Data\Atari
[2010/05/22 19:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faran\Application Data\Azureus
[2007/10/07 16:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faran\Application Data\Bioshock
[2009/12/21 17:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faran\Application Data\gtk-2.0
[2007/07/21 15:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faran\Application Data\ImgBurn
[2008/09/15 12:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faran\Application Data\Leadertech
[2007/04/12 18:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faran\Application Data\Locktime
[2009/03/12 14:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faran\Application Data\Miranda
[2009/04/25 16:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faran\Application Data\OneSwarm
[2010/05/21 17:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faran\Application Data\onOne Software
[2007/02/10 10:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faran\Application Data\Propellerhead Software
[2007/04/06 15:31:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faran\Application Data\Publish Providers
[2009/05/18 04:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faran\Application Data\ScummVM
[2009/05/25 08:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faran\Application Data\simon4
[2007/04/07 15:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faran\Application Data\Sony
[2010/05/29 07:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faran\Application Data\SPORE Creature Creator
[2007/02/04 06:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faran\Application Data\Thunderbird
[2009/05/16 05:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faran\Application Data\TrueCrypt
[2010/05/29 07:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faran\Application Data\uTorrent
[2010/07/09 14:25:22 | 000,000,374 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job

========== Purity Check ==========


< End of report >


#45 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:30 PM

Posted 11 July 2010 - 10:27 AM

My fault, sorry, I meant this here running in normal windows smile.gif

  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemdrive%\*.sys /90 /md5
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users