Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible new rootkit??


  • This topic is locked This topic is locked
24 replies to this topic

#1 DSR13

DSR13

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 06 June 2010 - 08:25 AM

I am in need of help.
OS is Windows XP "home" with SP3 installed. This is off a fresh install, and whatever it is keeps comming back.
I have tried to wipe the drive with killdisk (it says 3 illegal partitions, but it wipes it "clean" except for 0H-67H)
Also with DBAM, but get a kernel error. When using the Windows CD, now I have one option NTFS. I have "formatted" using recovery consule and also the easy way.
The files installed on C: are NTLDR and NTDetect.com, all others show -d, in the C:\ are clock.avi and explorer.exe twunk and twain, all others show 0 and -d.

I did a online scan yesterday, using eset, found 2 applications win32/PrcView and win32/Shutdown.NAA and then said numerous threats, it did not complete as when scanning memory it froze up, now when I try, it scans in 10 seconds, and it did find a ecir (?) test.

Norman anti malware found a win32/trojan dropper and a avi rebooter

Panda Cloud will not install due to lack of disk space, I have a 80 g HD and only 3 gigs are used.

This is after I downloaded Microsoft Security Essentials, and it would not install (said I needed to download another installer)
and service pack 3 (stand alone)

I had updates turned off, but it downloaded and installed 69 after SP3

I know that I have mass NT files that are in the dll_cache, most exe, and one that digitally signs, windows movie maker copies the hard drive every 15 minutes. I now have numerous security rules that I did not put in, they just appear, as well as remote registry, and when I attempt to change settings they revert back. System restore will not turn off.

MBAM will not install, says MBAM_ERROR_Enumerate_Lang (3,0), RKill BSOD right away, GMER ".ugldrkod.sys" error 0xc000003a

I can go on, bottom line, I need help, and this has gone on for over a month.

Not sure what, but I do have ESET installed, in the past all anti-virus/malware were set to 0 and just ran in a loop, it also has microsoft as untrusted.

I did contact Microsoft Security, the guy who is not from the US, told me to reformat my hard drive :-)

I am a disabled American Vet, and need to be able to use my computer, thank you.

Attached Files


Edited by DSR13, 06 June 2010 - 08:31 AM.


BC AdBot (Login to Remove)

 


#2 DSR13

DSR13
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 06 June 2010 - 11:27 AM

I am going to enclose these logs, as I am going to be away for the better part of the day.

I understand that no one has asked, and I am hoping that someone will help.

OTL logfile created on: 6/6/2010 8:53:26 AM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 266.00 Mb Available Physical Memory | 53.00% Memory free
872.00 Mb Paging File | 595.00 Mb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 400 750 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 70.69 Gb Free Space | 94.86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WHITE-0983WS
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/06 07:34:28 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/03/24 20:31:50 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\1239\1239 Smart Security\ekrn.exe
PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/06/06 07:34:28 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (All) ==========

SRV - [2010/03/24 20:39:48 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\1239\1239 Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/03/24 20:31:50 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\1239\1239 Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/06/09 22:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
SRV - [2009/02/09 04:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs) Remote Procedure Call (RPC)
SRV - [2009/02/09 04:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (DcomLaunch)
SRV - [2009/02/06 03:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2009/02/06 03:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/07/07 12:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\es.dll -- (EventSystem)
SRV - [2008/06/20 09:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla) Network Location Awareness (NLA)
SRV - [2008/04/14 05:42:42 | 000,126,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv)
SRV - [2008/04/14 05:42:40 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 05:42:40 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ups.exe -- (UPS)
SRV - [2008/04/14 05:42:38 | 000,057,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\svchost.exe -- (HidServ)
SRV - [2008/04/14 05:42:36 | 000,141,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr)
SRV - [2008/04/14 05:42:36 | 000,089,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog)
SRV - [2008/04/14 05:42:34 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr)
SRV - [2008/04/14 05:42:30 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/14 05:42:30 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/14 05:42:30 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 05:42:28 | 000,006,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\msdtc.exe -- (MSDTC)
SRV - [2008/04/14 05:42:26 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\locator.exe -- (RpcLocator) Remote Procedure Call (RPC)
SRV - [2008/04/14 05:42:26 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (NtLmSsp)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 05:42:24 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 05:42:18 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 05:42:18 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 05:42:18 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (COMSysApp)
SRV - [2008/04/14 05:42:16 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008/04/14 05:42:16 | 000,005,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - [2008/04/14 05:42:14 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 05:42:12 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2008/04/14 05:42:12 | 000,129,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\xmlprov.dll -- (xmlprov)
SRV - [2008/04/14 05:42:12 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2008/04/14 05:42:12 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 05:42:10 | 000,333,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc) Windows Image Acquisition (WIA)
SRV - [2008/04/14 05:42:10 | 000,185,856 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\upnphost.dll -- (upnphost)
SRV - [2008/04/14 05:42:10 | 000,175,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\w32time.dll -- (W32Time)
SRV - [2008/04/14 05:42:10 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2008/04/14 05:42:10 | 000,068,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\webclnt.dll -- (WebClient)
SRV - [2008/04/14 05:42:10 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/14 05:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2008/04/14 05:42:08 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 05:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 05:42:08 | 000,090,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\trkwks.dll -- (TrkWks)
SRV - [2008/04/14 05:42:08 | 000,071,680 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2008/04/14 05:42:06 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 05:42:06 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 05:42:06 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 05:42:06 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 05:42:06 | 000,039,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\sens.dll -- (SENS)
SRV - [2008/04/14 05:42:06 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2008/04/14 05:42:04 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qagentrt.dll -- (napagent)
SRV - [2008/04/14 05:42:04 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2008/04/14 05:42:04 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 05:42:04 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/04/14 05:42:02 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/04/14 05:42:02 | 000,052,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mspmsnsv.dll -- (WmdmPmSN)
SRV - [2008/04/14 05:42:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/14 05:41:58 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\kmsvc.dll -- (hkmsvc)
SRV - [2008/04/14 05:41:58 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/14 05:41:58 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 05:41:56 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS)
SRV - [2008/04/14 05:41:54 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 05:41:54 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/04/14 05:41:54 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2008/04/14 05:41:54 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 05:41:54 | 000,023,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ersvc.dll -- (ERSvc)
SRV - [2008/04/14 05:41:52 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2008/04/14 05:41:52 | 000,077,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 05:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 05:41:52 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 05:41:50 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2004/08/04 04:00:00 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsvp.exe -- (RSVP)


========== Driver Services (SafeList) ==========

DRV - [2010/03/24 20:33:50 | 000,055,232 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010/03/24 20:33:50 | 000,032,584 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010/03/24 20:33:46 | 000,134,488 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010/03/24 20:31:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/03/24 20:23:52 | 000,139,192 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2008/04/14 05:41:54 | 000,104,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\dmusic.dll -- (DMusic)
DRV - [2004/08/03 14:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.majorgeeks.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/06/06 05:12:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1275794589679 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/28 21:37:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/06 08:38:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\E.tmp
[2010/06/06 07:49:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/06 07:49:26 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/06/06 07:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/06/06 07:40:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/06 07:40:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/06 07:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/06 07:40:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/06 07:34:27 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/06/06 06:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/06/06 05:23:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/06 05:14:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/06/06 05:06:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/06 04:37:12 | 000,000,000 | ---D | C] -- C:\Program Files\azukal
[2010/06/06 03:17:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/06/05 19:59:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ESET
[2010/06/05 19:50:50 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/06/05 19:49:13 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/06/05 19:48:21 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/06/05 19:44:58 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/06/05 19:44:55 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/06/05 19:44:03 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/06/05 19:30:02 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2010/06/05 19:29:56 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/06/05 19:29:54 | 002,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/06/05 19:29:50 | 002,024,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/06/05 19:27:49 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2010/06/05 19:27:38 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2010/06/05 19:27:23 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2010/06/05 19:25:30 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/06/05 19:25:23 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2010/06/05 19:24:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/06/05 19:24:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/06/05 19:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/06/05 19:22:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/06/05 19:22:19 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Owner\UserData
[2010/06/05 19:21:18 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/06/05 19:16:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PCHealth
[2010/06/05 19:09:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ESET
[2010/06/05 19:09:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ESET
[2010/06/05 19:08:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2010/06/05 19:04:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/06/05 19:04:32 | 000,000,000 | ---D | C] -- C:\Program Files\1239
[2010/06/05 18:18:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/06/05 18:16:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/06/05 16:07:16 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2010/06/05 16:07:16 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2010/06/05 16:07:16 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2010/06/05 16:07:14 | 001,001,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmvdmoe2.dll
[2010/06/05 16:07:14 | 000,897,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmspdmoe.dll
[2010/06/05 16:07:14 | 000,485,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmspdmod.dll
[2010/06/05 16:07:13 | 004,874,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmp.dll
[2010/06/05 16:07:13 | 001,119,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdmoe2.dll
[2010/06/05 16:07:13 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpdxm.dll
[2010/06/05 16:07:13 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2010/06/05 16:07:13 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmerror.dll
[2010/06/05 16:07:13 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmidx.dll
[2010/06/05 16:07:13 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpasf.dll
[2010/06/05 16:07:13 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpband.dll
[2010/06/05 16:07:12 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2010/06/05 16:07:12 | 000,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2010/06/05 16:07:12 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspmsnsv.dll
[2010/06/05 16:07:11 | 000,786,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migrate.exe
[2010/06/05 16:07:11 | 000,384,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp4sdmod.dll
[2010/06/05 16:07:11 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpvis.dll
[2010/06/05 16:07:11 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp43dmod.dll
[2010/06/05 16:07:11 | 000,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2010/06/05 16:07:11 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll
[2010/06/05 16:07:04 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2010/06/05 16:07:04 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2010/06/05 16:07:04 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2010/06/05 16:07:04 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2010/06/05 16:07:04 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2010/06/05 16:07:03 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2010/06/05 16:07:03 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2010/06/05 16:07:03 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2010/06/05 16:07:03 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2010/06/05 16:07:03 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2010/06/05 16:07:03 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2010/06/05 16:07:03 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2010/06/05 16:07:03 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2010/06/05 16:07:03 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2010/06/05 16:07:03 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2010/06/05 16:07:03 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2010/06/05 16:07:03 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2010/06/05 16:07:03 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2010/06/05 16:07:03 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2010/06/05 16:07:02 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2010/06/05 16:07:02 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2010/06/05 16:07:02 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2010/06/05 16:07:02 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2010/06/05 16:07:02 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2010/06/05 16:07:02 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2010/06/05 16:07:02 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2010/06/05 16:07:02 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2010/06/05 16:07:02 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2010/06/05 16:07:01 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2010/06/05 16:07:01 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2010/06/05 16:07:01 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2010/06/05 16:07:01 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2010/06/05 16:07:01 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2010/06/05 16:07:01 | 000,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2010/06/05 16:07:01 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2010/06/05 16:07:01 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2010/06/05 16:07:01 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2010/06/05 16:07:01 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2010/06/05 16:07:01 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinmal.dll
[2010/06/05 16:07:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2010/06/05 16:07:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2010/06/05 16:07:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2010/06/05 16:07:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinben.dll
[2010/06/05 16:07:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinbe1.dll
[2010/06/05 16:07:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2010/06/05 16:07:00 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2010/06/05 16:07:00 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2010/06/05 16:07:00 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2010/06/05 16:07:00 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2010/06/05 16:07:00 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2010/06/05 16:07:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2010/06/05 16:07:00 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2010/06/05 16:07:00 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2010/06/05 16:07:00 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2010/06/05 16:07:00 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2010/06/05 16:07:00 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2010/06/05 16:07:00 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2010/06/05 16:06:59 | 000,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2010/06/05 16:06:59 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2010/06/05 16:06:59 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2010/06/05 16:06:59 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2010/06/05 16:06:59 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2010/06/05 16:06:59 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2010/06/05 16:06:59 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2010/06/05 16:06:59 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2010/06/05 16:06:59 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2010/06/05 16:06:59 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2010/06/05 16:06:59 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2010/06/05 16:06:59 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2010/06/05 16:06:56 | 000,689,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll
[2010/06/05 16:06:56 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2010/06/05 16:06:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/06/05 16:06:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010/06/05 16:06:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/06/05 16:06:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/06/05 16:06:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/06/05 16:04:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/06/05 16:04:38 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe
[2010/06/05 16:04:38 | 000,695,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmv2clt.dll
[2010/06/05 16:04:38 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmadmoe.dll
[2010/06/05 16:04:38 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmadmod.dll
[2010/06/05 16:04:38 | 000,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2010/06/05 16:04:38 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msscp.dll
[2010/06/05 16:04:38 | 000,299,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmclien.dll
[2010/06/05 16:04:38 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2010/06/05 16:04:38 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\blackbox.dll
[2010/06/05 16:04:38 | 000,262,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpg4ds32.ax
[2010/06/05 16:04:38 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msnetobj.dll
[2010/06/05 16:04:38 | 000,247,326 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmdll.dll
[2010/06/05 16:04:38 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswmdm.dll
[2010/06/05 16:04:38 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpg4dmod.dll
[2010/06/05 16:04:38 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmasf.dll
[2010/06/05 16:04:38 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2010/06/05 16:04:38 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadds32.ax
[2010/06/05 16:04:38 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unregmp2.exe
[2010/06/05 16:04:38 | 000,201,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspmsp.dll
[2010/06/05 16:04:38 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cewmdm.dll
[2010/06/05 16:04:38 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shmedia.dll
[2010/06/05 16:04:38 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2010/06/05 16:04:38 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logagent.exe
[2010/06/05 16:04:38 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmstor.dll
[2010/06/05 16:04:38 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msscds32.ax
[2010/06/05 16:04:38 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2010/06/05 16:04:38 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asferror.dll
[2010/06/05 16:04:38 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\laprxy.dll
[2010/06/05 16:04:38 | 000,004,639 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2010/06/05 16:04:37 | 002,940,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmploc.dll
[2010/06/05 16:04:37 | 002,174,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WMVCore.dll
[2010/06/05 16:04:37 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WMNetmgr.dll
[2010/06/05 16:04:37 | 000,809,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmvdmod.dll
[2010/06/05 16:04:37 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdmod.dll
[2010/06/05 16:04:37 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmstream.dll
[2010/06/05 16:04:37 | 000,278,559 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmv8ds32.ax
[2010/06/05 16:04:37 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmvds32.ax
[2010/06/05 16:04:37 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdmoe.dll
[2010/06/05 16:04:37 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpshell.dll
[2010/06/05 16:04:37 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2010/06/05 16:04:37 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmdmlog.dll
[2010/06/05 16:04:37 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmdmps.dll
[2010/06/05 16:04:37 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpui.dll
[2010/06/05 16:04:37 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpcore.dll
[2010/06/05 16:04:37 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpcd.dll
[2010/06/05 16:04:37 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmp.ocx
[2010/06/05 16:02:46 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2010/06/05 16:02:46 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2010/06/05 16:02:46 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2010/06/05 16:02:46 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2010/06/05 16:02:46 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2010/06/05 16:02:46 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2010/06/05 16:02:46 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2010/06/05 16:02:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/06/05 16:02:45 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2010/06/05 16:02:45 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2010/06/05 16:02:45 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2010/06/05 16:02:45 | 000,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\drivers\amdagp.sys
[2010/06/05 16:02:45 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2010/06/05 16:02:45 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2010/06/05 16:02:45 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2010/06/05 16:02:45 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2010/06/05 16:02:45 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2010/06/05 16:02:45 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2010/06/05 16:02:45 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2010/06/05 16:02:45 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2010/06/05 16:02:44 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2010/06/05 16:02:44 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2010/06/05 16:02:44 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2010/06/05 16:02:44 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2010/06/05 16:02:44 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2010/06/05 16:02:44 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2010/06/05 16:02:44 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2010/06/05 16:02:44 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2010/06/05 16:02:44 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2010/06/05 16:02:44 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2010/06/05 16:02:44 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2010/06/05 16:02:44 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2010/06/05 16:02:44 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2010/06/05 16:02:44 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2010/06/05 16:02:44 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2010/06/05 16:02:44 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2010/06/05 16:02:44 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2010/06/05 16:02:44 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2010/06/05 16:02:43 | 000,144,384 | ---- | C] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\hdaudbus.sys
[2010/06/05 16:02:42 | 001,897,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2010/06/05 16:02:42 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2010/06/05 16:02:42 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2010/06/05 16:02:42 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2010/06/05 16:02:42 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2010/06/05 16:02:42 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2010/06/05 16:02:42 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2010/06/05 16:02:41 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2010/06/05 16:02:41 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2010/06/05 16:02:41 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2010/06/05 16:02:41 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2010/06/05 16:02:41 | 000,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\drivers\sisagp.sys
[2010/06/05 16:02:41 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2010/06/05 16:02:41 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2010/06/05 16:02:41 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2010/06/05 16:02:41 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2010/06/05 16:02:40 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2010/06/05 16:02:40 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2010/06/05 16:02:40 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2010/06/05 16:02:40 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2010/06/05 16:02:40 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2010/06/05 16:02:40 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2010/06/05 16:02:40 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2010/06/05 16:01:47 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/06/05 16:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/06/05 16:01:17 | 000,026,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2010/06/05 15:59:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/06/05 15:55:38 | 331,805,736 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe
[2010/06/05 15:44:51 | 010,196,424 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\windows-kb890830-v3.7.exe
[2010/06/05 14:26:58 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/06/05 14:14:11 | 011,862,896 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\mssefullinstall-x86fre-en-us-xp.exe
[2010/06/04 09:40:07 | 000,000,000 | ---D | C] -- C:\DoubleDe
[2010/06/04 09:30:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\maxdriver
[2010/06/04 08:42:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/01 08:52:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/06/01 08:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/05/29 08:52:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Identities
[2010/05/29 08:52:41 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/05/29 08:52:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Music
[2010/05/29 08:52:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Pictures
[2010/05/29 08:52:31 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Owner\Application Data\Microsoft
[2010/05/29 08:52:31 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Owner\Cookies
[2010/05/29 08:52:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\SendTo
[2010/05/29 08:52:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Application Data
[2010/05/29 08:52:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu
[2010/05/29 08:52:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents
[2010/05/29 08:52:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Favorites
[2010/05/29 08:52:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\Templates
[2010/05/29 08:52:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\PrintHood
[2010/05/29 08:52:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\NetHood
[2010/05/29 08:52:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\Local Settings
[2010/05/29 08:52:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft
[2010/05/29 08:52:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop
[2010/05/29 08:52:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/05/29 08:52:18 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/05/29 08:52:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/05/29 08:52:17 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/05/29 08:51:59 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/05/29 08:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/05/28 21:37:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/05/28 21:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/05/28 21:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/05/28 21:36:52 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2010/05/28 21:36:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/05/28 21:35:57 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/05/28 21:35:57 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/05/28 21:35:44 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010/05/28 21:35:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010/05/28 21:34:59 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2010/05/28 21:34:49 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2010/05/28 21:34:47 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2010/05/28 21:34:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/05/28 21:34:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2010/05/28 21:34:44 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/05/28 21:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/05/28 21:34:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/05/28 21:34:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/05/28 21:34:34 | 000,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2010/05/28 21:34:34 | 000,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2010/05/28 21:34:34 | 000,209,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2010/05/28 21:34:34 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2010/05/28 21:34:33 | 001,929,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2010/05/28 21:34:33 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2010/05/28 21:34:33 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2010/05/28 21:34:33 | 000,217,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2010/05/28 21:34:33 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2010/05/28 21:34:33 | 000,053,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2010/05/28 21:34:33 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2010/05/28 21:34:33 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2010/05/28 21:34:33 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2010/05/28 21:34:33 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2010/05/28 21:34:32 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2010/05/28 21:34:28 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010/05/28 21:34:23 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2010/05/28 21:34:23 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2010/05/28 21:34:23 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2010/05/28 21:34:23 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2010/05/28 21:34:19 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2010/05/28 21:34:19 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltmc.exe
[2010/05/28 21:34:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/05/28 21:34:18 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2010/05/28 21:34:18 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2010/05/28 21:34:17 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2010/05/28 21:34:17 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2010/05/28 21:34:17 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2010/05/28 21:34:14 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2010/05/28 21:34:14 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2010/05/28 21:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010/05/28 21:34:13 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2010/05/28 21:34:10 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2010/05/28 21:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010/05/28 21:34:09 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2010/05/28 21:34:09 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2010/05/28 21:34:09 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2010/05/28 21:34:09 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2010/05/28 21:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/05/28 21:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/05/28 21:33:46 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/05/28 21:33:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/05/28 21:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/05/28 21:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010/05/28 21:33:00 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/05/28 21:32:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2010/05/28 21:32:56 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2010/05/28 21:32:47 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2010/05/28 21:32:47 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2010/05/28 21:32:46 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2010/05/28 21:32:46 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2010/05/28 21:32:46 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2010/05/28 21:32:46 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2010/05/28 21:32:38 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2010/05/28 21:32:38 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2010/05/28 21:32:38 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2010/05/28 21:32:37 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2010/05/28 21:32:37 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2010/05/28 21:32:37 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2010/05/28 21:32:37 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2010/05/28 21:32:36 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2010/05/28 21:32:36 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2010/05/28 21:32:36 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2010/05/28 21:32:36 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2010/05/28 21:32:36 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2010/05/28 21:32:36 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2010/05/28 21:32:36 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2010/05/28 21:32:36 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2010/05/28 21:32:36 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2010/05/28 21:32:36 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2010/05/28 21:32:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2010/05/28 21:32:35 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2010/05/28 21:32:35 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2010/05/28 21:32:35 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2010/05/28 21:32:34 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2010/05/28 21:32:34 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2010/05/28 21:32:34 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2010/05/28 21:32:34 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2010/05/28 21:32:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2010/05/28 21:32:34 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2010/05/28 21:32:33 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2010/05/28 21:32:33 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2010/05/28 21:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010/05/28 21:32:12 | 000,347,136 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2010/05/28 21:32:12 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2010/05/28 21:32:12 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2010/05/28 21:32:12 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2010/05/28 21:32:12 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2010/05/28 21:32:11 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2010/05/28 21:32:11 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2010/05/28 21:32:11 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2010/05/28 21:32:10 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2010/05/28 21:32:10 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2010/05/28 21:32:09 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2010/05/28 21:32:09 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2010/05/28 21:32:09 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2010/05/28 21:32:09 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2010/05/28 21:32:08 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2010/05/28 21:32:08 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2010/05/28 21:32:08 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2010/05/28 21:32:08 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2010/05/28 21:32:08 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2010/05/28 21:32:08 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2010/05/28 21:32:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010/05/28 21:32:07 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2010/05/28 21:32:07 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2010/05/28 21:32:07 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2010/05/28 21:32:07 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2010/05/28 21:32:07 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2010/05/28 21:32:06 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2010/05/28 21:32:05 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2010/05/28 21:32:05 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2010/05/28 21:32:05 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2010/05/28 21:32:05 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2010/05/28 21:32:05 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2010/05/28 21:32:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010/05/28 21:32:04 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2010/05/28 21:32:04 | 000,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2010/05/28 21:31:58 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2010/05/28 21:31:58 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2010/05/28 21:31:57 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2010/05/28 21:31:57 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2010/05/28 13:23:33 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\battc.sys
[2010/05/28 13:23:12 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTL8139.sys
[2010/05/28 13:22:54 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2010/05/28 13:21:49 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/05/28 13:21:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/05/28 13:21:44 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/05/28 13:21:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010/05/28 13:21:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010/05/28 13:21:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2010/05/28 13:21:41 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tintlgnt.ime
[2010/05/28 13:21:41 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winar30.ime
[2010/05/28 13:21:41 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\quick.ime
[2010/05/28 13:21:41 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cintlgnt.ime
[2010/05/28 13:21:40 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\phon.ime
[2010/05/28 13:21:40 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dayi.ime
[2010/05/28 13:21:40 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chajei.ime
[2010/05/28 13:21:40 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uniime.dll
[2010/05/28 13:21:40 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winime.ime
[2010/05/28 13:21:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicdime.ime
[2010/05/28 13:21:40 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\romanime.ime
[2010/05/28 13:21:40 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\miniime.tpl
[2010/05/28 13:21:32 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pintlgnt.ime
[2010/05/28 13:21:31 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81k.dll
[2010/05/28 13:21:31 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winzm.ime
[2010/05/28 13:21:31 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winsp.ime
[2010/05/28 13:21:31 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winpy.ime
[2010/05/28 13:21:30 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81.ime
[2010/05/28 13:21:28 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_iscii.dll
[2010/05/28 13:21:17 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chsbrkr.dll
[2010/05/28 13:21:17 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chtbrkr.dll
[2010/05/28 13:21:16 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\korwbrkr.dll
[2010/05/28 13:21:15 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.lex
[2010/05/28 13:21:15 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.dll
[2010/05/28 13:20:52 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_g18030.dll
[2010/05/28 13:20:52 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wingb.ime
[2010/05/28 13:20:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101a.dll
[2010/05/28 13:20:36 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecAT.dll
[2010/05/28 13:20:36 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecNT.dll
[2010/05/28 13:20:36 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec95.dll
[2010/05/28 13:20:36 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdibm02.dll
[2010/05/28 13:20:36 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\f3ahvoas.dll
[2010/05/28 13:20:36 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41a.dll
[2010/05/28 13:20:36 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41j.dll
[2010/05/28 13:20:36 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdax2.dll
[2010/05/28 13:20:36 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106n.dll
[2010/05/28 13:20:36 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101.dll
[2010/05/28 13:20:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_is2022.dll
[2010/05/28 13:20:01 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2010/05/28 13:20:01 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2010/05/28 13:20:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2010/05/28 13:20:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2010/05/28 13:20:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2010/05/28 13:19:57 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2010/05/28 13:19:55 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2010/05/28 13:19:55 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2010/05/28 13:19:55 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2010/05/28 13:19:53 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2010/05/28 13:19:53 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2010/05/28 13:19:53 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2010/05/28 13:19:53 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2010/05/28 13:19:53 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2010/05/28 13:19:53 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2010/05/28 13:19:53 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2010/05/28 13:19:53 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2010/05/28 13:19:53 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2010/05/28 13:19:53 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2010/05/28 13:19:53 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2010/05/28 13:19:53 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2010/05/28 13:19:51 | 000,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2010/05/28 13:19:51 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2010/05/28 13:19:51 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2010/05/28 13:19:51 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2010/05/28 13:19:51 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2010/05/28 13:19:51 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2010/05/28 13:19:50 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2010/05/28 13:19:49 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2010/05/28 13:19:49 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2010/05/28 13:19:49 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2010/05/28 13:19:49 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2010/05/28 13:19:49 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2010/05/28 13:19:47 | 000,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2010/05/28 13:19:47 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2010/05/28 13:19:47 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2010/05/28 13:19:47 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2010/05/28 13:19:47 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2010/05/28 13:19:47 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2010/05/28 13:19:47 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2010/05/28 13:19:47 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2010/05/28 13:19:47 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2010/05/28 13:19:47 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2010/05/28 13:19:47 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2010/05/28 13:19:47 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2010/05/28 13:19:46 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2010/05/28 13:19:44 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll
[2010/05/28 13:19:44 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll
[2010/05/28 13:19:44 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010/05/28 13:19:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010/05/28 13:19:43 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll
[2010/05/28 13:19:43 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2010/05/28 13:19:43 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2010/05/28 13:19:43 | 000,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2010/05/28 13:19:43 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2010/05/28 13:19:43 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2010/05/28 13:19:43 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2010/05/28 13:19:43 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2010/05/28 13:19:43 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2010/05/28 13:19:42 | 000,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2010/05/28 13:19:42 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2010/05/28 13:19:42 | 000,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2010/05/28 13:19:42 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2010/05/28 13:19:42 | 000,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2010/05/28 13:19:42 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2010/05/28 13:19:42 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2010/05/28 13:19:42 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2010/05/28 13:19:42 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2010/05/28 13:19:41 | 000,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2010/05/28 13:19:41 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2010/05/28 13:19:41 | 000,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2010/05/28 13:19:41 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2010/05/28 13:19:41 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2010/05/28 13:19:40 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\winspool.drv
[2010/05/28 13:19:40 | 000,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL
[2010/05/28 13:19:40 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2010/05/28 13:19:37 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2010/05/28 13:19:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/05/28 13:19:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/05/28 13:19:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2010/05/28 13:19:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2010/05/28 13:19:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2010/05/28 13:19:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/05/28 13:19:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010/05/28 13:19:05 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/05/28 13:19:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/05/28 13:18:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010/05/28 13:18:37 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/05/28 13:10:24 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010/05/28 13:10:24 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/05/28 13:10:24 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010/05/28 13:10:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010/05/28 13:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/06 08:50:59 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/06 08:49:50 | 000,347,268 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/06 08:49:50 | 000,305,556 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/06 08:49:50 | 000,037,958 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/06 08:45:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/06 08:45:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/06 08:45:28 | 419,430,400 | ---- | M] () -- C:\WINDOWS\MEM0RY.DMP
[2010/06/06 08:03:49 | 000,000,283 | -HS- | M] () -- C:\boot.ini
[2010/06/06 07:49:58 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/06/06 07:49:58 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/06/06 07:34:28 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/06/06 06:48:48 | 003,703,185 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\fukaduk.exe
[2010/06/06 05:13:07 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/06 05:12:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/06 04:49:34 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/06/06 04:37:16 | 000,001,519 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/05 21:03:04 | 000,017,368 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/05 21:01:05 | 000,091,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/05 20:56:13 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/05 20:11:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/05 19:59:39 | 003,211,654 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/06/05 19:23:14 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/06/05 19:08:31 | 000,047,912 | ---- | M] () -- C:\WINDOWS\_default.pif
[2010/06/05 18:19:20 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/06/05 16:02:23 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/05 15:56:50 | 000,050,883 | ---- | M] () -- C:\WINDOWS\_default.pif.old
[2010/06/05 15:56:38 | 331,805,736 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe
[2010/06/05 15:44:51 | 010,196,424 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\windows-kb890830-v3.7.exe
[2010/06/05 15:36:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\settings.dat
[2010/06/05 15:21:42 | 000,608,415 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS.MVP
[2010/06/05 14:26:59 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/06/05 14:14:11 | 011,862,896 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\mssefullinstall-x86fre-en-us-xp.exe
[2010/06/04 08:57:01 | 001,138,992 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\maxlook.exe
[2010/06/01 08:56:12 | 000,000,212 | ---- | M] () -- C:\Boot.bak
[2010/05/29 08:52:02 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/05/28 21:39:46 | 000,000,287 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/05/28 21:37:13 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/28 21:37:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/28 21:37:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/28 21:37:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2010/05/28 21:37:13 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/05/28 21:37:13 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/28 21:37:12 | 000,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/28 21:37:04 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/05/28 21:37:04 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/05/28 21:36:52 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/28 21:35:57 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/05/28 21:35:57 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/05/28 21:35:50 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/05/28 21:35:50 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/05/28 21:35:50 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/05/28 21:35:50 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/05/28 21:35:50 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/05/28 21:35:50 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/05/28 21:33:55 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/28 21:33:43 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/05/28 21:33:43 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2010/05/21 14:14:28 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/06 06:48:18 | 003,703,185 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\fukaduk.exe
[2010/06/06 05:17:47 | 000,015,079 | ---- | C] () -- C:\Documents and Settings\Owner\Attach.txt
[2010/06/06 05:17:32 | 000,006,941 | ---- | C] () -- C:\Documents and Settings\Owner\DDS.txt
[2010/06/06 04:49:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/06/06 04:37:16 | 000,001,519 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/05 19:24:14 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\Owner\dw.log
[2010/06/05 19:23:14 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/06/05 18:22:06 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/05 16:07:13 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010/06/05 16:07:13 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010/06/05 16:07:13 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010/06/05 16:07:13 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010/06/05 16:07:13 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010/06/05 16:07:13 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010/06/05 16:07:13 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010/06/05 16:07:13 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010/06/05 16:07:13 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010/06/05 16:07:13 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010/06/05 16:07:13 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2010/06/05 16:07:13 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2010/06/05 16:07:13 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2010/06/05 16:07:13 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010/06/05 16:07:13 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010/06/05 16:07:13 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010/06/05 16:07:13 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010/06/05 16:07:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010/06/05 16:07:12 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010/06/05 16:07:12 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010/06/05 16:07:12 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010/06/05 16:07:12 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010/06/05 16:07:12 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2010/06/05 16:07:12 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010/06/05 16:07:12 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010/06/05 16:07:12 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010/06/05 16:07:12 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010/06/05 16:07:12 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010/06/05 16:07:12 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010/06/05 16:07:12 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010/06/05 16:07:12 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010/06/05 16:07:12 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010/06/05 16:07:12 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010/06/05 16:07:12 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010/06/05 16:07:12 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010/06/05 16:07:12 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010/06/05 16:07:12 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010/06/05 16:07:12 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010/06/05 16:07:12 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010/06/05 16:07:12 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010/06/05 16:07:12 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010/06/05 16:07:12 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010/06/05 16:07:12 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2010/06/05 16:07:12 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2010/06/05 16:07:12 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2010/06/05 16:07:12 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2010/06/05 16:07:12 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2010/06/05 16:07:12 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010/06/05 16:07:12 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010/06/05 16:07:12 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010/06/05 16:07:12 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010/06/05 16:07:12 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2010/06/05 16:07:12 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010/06/05 16:07:12 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2010/06/05 16:07:12 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2010/06/05 16:07:12 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2010/06/05 16:07:12 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010/06/05 16:07:12 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2010/06/05 16:07:12 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2010/06/05 16:07:12 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2010/06/05 16:07:12 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2010/06/05 16:07:12 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2010/06/05 16:07:12 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2010/06/05 16:07:12 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010/06/05 16:07:11 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010/06/05 16:07:11 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010/06/05 16:07:11 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2010/06/05 16:07:11 | 000,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
[2010/06/05 16:07:11 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010/06/05 16:07:11 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010/06/05 16:07:11 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010/06/05 16:07:11 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010/06/05 16:07:11 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010/06/05 16:07:11 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010/06/05 16:07:11 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010/06/05 16:07:11 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
[2010/06/05 16:07:11 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010/06/05 16:07:11 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010/06/05 16:07:11 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010/06/05 16:07:11 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010/06/05 16:07:11 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010/06/05 16:07:11 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010/06/05 16:04:38 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2010/06/05 16:04:38 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dllcache\dxmasf.dll
[2010/06/05 16:04:38 | 000,004,126 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxmlc.dll
[2010/06/05 16:02:44 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/06/05 16:02:44 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/06/05 16:02:42 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/06/05 15:36:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\settings.dat
[2010/06/04 09:47:54 | 419,430,400 | ---- | C] () -- C:\WINDOWS\MEM0RY.DMP
[2010/06/04 08:56:59 | 001,138,992 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\maxlook.exe
[2010/06/04 08:42:18 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2010/06/04 08:42:16 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/04 08:41:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/04 08:29:56 | 000,077,312 | ---- | C] () -- C:\WINDOWS\mbr.exe
[2010/05/29 08:52:34 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/05/29 08:52:33 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Owner\ntuser.dat.LOG
[2010/05/29 08:52:30 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/05/29 08:52:02 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/05/28 21:39:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/05/28 21:37:13 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/28 21:37:13 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/05/28 21:37:13 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/05/28 21:37:13 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010/05/28 21:37:13 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010/05/28 21:37:04 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/05/28 21:37:04 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/05/28 21:37:02 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/05/28 21:35:57 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/05/28 21:35:57 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/05/28 21:35:50 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/05/28 21:35:50 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/05/28 21:35:50 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/05/28 21:35:50 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/05/28 21:35:50 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/05/28 21:35:50 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/05/28 21:34:56 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010/05/28 21:34:56 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010/05/28 21:33:55 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/28 21:32:40 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/05/28 21:32:40 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/05/28 21:32:40 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/05/28 21:32:40 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/05/28 21:32:40 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/05/28 21:32:40 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/05/28 21:32:40 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/05/28 21:32:40 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/05/28 21:32:40 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/05/28 21:32:39 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2010/05/28 21:32:39 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/05/28 21:32:39 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2010/05/28 21:32:39 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2010/05/28 21:32:39 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2010/05/28 21:32:39 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2010/05/28 21:32:39 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/05/28 21:32:38 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2010/05/28 21:32:38 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2010/05/28 21:32:38 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2010/05/28 21:32:36 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010/05/28 21:32:36 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010/05/28 21:32:35 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010/05/28 21:32:28 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2010/05/28 13:21:52 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/05/28 13:21:25 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_864.nls
[2010/05/28 13:21:25 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_720.nls
[2010/05/28 13:21:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_708.nls
[2010/05/28 13:21:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28596.NLS
[2010/05/28 13:21:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10004.nls
[2010/05/28 13:21:22 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_862.nls
[2010/05/28 13:21:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10005.nls
[2010/05/28 13:21:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10021.nls
[2010/05/28 13:21:17 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2010/05/28 13:21:16 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2010/05/28 13:21:16 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2010/05/28 13:21:03 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2010/05/28 13:21:03 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2010/05/28 13:21:03 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2010/05/28 13:21:03 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2010/05/28 13:21:03 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2010/05/28 13:21:03 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2010/05/28 13:21:03 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2010/05/28 13:21:03 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2010/05/28 13:21:03 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2010/05/28 13:21:02 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\c_10002.nls
[2010/05/28 13:21:02 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2010/05/28 13:21:02 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.nls
[2010/05/28 13:21:02 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\big5.nls
[2010/05/28 13:21:02 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2010/05/28 13:21:02 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2010/05/28 13:21:02 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2010/05/28 13:21:02 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2010/05/28 13:21:02 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2010/05/28 13:21:01 | 000,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP
[2010/05/28 13:21:01 | 000,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP
[2010/05/28 13:20:53 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2010/05/28 13:20:53 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2010/05/28 13:20:52 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2010/05/28 13:20:52 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\prcp.nls
[2010/05/28 13:20:52 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\prc.nls
[2010/05/28 13:20:51 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_10008.nls
[2010/05/28 13:20:37 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\c_1361.nls
[2010/05/28 13:20:37 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_10003.nls
[2010/05/28 13:20:37 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\ksc.nls
[2010/05/28 13:20:02 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\c_20932.nls
[2010/05/28 13:20:02 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_20949.nls
[2010/05/28 13:20:02 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_20936.nls
[2010/05/28 13:20:01 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\c_20000.nls
[2010/05/28 13:20:01 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_10001.nls
[2010/05/28 13:20:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21027.nls
[2010/05/28 13:20:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20290.nls
[2010/05/28 13:20:01 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\xjis.nls
[2010/05/28 13:19:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2010/05/28 13:19:55 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2010/05/28 13:19:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2010/05/28 13:19:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2010/05/28 13:19:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2010/05/28 13:19:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2010/05/28 13:19:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2010/05/28 13:19:50 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2010/05/28 13:19:50 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2010/05/28 13:19:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2010/05/28 13:19:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2010/05/28 13:19:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2010/05/28 13:19:49 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2010/05/28 13:19:49 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2010/05/28 13:19:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2010/05/28 13:19:46 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2010/05/28 13:19:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2010/05/28 13:19:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2010/05/28 13:19:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2010/05/28 13:19:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2010/05/28 13:19:41 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/05/28 13:18:37 | 000,091,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/28 13:18:07 | 000,000,283 | -HS- | C] () -- C:\boot.ini
[2010/05/28 13:18:02 | 000,000,287 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf

========== Purity Check ==========


< End of report >






Extras

OTL Extras logfile created on: 6/6/2010 8:53:26 AM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 266.00 Mb Available Physical Memory | 53.00% Memory free
872.00 Mb Paging File | 595.00 Mb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 400 750 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 70.69 Gb Free Space | 94.86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WHITE-0983WS
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9516A4F3-A620-4C4B-B17C-750C6B87AF4B}" = ESET Smart Security
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"ESET Online Scanner" = ESET Online Scanner v3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Security Essentials" = Microsoft Security Essentials
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/4/2010 12:59:54 PM | Computer Name = WHITE-0983WS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module flash.ocx, version 6.0.79.0, fault address 0x0001cfd3.

Error - 6/5/2010 6:53:59 PM | Computer Name = WHITE-0983WS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 6/5/2010 7:12:29 PM | Computer Name = WHITE-0983WS | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BF from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 6/5/2010 7:13:39 PM | Computer Name = WHITE-0983WS | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070005 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 6/5/2010 7:13:39 PM | Computer Name = WHITE-0983WS | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 6/5/2010 11:24:15 PM | Computer Name = WHITE-0983WS | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 6/5/2010 11:16:33 PM | Computer Name = WHITE-0983WS | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 6/5/2010 11:16:33 PM | Computer Name = WHITE-0983WS | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 6/5/2010 11:52:52 PM | Computer Name = WHITE-0983WS | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070005 from line 44 of f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 6/5/2010 11:52:52 PM | Computer Name = WHITE-0983WS | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

[ System Events ]
Error - 6/6/2010 1:01:44 AM | Computer Name = WHITE-0983WS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000003A'
while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'. It has
stopped monitoring the volume.

Error - 6/6/2010 7:18:39 AM | Computer Name = WHITE-0983WS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/6/2010 8:19:34 AM | Computer Name = WHITE-0983WS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ehdrv Fips intelppm MpFilter

Error - 6/6/2010 8:23:27 AM | Computer Name = WHITE-0983WS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/6/2010 8:24:27 AM | Computer Name = WHITE-0983WS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ehdrv Fips intelppm MpFilter

Error - 6/6/2010 9:46:05 AM | Computer Name = WHITE-0983WS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/6/2010 9:47:06 AM | Computer Name = WHITE-0983WS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ehdrv Fips intelppm MpFilter

Error - 6/6/2010 10:55:49 AM | Computer Name = WHITE-0983WS | Source = Service Control Manager | ID = 7034
Description = The Microsoft Antimalware Service service terminated unexpectedly.
It has done this 3 time(s).

Error - 6/6/2010 10:56:00 AM | Computer Name = WHITE-0983WS | Source = Service Control Manager | ID = 7031
Description = The Remote Procedure Call (RPC) service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.

Error - 6/6/2010 12:00:03 PM | Computer Name = WHITE-0983WS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000034'
while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'. It has
stopped monitoring the volume.


< End of report >





and also the combofix log is attached...just in case.

Attached Files



#3 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:19 AM

Posted 09 June 2010 - 01:13 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please post back with a fresh OTL logfile.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#4 DSR13

DSR13
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 11 June 2010 - 05:08 PM

The problem is not resolved and only worse, I will do as requested this evening if I am able to acess the net to do so.

I know that I have been able to clean the hard drive, even using Dbam, and killdisk, killdisk shows 3 partition errors, and Dbam dies with a "kernel confusion"
Using the FIXMBR in the recovery console, it says it is not right and then writes a new one..
Format C: FS:/FAT32 says it has, but upon reboot shows it is a NTFS file system or UNKNOWN

After I freshly install XP w/SP2, I can acess the internet for a short time and then I have mass NT files downloaded to the computer, many are exe files, and also _xe, or dl!

I have also used combofix, and now see that when I downloaded it, that it was not right

bleeping computer set as my homepage is http://xxxbleepingcomputer.com

OTL shows as _OTL when downloaded, and once there, I cannot delete it or remove it, the same as combofix, and yes, I did the start run combofix /Uninstall

MBAM runs and shows nothing
Seems that all of the well known anti virus and anti spyware are set to 0 in the registry, and even if I change setting there, it is changed remotely on reboot.

Norman Anti malware found trojans and a rebooter problem, now it will download.

Kaspersky online scanner showed 3 problems, and then hung when it went to check the memory, now it will not not function

It seems that once I am able to download and install, that the programs are "changed" or run in loops.

As far as installing, most of the time I get cannot install progarm as the RPC server is not running, or I need to reinstall the installer, and when I download it, I am told the one I downloaded is not right for my machine.

I have tried to disable registry tools and am told I do not have acess rights to do this...even if I am the only one and I am the administrator of the machine....

I can go on and on, but will post it when I can

Thank you for the response

#5 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:19 AM

Posted 12 June 2010 - 03:58 AM

Please post the fresh OTL logfile, also please post the Combofix logfile, and we will go from there smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#6 DSR13

DSR13
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 14 June 2010 - 07:01 PM

this is off a fresh install...only online 3 minutes.

OTL logfile created on: 14/06/2010 16:58:09 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

246.00 Mb Total Physical Memory | 145.00 Mb Available Physical Memory | 59.00% Memory free
632.00 Mb Paging File | 532.00 Mb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 400 777 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.28 Gb Total Space | 27.49 Gb Free Space | 93.91% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 0-7-K_U-9_JOL-9
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/14 16:54:38 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2004/08/04 12:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/06/14 16:54:38 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2004/08/04 12:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 12:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========


========== Driver Services (SafeList) ==========

DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2004/08/04 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/14 11:41:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/14 13:38:55 | 000,000,000 | -HSD | C] -- C:\Recycled
[2011/07/14 13:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Identities
[2011/07/14 13:10:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/07/14 13:10:17 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/07/14 13:10:15 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Owner\Application Data\Microsoft
[2011/07/14 13:10:15 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Owner\Cookies
[2011/07/14 13:10:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\SendTo
[2011/07/14 13:10:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/07/14 13:10:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Application Data
[2011/07/14 13:10:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu
[2011/07/14 13:10:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents
[2011/07/14 13:10:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Favorites
[2011/07/14 13:10:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\Templates
[2011/07/14 13:10:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\PrintHood
[2011/07/14 13:10:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\NetHood
[2011/07/14 13:10:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\Local Settings
[2011/07/14 13:10:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft
[2011/07/14 13:10:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop
[2011/07/14 13:10:12 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2011/07/14 13:10:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2011/07/14 11:49:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/07/14 11:47:07 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/07/14 11:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2011/07/14 11:46:58 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2011/07/14 11:42:16 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2011/07/14 11:42:15 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2011/07/14 11:42:14 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2011/07/14 11:42:14 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2011/07/14 11:42:13 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2011/07/14 11:42:07 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2011/07/14 11:42:07 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2011/07/14 11:42:06 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2011/07/14 11:42:06 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2011/07/14 11:42:01 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2011/07/14 11:42:00 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2011/07/14 11:42:00 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2011/07/14 11:41:59 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2011/07/14 11:41:59 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2011/07/14 11:41:59 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2011/07/14 11:41:58 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2011/07/14 11:41:58 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2011/07/14 11:41:58 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2011/07/14 11:41:57 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2011/07/14 11:41:57 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2011/07/14 11:41:57 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2011/07/14 11:41:57 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2011/07/14 11:41:56 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2011/07/14 11:41:56 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2011/07/14 11:41:56 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2011/07/14 11:41:55 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2011/07/14 11:41:55 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2011/07/14 11:41:54 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2011/07/14 11:41:54 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2011/07/14 11:41:52 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2011/07/14 11:41:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2011/07/14 11:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2011/07/14 11:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2011/07/14 11:41:19 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2011/07/14 11:40:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2011/07/14 11:40:25 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2011/07/14 11:40:25 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2011/07/14 11:40:14 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/07/14 11:39:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2011/07/14 11:39:32 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoobe.exe
[2011/07/14 11:39:30 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe
[2011/07/14 11:39:30 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notiflag.exe
[2011/07/14 11:39:30 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brpinfo.dll
[2011/07/14 11:39:30 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atrace.dll
[2011/07/14 11:39:30 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2011/07/14 11:39:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hcappres.dll
[2011/07/14 11:39:20 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe
[2011/07/14 11:39:20 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2011/07/14 11:39:20 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmevtmsg.dll
[2011/07/14 11:39:19 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe
[2011/07/14 11:39:19 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wb32.exe
[2011/07/14 11:39:19 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cb32.exe
[2011/07/14 11:39:18 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acctres.dll
[2011/07/14 11:39:18 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2011/07/14 11:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2011/07/14 11:39:15 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2011/07/14 11:39:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2011/07/14 11:39:15 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll
[2011/07/14 11:39:15 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2011/07/14 11:39:15 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icfgnt5.dll
[2011/07/14 11:39:15 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2011/07/14 11:39:14 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoap1.dll
[2011/07/14 11:39:14 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wisc10.dll
[2011/07/14 11:39:14 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoapr.dll
[2011/07/14 11:39:14 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2011/07/14 11:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/07/14 11:39:13 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieinfo5.ocx
[2011/07/14 11:39:10 | 000,725,566 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srchui.dll
[2011/07/14 11:39:10 | 000,058,434 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srchctls.dll
[2011/07/14 11:39:09 | 003,166,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgr3en.dll
[2011/07/14 11:39:09 | 000,848,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2011/07/14 11:39:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2011/07/14 11:39:08 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpband.dll
[2011/07/14 11:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2011/07/14 11:39:07 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe
[2011/07/14 11:39:07 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpvis.dll
[2011/07/14 11:39:07 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2011/07/14 11:39:07 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll
[2011/07/14 11:39:06 | 000,786,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migrate.exe
[2011/07/14 11:39:06 | 000,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2011/07/14 11:39:06 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2011/07/14 11:39:06 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2011/07/14 11:39:06 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2011/07/14 11:39:05 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2011/07/14 11:39:05 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng1.dll
[2011/07/14 11:39:05 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2011/07/14 11:39:05 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2011/07/14 11:39:05 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2011/07/14 11:39:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauserv.dll
[2011/07/14 11:39:04 | 001,134,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2011/07/14 11:39:04 | 000,430,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2011/07/14 11:39:04 | 000,430,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2011/07/14 11:39:04 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2011/07/14 11:39:04 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt1.exe
[2011/07/14 11:39:04 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2011/07/14 11:39:04 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2011/07/14 11:39:04 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2011/07/14 11:39:04 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2011/07/14 11:39:04 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx2.dll
[2011/07/14 11:39:04 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2011/07/14 11:39:04 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx3.dll
[2011/07/14 11:39:04 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2011/07/14 11:39:03 | 000,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgr.dll
[2011/07/14 11:39:03 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2011/07/14 11:39:03 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgrprxy.dll
[2011/07/14 11:39:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res2.dll
[2011/07/14 11:39:01 | 004,256,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res.dll
[2011/07/14 11:39:01 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2eres.dll
[2011/07/14 11:39:00 | 000,502,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxa.dll
[2011/07/14 11:39:00 | 000,402,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2filt.dll
[2011/07/14 11:39:00 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxb.dll
[2011/07/14 11:39:00 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ae.dll
[2011/07/14 11:39:00 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ext.dll
[2011/07/14 11:38:59 | 003,555,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2011/07/14 11:38:59 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2011/07/14 11:38:57 | 000,561,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobmain.dll
[2011/07/14 11:38:57 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobcomm.dll
[2011/07/14 11:38:57 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oobebaln.exe
[2011/07/14 11:38:57 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobshel.dll
[2011/07/14 11:38:57 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobweb.dll
[2011/07/14 11:38:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobdl.dll
[2011/07/14 11:38:55 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uploadm.exe
[2011/07/14 11:38:55 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2011/07/14 11:38:55 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrslv.dll
[2011/07/14 11:38:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2011/07/14 11:38:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrcdlg.dll
[2011/07/14 11:38:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2011/07/14 11:38:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\racpldlg.dll
[2011/07/14 11:38:55 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2011/07/14 11:38:55 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrdm.dll
[2011/07/14 11:38:54 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pchshell.dll
[2011/07/14 11:38:54 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pchsvc.dll
[2011/07/14 11:38:52 | 000,743,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2011/07/14 11:38:52 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconfig.exe
[2011/07/14 11:38:52 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hscupd.exe
[2011/07/14 11:38:51 | 000,768,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpctr.exe
[2011/07/14 11:38:51 | 000,380,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rstrui.exe
[2011/07/14 11:38:51 | 000,124,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmgr.sys
[2011/07/14 11:38:51 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltMc.exe
[2011/07/14 11:38:51 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmc.exe
[2011/07/14 11:38:51 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltlib.dll
[2011/07/14 11:38:50 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2011/07/14 11:38:50 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srrstr.dll
[2011/07/14 11:38:50 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srsvc.dll
[2011/07/14 11:38:50 | 000,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sr.sys
[2011/07/14 11:38:50 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srclient.dll
[2011/07/14 11:38:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2011/07/14 11:38:49 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2011/07/14 11:38:49 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ils.dll
[2011/07/14 11:38:49 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2011/07/14 11:38:49 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconf.dll
[2011/07/14 11:38:49 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcap32.dll
[2011/07/14 11:38:49 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2011/07/14 11:38:49 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmdd.dll
[2011/07/14 11:38:49 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmsrvc.exe
[2011/07/14 11:38:49 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2011/07/14 11:38:49 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\isrdbg32.dll
[2011/07/14 11:38:49 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2011/07/14 11:38:49 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmmkcert.dll
[2011/07/14 11:38:48 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\callcont.dll
[2011/07/14 11:38:48 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmas.dll
[2011/07/14 11:38:48 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rrcm.dll
[2011/07/14 11:38:48 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\h323cc.dll
[2011/07/14 11:38:48 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmasnt.dll
[2011/07/14 11:38:47 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst120.dll
[2011/07/14 11:38:47 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nac.dll
[2011/07/14 11:38:47 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmwb.dll
[2011/07/14 11:38:47 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmft.dll
[2011/07/14 11:38:47 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmchat.dll
[2011/07/14 11:38:47 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmcom.dll
[2011/07/14 11:38:47 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst123.dll
[2011/07/14 11:38:47 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\confmrsl.dll
[2011/07/14 11:38:46 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\conf.exe
[2011/07/14 11:38:46 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2011/07/14 11:38:46 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoeacct.dll
[2011/07/14 11:38:46 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmoldwb.dll
[2011/07/14 11:38:46 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2011/07/14 11:38:46 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoert2.dll
[2011/07/14 11:38:46 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/07/14 11:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2011/07/14 11:38:45 | 000,504,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32.dll
[2011/07/14 11:38:45 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32res.dll
[2011/07/14 11:38:45 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabimp.dll
[2011/07/14 11:38:45 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\directdb.dll
[2011/07/14 11:38:45 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2011/07/14 11:38:45 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetres.dll
[2011/07/14 11:38:45 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabfind.dll
[2011/07/14 11:38:45 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabmig.exe
[2011/07/14 11:38:44 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2011/07/14 11:38:44 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oeimport.dll
[2011/07/14 11:38:44 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msimn.exe
[2011/07/14 11:38:43 | 002,479,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoeres.dll
[2011/07/14 11:38:42 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstask.dll
[2011/07/14 11:38:42 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schedsvc.dll
[2011/07/14 11:38:42 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup50.exe
[2011/07/14 11:38:42 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemig50.exe
[2011/07/14 11:38:42 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemiglib.dll
[2011/07/14 11:38:42 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2011/07/14 11:38:42 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstinit.exe
[2011/07/14 11:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2011/07/14 11:38:41 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2011/07/14 11:38:41 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcfg.dll
[2011/07/14 11:38:41 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2011/07/14 11:38:41 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll
[2011/07/14 11:38:41 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2011/07/14 11:38:41 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdial.dll
[2011/07/14 11:38:41 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2011/07/14 11:38:41 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwphbk.dll
[2011/07/14 11:38:40 | 000,561,179 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dao360.dll
[2011/07/14 11:38:40 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn1.exe
[2011/07/14 11:38:40 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwhelp.dll
[2011/07/14 11:38:40 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn2.exe
[2011/07/14 11:38:40 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn.dll
[2011/07/14 11:38:40 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwutil.dll
[2011/07/14 11:38:40 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdl.dll
[2011/07/14 11:38:40 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwrmind.exe
[2011/07/14 11:38:40 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetwiz.exe
[2011/07/14 11:38:39 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32.dll
[2011/07/14 11:38:39 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqlxmlx.dll
[2011/07/14 11:38:39 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32r.dll
[2011/07/14 11:38:38 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasql.dll
[2011/07/14 11:38:38 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaora.dll
[2011/07/14 11:38:38 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaps.dll
[2011/07/14 11:38:38 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll
[2011/07/14 11:38:38 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatl3.dll
[2011/07/14 11:38:38 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaosp.dll
[2011/07/14 11:38:38 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxactps.dll
[2011/07/14 11:38:38 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatt.dll
[2011/07/14 11:38:38 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasqlr.dll
[2011/07/14 11:38:38 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaorar.dll
[2011/07/14 11:38:38 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaurl.dll
[2011/07/14 11:38:38 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasc.dll
[2011/07/14 11:38:38 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaer.dll
[2011/07/14 11:38:38 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaenum.dll
[2011/07/14 11:38:38 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdadc.dll
[2011/07/14 11:38:37 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2011/07/14 11:38:37 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll
[2011/07/14 11:38:37 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll
[2011/07/14 11:38:37 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdarem.dll
[2011/07/14 11:38:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado27.tlb
[2011/07/14 11:38:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado26.tlb
[2011/07/14 11:38:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado25.tlb
[2011/07/14 11:38:37 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado21.tlb
[2011/07/14 11:38:37 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado20.tlb
[2011/07/14 11:38:37 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadrh15.dll
[2011/07/14 11:38:37 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msador15.dll
[2011/07/14 11:38:37 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msader15.dll
[2011/07/14 11:38:36 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2011/07/14 11:38:36 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprst.dll
[2011/07/14 11:38:36 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadds.dll
[2011/07/14 11:38:36 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadco.dll
[2011/07/14 11:38:36 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcf.dll
[2011/07/14 11:38:36 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcs.dll
[2011/07/14 11:38:36 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdfmap.dll
[2011/07/14 11:38:36 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaddsr.dll
[2011/07/14 11:38:36 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcer.dll
[2011/07/14 11:38:36 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaremr.dll
[2011/07/14 11:38:36 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprsr.dll
[2011/07/14 11:38:36 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcor.dll
[2011/07/14 11:38:36 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcfr.dll
[2011/07/14 11:38:35 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hmmapi.dll
[2011/07/14 11:38:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2011/07/14 11:38:34 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedw.exe
[2011/07/14 11:38:32 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2011/07/14 11:38:29 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2011/07/14 11:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/07/14 11:37:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2011/07/14 11:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2011/07/14 11:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2011/07/14 11:37:19 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2011/07/14 11:37:18 | 001,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2011/07/14 11:37:18 | 000,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2011/07/14 11:37:18 | 000,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2011/07/14 11:37:18 | 000,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2011/07/14 11:37:18 | 000,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2011/07/14 11:37:18 | 000,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2011/07/14 11:37:17 | 002,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2011/07/14 11:37:17 | 001,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2011/07/14 11:37:17 | 000,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2011/07/14 11:37:17 | 000,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2011/07/14 11:37:17 | 000,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2011/07/14 11:37:17 | 000,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2011/07/14 11:37:17 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2011/07/14 11:37:17 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2011/07/14 11:37:17 | 000,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2011/07/14 11:37:17 | 000,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2011/07/14 11:37:16 | 001,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2011/07/14 11:37:16 | 000,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2011/07/14 11:37:16 | 000,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2011/07/14 11:37:16 | 000,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2011/07/14 11:37:16 | 000,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2011/07/14 11:37:15 | 000,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2011/07/14 11:37:15 | 000,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2011/07/14 11:37:15 | 000,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2011/07/14 11:37:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2011/07/14 11:37:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2011/07/14 11:37:15 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2011/07/14 11:37:07 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2011/07/14 11:37:07 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2011/07/14 11:37:06 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2011/07/14 11:37:06 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2011/07/14 11:37:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2011/07/14 11:37:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2011/07/14 11:37:06 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2011/07/14 11:37:06 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2011/07/14 11:37:06 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2011/07/14 11:37:06 | 000,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll
[2011/07/14 11:37:05 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2011/07/14 11:37:05 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2011/07/14 11:36:58 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2011/07/14 11:36:58 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2011/07/14 11:36:58 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2011/07/14 11:36:58 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2011/07/14 11:36:58 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2011/07/14 11:36:58 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2011/07/14 11:36:57 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2011/07/14 11:36:57 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2011/07/14 11:36:57 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2011/07/14 11:36:57 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2011/07/14 11:36:57 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2011/07/14 11:36:57 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2011/07/14 11:36:57 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2011/07/14 11:36:57 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2011/07/14 11:36:56 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2011/07/14 11:36:56 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe
[2011/07/14 11:36:56 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2011/07/14 11:36:56 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qwinsta.exe
[2011/07/14 11:36:56 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2011/07/14 11:36:56 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe
[2011/07/14 11:36:56 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2011/07/14 11:36:56 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qappsrv.exe
[2011/07/14 11:36:56 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2011/07/14 11:36:56 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe
[2011/07/14 11:36:56 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2011/07/14 11:36:56 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe
[2011/07/14 11:36:56 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2011/07/14 11:36:56 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe
[2011/07/14 11:36:56 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2011/07/14 11:36:56 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe
[2011/07/14 11:36:56 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2011/07/14 11:36:56 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe
[2011/07/14 11:36:56 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2011/07/14 11:36:56 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe
[2011/07/14 11:36:56 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2011/07/14 11:36:56 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcfgex.dll
[2011/07/14 11:36:55 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2011/07/14 11:36:55 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msg.exe
[2011/07/14 11:36:55 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtsadmin.tlb
[2011/07/14 11:36:55 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdmodem.dll
[2011/07/14 11:36:55 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2011/07/14 11:36:55 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2011/07/14 11:36:55 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe
[2011/07/14 11:36:54 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.dll
[2011/07/14 11:36:54 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2011/07/14 11:36:54 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comaddin.dll
[2011/07/14 11:36:54 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2011/07/14 11:36:54 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2011/07/14 11:36:54 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxlegih.dll
[2011/07/14 11:36:54 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2011/07/14 11:36:54 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxdm.dll
[2011/07/14 11:36:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcomcnfg.exe
[2011/07/14 11:36:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2011/07/14 11:36:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrereg.exe
[2011/07/14 11:36:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2011/07/14 11:36:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxex.dll
[2011/07/14 11:36:53 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsnap.dll
[2011/07/14 11:36:53 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2011/07/14 11:36:53 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2011/07/14 11:36:53 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stclient.dll
[2011/07/14 11:36:53 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmi2xml.dll
[2011/07/14 11:36:50 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipicmp.dll
[2011/07/14 11:36:50 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmimsg.dll
[2011/07/14 11:36:50 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.tlb
[2011/07/14 11:36:50 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmitimep.dll
[2011/07/14 11:36:50 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.tlb
[2011/07/14 11:36:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmtr.dll
[2011/07/14 11:36:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmt.exe
[2011/07/14 11:36:50 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.dll
[2011/07/14 11:36:49 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll
[2011/07/14 11:36:49 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprov.dll
[2011/07/14 11:36:49 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\updprov.dll
[2011/07/14 11:36:49 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmplprov.dll
[2011/07/14 11:36:49 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trnsprov.dll
[2011/07/14 11:36:49 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fwdprov.dll
[2011/07/14 11:36:49 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpcons.dll
[2011/07/14 11:36:49 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unsecapp.exe
[2011/07/14 11:36:34 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2011/07/14 11:36:33 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2011/07/14 11:36:33 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\accwiz.exe
[2011/07/14 11:36:33 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2011/07/14 11:36:33 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2011/07/14 11:36:33 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndrec32.exe
[2011/07/14 11:36:33 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2011/07/14 11:36:33 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2011/07/14 11:36:33 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\access.cpl
[2011/07/14 11:36:33 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2011/07/14 11:36:32 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dialer.exe
[2011/07/14 11:36:32 | 000,345,088 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2011/07/14 11:36:32 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2011/07/14 11:36:32 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2011/07/14 11:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2011/07/14 11:36:31 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2011/07/14 11:36:31 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spider.exe
[2011/07/14 11:36:31 | 000,139,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/07/14 11:36:31 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clipbrd.exe
[2011/07/14 11:36:31 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2011/07/14 11:36:31 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdtcp.sys
[2011/07/14 11:36:31 | 000,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdpipe.sys
[2011/07/14 11:36:30 | 000,655,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2011/07/14 11:36:30 | 000,407,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstsc.exe
[2011/07/14 11:36:30 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sessmgr.exe
[2011/07/14 11:36:30 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2011/07/14 11:36:30 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscfgwmi.dll
[2011/07/14 11:36:30 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2011/07/14 11:36:30 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdshost.exe
[2011/07/14 11:36:30 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\remotepg.dll
[2011/07/14 11:36:30 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2011/07/14 11:36:30 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdsaddin.exe
[2011/07/14 11:36:29 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\termsrv.dll
[2011/07/14 11:36:29 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2011/07/14 11:36:29 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdchost.dll
[2011/07/14 11:36:29 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2011/07/14 11:36:29 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwsx.dll
[2011/07/14 11:36:29 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2011/07/14 11:36:29 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpclip.exe
[2011/07/14 11:36:29 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2011/07/14 11:36:29 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscupgrd.exe
[2011/07/14 11:36:29 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2011/07/14 11:36:29 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qprocess.exe
[2011/07/14 11:36:29 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2011/07/14 11:36:29 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpsnd.dll
[2011/07/14 11:36:28 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2011/07/14 11:36:28 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcprx.dll
[2011/07/14 11:36:28 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2011/07/14 11:36:28 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcuiu.dll
[2011/07/14 11:36:28 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2011/07/14 11:36:28 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxoci.dll
[2011/07/14 11:36:28 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgbkend.dll
[2011/07/14 11:36:28 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2011/07/14 11:36:28 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2011/07/14 11:36:28 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icaapi.dll
[2011/07/14 11:36:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2011/07/14 11:36:27 | 000,949,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2011/07/14 11:36:27 | 000,949,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtctm.dll
[2011/07/14 11:36:27 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2011/07/14 11:36:27 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtclog.dll
[2011/07/14 11:36:27 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2011/07/14 11:36:27 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xolehlp.dll
[2011/07/14 11:36:27 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtc.exe
[2011/07/14 11:36:26 | 000,628,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrvut.dll
[2011/07/14 11:36:26 | 000,628,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2011/07/14 11:36:26 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comadmin.dll
[2011/07/14 11:36:26 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clbcatex.dll
[2011/07/14 11:36:26 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2011/07/14 11:36:26 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrvps.dll
[2011/07/14 11:36:26 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2011/07/14 11:36:26 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2011/07/14 11:36:26 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2011/07/14 11:36:26 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.exe
[2011/07/14 11:36:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2011/07/14 11:36:25 | 001,251,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsvcs.dll
[2011/07/14 11:36:25 | 001,251,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2011/07/14 11:36:25 | 000,540,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comuid.dll
[2011/07/14 11:36:25 | 000,540,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2011/07/14 11:36:25 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrv.dll
[2011/07/14 11:36:25 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2011/07/14 11:36:24 | 000,501,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clbcatq.dll
[2011/07/14 11:36:23 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipcima.dll
[2011/07/14 11:36:23 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmisvc.dll
[2011/07/14 11:36:23 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprov.dll
[2011/07/14 11:36:23 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmidcprv.dll
[2011/07/14 11:36:23 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipdskq.dll
[2011/07/14 11:36:23 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiutils.dll
[2011/07/14 11:36:23 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipjobj.dll
[2011/07/14 11:36:23 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipiprt.dll
[2011/07/14 11:36:23 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipsess.dll
[2011/07/14 11:36:22 | 000,530,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcore.dll
[2011/07/14 11:36:22 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemess.dll
[2011/07/14 11:36:22 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcomn.dll
[2011/07/14 11:36:22 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemupgd.dll
[2011/07/14 11:36:22 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiadap.exe
[2011/07/14 11:36:22 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.dll
[2011/07/14 11:36:22 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiapsrv.exe
[2011/07/14 11:36:22 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemtest.exe
[2011/07/14 11:36:22 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiaprpl.dll
[2011/07/14 11:36:22 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcons.dll
[2011/07/14 11:36:22 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmicookr.dll
[2011/07/14 11:36:22 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemsvc.dll
[2011/07/14 11:36:22 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemprox.dll
[2011/07/14 11:36:22 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiapres.dll
[2011/07/14 11:36:21 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\provthrd.dll
[2011/07/14 11:36:21 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntevt.dll
[2011/07/14 11:36:21 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcntl.dll
[2011/07/14 11:36:21 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\repdrvfs.dll
[2011/07/14 11:36:21 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viewprov.dll
[2011/07/14 11:36:21 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stdprov.dll
[2011/07/14 11:36:21 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrcons.exe
[2011/07/14 11:36:20 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\framedyn.dll
[2011/07/14 11:36:20 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofd.dll
[2011/07/14 11:36:20 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ncprov.dll
[2011/07/14 11:36:20 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\krnlprov.dll
[2011/07/14 11:36:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofcomp.exe
[2011/07/14 11:36:19 | 001,352,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cimwin32.dll
[2011/07/14 11:36:19 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\esscli.dll
[2011/07/14 11:36:18 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmprops.dll
[2011/07/14 11:36:18 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2011/07/14 11:36:18 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2011/07/14 11:36:18 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licwmi.dll
[2011/07/14 11:36:18 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2011/07/14 11:36:18 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\servdeps.dll
[2011/07/14 11:36:18 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2011/07/14 11:36:18 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mmfutil.dll
[2011/07/14 11:23:04 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTL8139.sys
[2011/07/14 11:22:44 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2011/07/14 11:21:33 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2011/07/14 11:21:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/07/14 11:21:31 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll
[2011/07/14 11:21:31 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll
[2011/07/14 11:21:29 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spttseng.dll
[2011/07/14 11:21:28 | 000,741,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.dll
[2011/07/14 11:21:28 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.cpl
[2011/07/14 11:21:28 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2011/07/14 11:21:28 | 000,000,000 | R--D | C] -- C:\Program Files
[2011/07/14 11:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2011/07/14 11:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2011/07/14 11:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2011/07/14 11:21:26 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2011/07/14 11:21:26 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2011/07/14 11:21:25 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TINTLGNT.IME
[2011/07/14 11:21:25 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2011/07/14 11:21:25 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2011/07/14 11:21:25 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2011/07/14 11:21:25 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winar30.ime
[2011/07/14 11:21:25 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2011/07/14 11:21:25 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\quick.ime
[2011/07/14 11:21:25 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2011/07/14 11:21:25 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2011/07/14 11:21:25 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2011/07/14 11:21:25 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2011/07/14 11:21:25 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CINTLGNT.IME
[2011/07/14 11:21:25 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2011/07/14 11:21:25 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\miniime.tpl
[2011/07/14 11:21:25 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2011/07/14 11:21:24 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\phon.ime
[2011/07/14 11:21:24 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2011/07/14 11:21:24 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2011/07/14 11:21:24 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dayi.ime
[2011/07/14 11:21:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2011/07/14 11:21:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chajei.ime
[2011/07/14 11:21:24 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uniime.dll
[2011/07/14 11:21:24 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2011/07/14 11:21:24 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winime.ime
[2011/07/14 11:21:24 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2011/07/14 11:21:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicdime.ime
[2011/07/14 11:21:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2011/07/14 11:21:24 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2011/07/14 11:21:24 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\romanime.ime
[2011/07/14 11:21:24 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2011/07/14 11:21:24 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2011/07/14 11:21:16 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PINTLGNT.IME
[2011/07/14 11:21:16 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2011/07/14 11:21:16 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINZM.IME
[2011/07/14 11:21:16 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2011/07/14 11:21:16 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINSP.IME
[2011/07/14 11:21:16 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2011/07/14 11:21:16 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINPY.IME
[2011/07/14 11:21:16 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2011/07/14 11:21:16 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2011/07/14 11:21:16 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2011/07/14 11:21:15 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81k.dll
[2011/07/14 11:21:15 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2011/07/14 11:21:15 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81.ime
[2011/07/14 11:21:15 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2011/07/14 11:21:15 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2011/07/14 11:21:15 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2011/07/14 11:21:15 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2011/07/14 11:21:15 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2011/07/14 11:21:15 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2011/07/14 11:21:14 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2011/07/14 11:21:14 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2011/07/14 11:21:14 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2011/07/14 11:21:14 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2011/07/14 11:21:14 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2011/07/14 11:21:14 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2011/07/14 11:21:13 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2011/07/14 11:21:13 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2011/07/14 11:21:13 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2011/07/14 11:21:13 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2011/07/14 11:21:13 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2011/07/14 11:21:02 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2011/07/14 11:21:02 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chsbrkr.dll
[2011/07/14 11:21:02 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2011/07/14 11:21:02 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chtbrkr.dll
[2011/07/14 11:21:01 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\korwbrkr.dll
[2011/07/14 11:21:01 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2011/07/14 11:21:00 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.lex
[2011/07/14 11:21:00 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2011/07/14 11:21:00 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.dll
[2011/07/14 11:21:00 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2011/07/14 11:21:00 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2011/07/14 11:20:54 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2011/07/14 11:20:47 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2011/07/14 11:20:38 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINGB.IME
[2011/07/14 11:20:38 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2011/07/14 11:20:37 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2011/07/14 11:20:37 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_g18030.dll
[2011/07/14 11:20:37 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2011/07/14 11:20:36 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101a.dll
[2011/07/14 11:20:36 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2011/07/14 11:20:32 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2011/07/14 11:20:32 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2011/07/14 11:20:31 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2011/07/14 11:20:31 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2011/07/14 11:20:31 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2011/07/14 11:20:23 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2011/07/14 11:20:23 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2011/07/14 11:20:22 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2011/07/14 11:20:22 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2011/07/14 11:20:22 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2011/07/14 11:20:22 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecAT.dll
[2011/07/14 11:20:22 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2011/07/14 11:20:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecNT.dll
[2011/07/14 11:20:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2011/07/14 11:20:22 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec95.dll
[2011/07/14 11:20:22 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2011/07/14 11:20:22 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdibm02.dll
[2011/07/14 11:20:22 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2011/07/14 11:20:22 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\f3ahvoas.dll
[2011/07/14 11:20:22 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2011/07/14 11:20:22 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41a.dll
[2011/07/14 11:20:22 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2011/07/14 11:20:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41j.dll
[2011/07/14 11:20:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2011/07/14 11:20:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdax2.dll
[2011/07/14 11:20:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2011/07/14 11:20:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106n.dll
[2011/07/14 11:20:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2011/07/14 11:20:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101.dll
[2011/07/14 11:20:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2011/07/14 11:20:21 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2011/07/14 11:20:21 | 000,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2011/07/14 11:20:21 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2011/07/14 11:19:54 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2011/07/14 11:19:54 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2011/07/14 11:19:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2011/07/14 11:19:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_is2022.dll
[2011/07/14 11:19:48 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2011/07/14 11:19:48 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2011/07/14 11:19:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2011/07/14 11:19:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2011/07/14 11:19:48 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2011/07/14 11:19:44 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt041f.dll
[2011/07/14 11:19:44 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2011/07/14 11:19:42 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0419.dll
[2011/07/14 11:19:42 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2011/07/14 11:19:42 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2011/07/14 11:19:42 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuq.dll
[2011/07/14 11:19:42 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuf.dll
[2011/07/14 11:19:42 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2011/07/14 11:19:42 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdazel.dll
[2011/07/14 11:19:40 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0408.dll
[2011/07/14 11:19:40 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2011/07/14 11:19:40 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2011/07/14 11:19:40 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2011/07/14 11:19:40 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2011/07/14 11:19:40 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2011/07/14 11:19:40 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2011/07/14 11:19:40 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2011/07/14 11:19:40 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2011/07/14 11:19:40 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2011/07/14 11:19:40 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2011/07/14 11:19:40 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2011/07/14 11:19:40 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2011/07/14 11:19:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycc.dll
[2011/07/14 11:19:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbduzb.dll
[2011/07/14 11:19:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdur.dll
[2011/07/14 11:19:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtat.dll
[2011/07/14 11:19:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru1.dll
[2011/07/14 11:19:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru.dll
[2011/07/14 11:19:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmon.dll
[2011/07/14 11:19:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkyr.dll
[2011/07/14 11:19:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkaz.dll
[2011/07/14 11:19:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbu.dll
[2011/07/14 11:19:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdblr.dll
[2011/07/14 11:19:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdaze.dll
[2011/07/14 11:19:38 | 000,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2011/07/14 11:19:38 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhept.dll
[2011/07/14 11:19:38 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2011/07/14 11:19:38 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela3.dll
[2011/07/14 11:19:38 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2011/07/14 11:19:38 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2011/07/14 11:19:38 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela2.dll
[2011/07/14 11:19:38 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgkl.dll
[2011/07/14 11:19:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2011/07/14 11:19:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2011/07/14 11:19:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2011/07/14 11:19:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe319.dll
[2011/07/14 11:19:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe220.dll
[2011/07/14 11:19:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe.dll
[2011/07/14 11:19:37 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2011/07/14 11:19:37 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2011/07/14 11:19:37 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2011/07/14 11:19:37 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv1.dll
[2011/07/14 11:19:37 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv.dll
[2011/07/14 11:19:37 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdest.dll
[2011/07/14 11:19:37 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2011/07/14 11:19:37 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2011/07/14 11:19:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt1.dll
[2011/07/14 11:19:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt.dll
[2011/07/14 11:19:36 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040e.dll
[2011/07/14 11:19:36 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0415.dll
[2011/07/14 11:19:36 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0405.dll
[2011/07/14 11:19:35 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2011/07/14 11:19:35 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2011/07/14 11:19:35 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2011/07/14 11:19:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl1.dll
[2011/07/14 11:19:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl.dll
[2011/07/14 11:19:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl.dll
[2011/07/14 11:19:35 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2011/07/14 11:19:35 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2011/07/14 11:19:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdro.dll
[2011/07/14 11:19:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl1.dll
[2011/07/14 11:19:34 | 000,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2011/07/14 11:19:34 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz.dll
[2011/07/14 11:19:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2011/07/14 11:19:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2011/07/14 11:19:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2011/07/14 11:19:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2011/07/14 11:19:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2011/07/14 11:19:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2011/07/14 11:19:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycl.dll
[2011/07/14 11:19:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu.dll
[2011/07/14 11:19:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz2.dll
[2011/07/14 11:19:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz1.dll
[2011/07/14 11:19:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcr.dll
[2011/07/14 11:19:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdal.dll
[2011/07/14 11:19:34 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2011/07/14 11:19:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu1.dll
[2011/07/14 11:19:32 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\dgrpsetu.dll
[2011/07/14 11:19:32 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll
[2011/07/14 11:19:32 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgsetup.dll
[2011/07/14 11:19:32 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll
[2011/07/14 11:19:32 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2011/07/14 11:19:32 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2011/07/14 11:19:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2011/07/14 11:19:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2011/07/14 11:19:31 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll
[2011/07/14 11:19:31 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnclass.dll
[2011/07/14 11:19:31 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2011/07/14 11:19:31 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2011/07/14 11:19:31 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2011/07/14 11:19:31 | 000,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2011/07/14 11:19:31 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2011/07/14 11:19:31 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2011/07/14 11:19:31 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2011/07/14 11:19:31 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2011/07/14 11:19:31 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2011/07/14 11:19:30 | 000,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2011/07/14 11:19:30 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2011/07/14 11:19:30 | 000,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2011/07/14 11:19:30 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2011/07/14 11:19:30 | 000,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2011/07/14 11:19:30 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2011/07/14 11:19:30 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2011/07/14 11:19:30 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2011/07/14 11:19:30 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2011/07/14 11:19:29 | 000,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2011/07/14 11:19:29 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2011/07/14 11:19:29 | 000,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2011/07/14 11:19:29 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2011/07/14 11:19:29 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskman.exe
[2011/07/14 11:19:29 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irenum.sys
[2011/07/14 11:19:28 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINSPOOL.DRV
[2011/07/14 11:19:28 | 000,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL
[2011/07/14 11:19:28 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\batt.dll
[2011/07/14 11:19:28 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2011/07/14 11:19:26 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2011/07/14 11:19:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2011/07/14 11:19:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2011/07/14 11:19:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2011/07/14 11:19:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2011/07/14 11:19:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2011/07/14 11:18:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/07/14 11:18:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2011/07/14 11:18:53 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/07/14 11:18:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2011/07/14 11:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2011/07/14 11:10:16 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2011/07/14 11:10:16 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2011/07/14 11:10:16 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2011/07/14 11:10:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2010/06/14 16:54:37 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/06/14 16:48:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Owner\UserData
[2010/06/14 16:42:58 | 000,000,000 | -HSD | C] -- C:\FOUND.000
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/14 13:36:58 | 000,000,212 | RHS- | M] () -- C:\boot.ini
[2011/07/14 13:11:54 | 000,347,268 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011/07/14 13:11:54 | 000,305,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/14 13:11:54 | 000,037,760 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/14 11:46:12 | 000,083,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/14 11:45:10 | 000,000,287 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/07/14 11:41:38 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/14 11:41:38 | 000,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2011/07/14 11:41:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/07/14 11:41:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/07/14 11:41:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2011/07/14 11:41:38 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/07/14 11:41:38 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/07/14 11:41:32 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/07/14 11:41:30 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/07/14 11:41:30 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/07/14 11:41:20 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/07/14 11:40:26 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2011/07/14 11:40:26 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2011/07/14 11:40:20 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2011/07/14 11:40:20 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2011/07/14 11:40:20 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2011/07/14 11:40:20 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2011/07/14 11:40:20 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2011/07/14 11:40:20 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2011/07/14 11:38:18 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/07/14 11:38:02 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2011/07/14 11:38:02 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2011/07/14 11:19:34 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/14 16:59:16 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/06/14 16:54:38 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/06/14 16:54:20 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/06/14 16:53:22 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2010/06/14 16:48:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/14 16:48:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/14 16:47:50 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/06/14 16:44:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/14 13:10:18 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Owner\ntuser.ini
[2011/07/14 13:10:16 | 000,020,480 | -H-- | C] () -- C:\Documents and Settings\Owner\ntuser.dat.LOG
[2011/07/14 13:10:14 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2011/07/14 11:45:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/07/14 11:42:25 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2011/07/14 11:42:24 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2011/07/14 11:42:24 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2011/07/14 11:42:23 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2011/07/14 11:42:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2011/07/14 11:42:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2011/07/14 11:42:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2011/07/14 11:42:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2011/07/14 11:42:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2011/07/14 11:42:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2011/07/14 11:42:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2011/07/14 11:42:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2011/07/14 11:42:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2011/07/14 11:42:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2011/07/14 11:42:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2011/07/14 11:42:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2011/07/14 11:42:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2011/07/14 11:42:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2011/07/14 11:41:37 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/14 11:41:37 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/07/14 11:41:37 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/07/14 11:41:37 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2011/07/14 11:41:37 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2011/07/14 11:41:29 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/07/14 11:41:29 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/07/14 11:41:28 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2011/07/14 11:40:25 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2011/07/14 11:40:25 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2011/07/14 11:40:19 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2011/07/14 11:40:19 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2011/07/14 11:40:19 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2011/07/14 11:40:19 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2011/07/14 11:40:19 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2011/07/14 11:40:19 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2011/07/14 11:40:00 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2011/07/14 11:39:27 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2011/07/14 11:39:27 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2011/07/14 11:39:20 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2011/07/14 11:39:06 | 000,004,639 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2011/07/14 11:38:52 | 000,376,320 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2011/07/14 11:38:17 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/07/14 11:37:00 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2011/07/14 11:37:00 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2011/07/14 11:37:00 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2011/07/14 11:37:00 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2011/07/14 11:37:00 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2011/07/14 11:37:00 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2011/07/14 11:37:00 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2011/07/14 11:37:00 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2011/07/14 11:36:59 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2011/07/14 11:36:59 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2011/07/14 11:36:59 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2011/07/14 11:36:59 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2011/07/14 11:36:59 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2011/07/14 11:36:59 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2011/07/14 11:36:59 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2011/07/14 11:36:59 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2011/07/14 11:36:58 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2011/07/14 11:36:58 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2011/07/14 11:36:58 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2011/07/14 11:36:56 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2011/07/14 11:36:56 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2011/07/14 11:36:55 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2011/07/14 11:36:49 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2011/07/14 11:21:30 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2011/07/14 11:21:30 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2011/07/14 11:21:29 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2011/07/14 11:21:29 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2011/07/14 11:21:25 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/07/14 11:21:24 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/07/14 11:21:16 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/07/14 11:21:14 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/07/14 11:21:10 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_720.nls
[2011/07/14 11:21:07 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_862.nls
[2011/07/14 11:21:01 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2011/07/14 11:21:01 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/07/14 11:21:01 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2011/07/14 11:21:01 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2011/07/14 11:20:48 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2011/07/14 11:20:48 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2011/07/14 11:20:48 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2011/07/14 11:20:48 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2011/07/14 11:20:48 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2011/07/14 11:20:48 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2011/07/14 11:20:48 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2011/07/14 11:20:48 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2011/07/14 11:20:48 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2011/07/14 11:20:48 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2011/07/14 11:20:48 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2011/07/14 11:20:48 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2011/07/14 11:20:47 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2011/07/14 11:20:47 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\c_10002.nls
[2011/07/14 11:20:47 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2011/07/14 11:20:47 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.nls
[2011/07/14 11:20:47 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2011/07/14 11:20:47 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\big5.nls
[2011/07/14 11:20:47 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2011/07/14 11:20:47 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2011/07/14 11:20:47 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2011/07/14 11:20:46 | 000,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP
[2011/07/14 11:20:46 | 000,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP
[2011/07/14 11:20:38 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2011/07/14 11:20:38 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2011/07/14 11:20:38 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2011/07/14 11:20:37 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2011/07/14 11:20:37 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_10008.nls
[2011/07/14 11:20:37 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\prcp.nls
[2011/07/14 11:20:37 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2011/07/14 11:20:37 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\prc.nls
[2011/07/14 11:20:37 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2011/07/14 11:20:32 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/07/14 11:20:32 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/07/14 11:20:23 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\c_1361.nls
[2011/07/14 11:20:23 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2011/07/14 11:20:23 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_10003.nls
[2011/07/14 11:20:23 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\ksc.nls
[2011/07/14 11:20:23 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2011/07/14 11:20:15 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/07/14 11:19:49 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2011/07/14 11:19:49 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_20949.nls
[2011/07/14 11:19:49 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2011/07/14 11:19:49 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_20936.nls
[2011/07/14 11:19:48 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2011/07/14 11:19:48 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\c_20932.nls
[2011/07/14 11:19:48 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2011/07/14 11:19:48 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\c_20000.nls
[2011/07/14 11:19:48 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2011/07/14 11:19:48 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_10001.nls
[2011/07/14 11:19:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2011/07/14 11:19:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21027.nls
[2011/07/14 11:19:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2011/07/14 11:19:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20290.nls
[2011/07/14 11:19:48 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\xjis.nls
[2011/07/14 11:19:48 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2011/07/14 11:19:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
[2011/07/14 11:19:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2011/07/14 11:19:42 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2011/07/14 11:19:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2011/07/14 11:19:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2011/07/14 11:19:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2011/07/14 11:19:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2011/07/14 11:19:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2011/07/14 11:19:38 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2011/07/14 11:19:38 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2011/07/14 11:19:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2011/07/14 11:19:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2011/07/14 11:19:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2011/07/14 11:19:36 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2011/07/14 11:19:36 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2011/07/14 11:19:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2011/07/14 11:19:34 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2011/07/14 11:19:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2011/07/14 11:19:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2011/07/14 11:19:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2011/07/14 11:19:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2011/07/14 11:19:29 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/07/14 11:19:18 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/07/14 11:19:18 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/07/14 11:19:18 | 000,168,806 | ---- | C] () -- C:\WINDOWS\System32\dllcache\startoc.cat
[2011/07/14 11:19:18 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/07/14 11:19:18 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2011/07/14 11:19:18 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2011/07/14 11:19:18 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2011/07/14 11:19:18 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/07/14 11:19:18 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2011/07/14 11:19:18 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2011/07/14 11:19:18 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/07/14 11:19:18 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011/07/14 11:19:18 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2011/07/14 11:19:18 | 000,007,029 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/07/14 11:19:17 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2011/07/14 11:19:17 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011/07/14 11:19:17 | 000,382,952 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2011/07/14 11:18:23 | 000,083,928 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/14 11:17:48 | 000,000,212 | RHS- | C] () -- C:\boot.ini
[2011/07/14 11:17:42 | 000,000,287 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/07/14 03:21:10 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2011/07/14 03:21:07 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2011/07/14 03:20:23 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2011/07/14 03:19:42 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls
[2011/07/14 03:19:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
[2011/07/14 03:19:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls
[2011/07/14 03:19:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
[2011/07/14 03:19:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls
[2011/07/14 03:19:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls
[2011/07/14 03:19:38 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls
[2011/07/14 03:19:38 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls
[2011/07/14 03:19:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls
[2011/07/14 03:19:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
[2011/07/14 03:19:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls
[2011/07/14 03:19:36 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls
[2011/07/14 03:19:36 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls
[2011/07/14 03:19:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
[2011/07/14 03:19:34 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls
[2011/07/14 03:19:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls
[2011/07/14 03:19:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls
[2011/07/14 03:19:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls
[2011/07/14 03:19:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
[2010/06/14 16:54:18 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/06/14 16:53:21 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2004/08/04 12:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 12:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
< End of report >



#7 DSR13

DSR13
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 14 June 2010 - 07:03 PM

OTL Extras logfile created on: 14/06/2010 16:58:09 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

246.00 Mb Total Physical Memory | 145.00 Mb Available Physical Memory | 59.00% Memory free
632.00 Mb Paging File | 532.00 Mb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 400 777 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.28 Gb Total Space | 27.49 Gb Free Space | 93.91% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 0-7-K_U-9_JOL-9
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.reg [@ = regfile] -- regedit.exe "%1"

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/07/2011 15:52:44 | Computer Name = 0-7-K_U-9_JOL-9 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 14/07/2011 15:52:44 | Computer Name = 0-7-K_U-9_JOL-9 | Source = PerfNet | ID = 2002
Description = Unable to open the Redirector service. Redirector performance data
will
not be returned. Error code returned is in data DWORD 0.

Error - 14/07/2011 17:10:23 | Computer Name = 0-7-K_U-9_JOL-9 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 14/07/2011 17:16:41 | Computer Name = 0-7-K_U-9_JOL-9 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 14/07/2011 17:16:41 | Computer Name = 0-7-K_U-9_JOL-9 | Source = PerfNet | ID = 2002
Description = Unable to open the Redirector service. Redirector performance data
will
not be returned. Error code returned is in data DWORD 0.

Error - 14/07/2011 18:01:00 | Computer Name = 0-7-K_U-9_JOL-9 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 14/06/2010 20:44:13 | Computer Name = 0-7-K_U-9_JOL-9 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 14/06/2010 20:48:21 | Computer Name = 0-7-K_U-9_JOL-9 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

[ System Events ]
Error - 14/06/2010 18:24:42 | Computer Name = 0-7-K_U-9_JOL-9 | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service dmadmin with
arguments "/com" in order to run the server: {4FB6BB00-3347-11D0-B40A-00AA005FF586}

Error - 14/06/2010 18:24:46 | Computer Name = 0-7-K_U-9_JOL-9 | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service dmadmin with
arguments "/com" in order to run the server: {4FB6BB00-3347-11D0-B40A-00AA005FF586}

Error - 14/06/2010 18:24:52 | Computer Name = 0-7-K_U-9_JOL-9 | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service helpsvc with
arguments "" in order to run the server: {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE}

Error - 14/06/2010 18:24:57 | Computer Name = 0-7-K_U-9_JOL-9 | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service helpsvc with
arguments "" in order to run the server: {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE}

Error - 14/06/2010 20:45:36 | Computer Name = 0-7-K_U-9_JOL-9 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 14/06/2010 20:45:36 | Computer Name = 0-7-K_U-9_JOL-9 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 14/06/2010 20:45:53 | Computer Name = 0-7-K_U-9_JOL-9 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 14/06/2010 20:45:53 | Computer Name = 0-7-K_U-9_JOL-9 | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126

Error - 14/06/2010 20:50:04 | Computer Name = 0-7-K_U-9_JOL-9 | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126

Error - 14/06/2010 20:50:04 | Computer Name = 0-7-K_U-9_JOL-9 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747


< End of report >


#8 DSR13

DSR13
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 14 June 2010 - 07:05 PM

OTL logfile created on: 14/06/2010 16:58:09 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

246.00 Mb Total Physical Memory | 145.00 Mb Available Physical Memory | 59.00% Memory free
632.00 Mb Paging File | 532.00 Mb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 400 777 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.28 Gb Total Space | 27.49 Gb Free Space | 93.91% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 0-7-K_U-9_JOL-9
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/14 16:54:38 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2004/08/04 12:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/06/14 16:54:38 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2004/08/04 12:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 12:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========


========== Driver Services (SafeList) ==========

DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2004/08/04 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/14 11:41:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/14 13:38:55 | 000,000,000 | -HSD | C] -- C:\Recycled
[2011/07/14 13:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Identities
[2011/07/14 13:10:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/07/14 13:10:17 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/07/14 13:10:15 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Owner\Application Data\Microsoft
[2011/07/14 13:10:15 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Owner\Cookies
[2011/07/14 13:10:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\SendTo
[2011/07/14 13:10:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/07/14 13:10:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Application Data
[2011/07/14 13:10:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu
[2011/07/14 13:10:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents
[2011/07/14 13:10:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Favorites
[2011/07/14 13:10:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\Templates
[2011/07/14 13:10:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\PrintHood
[2011/07/14 13:10:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\NetHood
[2011/07/14 13:10:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\Local Settings
[2011/07/14 13:10:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft
[2011/07/14 13:10:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop
[2011/07/14 13:10:12 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2011/07/14 13:10:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2011/07/14 11:49:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/07/14 11:47:07 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/07/14 11:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2011/07/14 11:46:58 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2011/07/14 11:42:16 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2011/07/14 11:42:15 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2011/07/14 11:42:14 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2011/07/14 11:42:14 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2011/07/14 11:42:13 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2011/07/14 11:42:07 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2011/07/14 11:42:07 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2011/07/14 11:42:06 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2011/07/14 11:42:06 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2011/07/14 11:42:01 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2011/07/14 11:42:00 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2011/07/14 11:42:00 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2011/07/14 11:41:59 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2011/07/14 11:41:59 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2011/07/14 11:41:59 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2011/07/14 11:41:58 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2011/07/14 11:41:58 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2011/07/14 11:41:58 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2011/07/14 11:41:57 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2011/07/14 11:41:57 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2011/07/14 11:41:57 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2011/07/14 11:41:57 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2011/07/14 11:41:56 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2011/07/14 11:41:56 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2011/07/14 11:41:56 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2011/07/14 11:41:55 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2011/07/14 11:41:55 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2011/07/14 11:41:54 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2011/07/14 11:41:54 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2011/07/14 11:41:52 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2011/07/14 11:41:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2011/07/14 11:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2011/07/14 11:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2011/07/14 11:41:19 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2011/07/14 11:40:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2011/07/14 11:40:25 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2011/07/14 11:40:25 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2011/07/14 11:40:14 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/07/14 11:39:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2011/07/14 11:39:32 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoobe.exe
[2011/07/14 11:39:30 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe
[2011/07/14 11:39:30 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notiflag.exe
[2011/07/14 11:39:30 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brpinfo.dll
[2011/07/14 11:39:30 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atrace.dll
[2011/07/14 11:39:30 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2011/07/14 11:39:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hcappres.dll
[2011/07/14 11:39:20 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe
[2011/07/14 11:39:20 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2011/07/14 11:39:20 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmevtmsg.dll
[2011/07/14 11:39:19 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe
[2011/07/14 11:39:19 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wb32.exe
[2011/07/14 11:39:19 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cb32.exe
[2011/07/14 11:39:18 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acctres.dll
[2011/07/14 11:39:18 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2011/07/14 11:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2011/07/14 11:39:15 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2011/07/14 11:39:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2011/07/14 11:39:15 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll
[2011/07/14 11:39:15 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2011/07/14 11:39:15 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icfgnt5.dll
[2011/07/14 11:39:15 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2011/07/14 11:39:14 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoap1.dll
[2011/07/14 11:39:14 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wisc10.dll
[2011/07/14 11:39:14 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoapr.dll
[2011/07/14 11:39:14 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2011/07/14 11:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/07/14 11:39:13 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieinfo5.ocx
[2011/07/14 11:39:10 | 000,725,566 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srchui.dll
[2011/07/14 11:39:10 | 000,058,434 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srchctls.dll
[2011/07/14 11:39:09 | 003,166,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgr3en.dll
[2011/07/14 11:39:09 | 000,848,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2011/07/14 11:39:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2011/07/14 11:39:08 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpband.dll
[2011/07/14 11:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2011/07/14 11:39:07 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe
[2011/07/14 11:39:07 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpvis.dll
[2011/07/14 11:39:07 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2011/07/14 11:39:07 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll
[2011/07/14 11:39:06 | 000,786,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migrate.exe
[2011/07/14 11:39:06 | 000,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2011/07/14 11:39:06 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2011/07/14 11:39:06 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2011/07/14 11:39:06 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2011/07/14 11:39:05 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2011/07/14 11:39:05 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng1.dll
[2011/07/14 11:39:05 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2011/07/14 11:39:05 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2011/07/14 11:39:05 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2011/07/14 11:39:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauserv.dll
[2011/07/14 11:39:04 | 001,134,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2011/07/14 11:39:04 | 000,430,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2011/07/14 11:39:04 | 000,430,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2011/07/14 11:39:04 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2011/07/14 11:39:04 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt1.exe
[2011/07/14 11:39:04 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2011/07/14 11:39:04 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2011/07/14 11:39:04 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2011/07/14 11:39:04 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2011/07/14 11:39:04 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx2.dll
[2011/07/14 11:39:04 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2011/07/14 11:39:04 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx3.dll
[2011/07/14 11:39:04 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2011/07/14 11:39:03 | 000,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgr.dll
[2011/07/14 11:39:03 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2011/07/14 11:39:03 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgrprxy.dll
[2011/07/14 11:39:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res2.dll
[2011/07/14 11:39:01 | 004,256,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res.dll
[2011/07/14 11:39:01 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2eres.dll
[2011/07/14 11:39:00 | 000,502,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxa.dll
[2011/07/14 11:39:00 | 000,402,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2filt.dll
[2011/07/14 11:39:00 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxb.dll
[2011/07/14 11:39:00 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ae.dll
[2011/07/14 11:39:00 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ext.dll
[2011/07/14 11:38:59 | 003,555,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2011/07/14 11:38:59 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2011/07/14 11:38:57 | 000,561,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobmain.dll
[2011/07/14 11:38:57 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobcomm.dll
[2011/07/14 11:38:57 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oobebaln.exe
[2011/07/14 11:38:57 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobshel.dll
[2011/07/14 11:38:57 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobweb.dll
[2011/07/14 11:38:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobdl.dll
[2011/07/14 11:38:55 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uploadm.exe
[2011/07/14 11:38:55 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2011/07/14 11:38:55 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrslv.dll
[2011/07/14 11:38:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2011/07/14 11:38:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrcdlg.dll
[2011/07/14 11:38:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2011/07/14 11:38:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\racpldlg.dll
[2011/07/14 11:38:55 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2011/07/14 11:38:55 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrdm.dll
[2011/07/14 11:38:54 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pchshell.dll
[2011/07/14 11:38:54 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pchsvc.dll
[2011/07/14 11:38:52 | 000,743,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2011/07/14 11:38:52 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconfig.exe
[2011/07/14 11:38:52 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hscupd.exe
[2011/07/14 11:38:51 | 000,768,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpctr.exe
[2011/07/14 11:38:51 | 000,380,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rstrui.exe
[2011/07/14 11:38:51 | 000,124,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmgr.sys
[2011/07/14 11:38:51 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltMc.exe
[2011/07/14 11:38:51 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmc.exe
[2011/07/14 11:38:51 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltlib.dll
[2011/07/14 11:38:50 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2011/07/14 11:38:50 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srrstr.dll
[2011/07/14 11:38:50 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srsvc.dll
[2011/07/14 11:38:50 | 000,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sr.sys
[2011/07/14 11:38:50 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srclient.dll
[2011/07/14 11:38:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2011/07/14 11:38:49 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2011/07/14 11:38:49 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ils.dll
[2011/07/14 11:38:49 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2011/07/14 11:38:49 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconf.dll
[2011/07/14 11:38:49 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcap32.dll
[2011/07/14 11:38:49 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2011/07/14 11:38:49 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmdd.dll
[2011/07/14 11:38:49 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmsrvc.exe
[2011/07/14 11:38:49 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2011/07/14 11:38:49 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\isrdbg32.dll
[2011/07/14 11:38:49 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2011/07/14 11:38:49 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmmkcert.dll
[2011/07/14 11:38:48 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\callcont.dll
[2011/07/14 11:38:48 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmas.dll
[2011/07/14 11:38:48 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rrcm.dll
[2011/07/14 11:38:48 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\h323cc.dll
[2011/07/14 11:38:48 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmasnt.dll
[2011/07/14 11:38:47 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst120.dll
[2011/07/14 11:38:47 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nac.dll
[2011/07/14 11:38:47 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmwb.dll
[2011/07/14 11:38:47 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmft.dll
[2011/07/14 11:38:47 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmchat.dll
[2011/07/14 11:38:47 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmcom.dll
[2011/07/14 11:38:47 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst123.dll
[2011/07/14 11:38:47 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\confmrsl.dll
[2011/07/14 11:38:46 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\conf.exe
[2011/07/14 11:38:46 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2011/07/14 11:38:46 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoeacct.dll
[2011/07/14 11:38:46 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmoldwb.dll
[2011/07/14 11:38:46 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2011/07/14 11:38:46 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoert2.dll
[2011/07/14 11:38:46 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/07/14 11:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2011/07/14 11:38:45 | 000,504,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32.dll
[2011/07/14 11:38:45 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32res.dll
[2011/07/14 11:38:45 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabimp.dll
[2011/07/14 11:38:45 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\directdb.dll
[2011/07/14 11:38:45 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2011/07/14 11:38:45 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetres.dll
[2011/07/14 11:38:45 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabfind.dll
[2011/07/14 11:38:45 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabmig.exe
[2011/07/14 11:38:44 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2011/07/14 11:38:44 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oeimport.dll
[2011/07/14 11:38:44 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msimn.exe
[2011/07/14 11:38:43 | 002,479,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoeres.dll
[2011/07/14 11:38:42 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstask.dll
[2011/07/14 11:38:42 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schedsvc.dll
[2011/07/14 11:38:42 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup50.exe
[2011/07/14 11:38:42 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemig50.exe
[2011/07/14 11:38:42 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemiglib.dll
[2011/07/14 11:38:42 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2011/07/14 11:38:42 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstinit.exe
[2011/07/14 11:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2011/07/14 11:38:41 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2011/07/14 11:38:41 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcfg.dll
[2011/07/14 11:38:41 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2011/07/14 11:38:41 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll
[2011/07/14 11:38:41 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2011/07/14 11:38:41 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdial.dll
[2011/07/14 11:38:41 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2011/07/14 11:38:41 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwphbk.dll
[2011/07/14 11:38:40 | 000,561,179 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dao360.dll
[2011/07/14 11:38:40 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn1.exe
[2011/07/14 11:38:40 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwhelp.dll
[2011/07/14 11:38:40 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn2.exe
[2011/07/14 11:38:40 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn.dll
[2011/07/14 11:38:40 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwutil.dll
[2011/07/14 11:38:40 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdl.dll
[2011/07/14 11:38:40 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwrmind.exe
[2011/07/14 11:38:40 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetwiz.exe
[2011/07/14 11:38:39 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32.dll
[2011/07/14 11:38:39 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqlxmlx.dll
[2011/07/14 11:38:39 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32r.dll
[2011/07/14 11:38:38 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasql.dll
[2011/07/14 11:38:38 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaora.dll
[2011/07/14 11:38:38 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaps.dll
[2011/07/14 11:38:38 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll
[2011/07/14 11:38:38 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatl3.dll
[2011/07/14 11:38:38 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaosp.dll
[2011/07/14 11:38:38 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxactps.dll
[2011/07/14 11:38:38 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatt.dll
[2011/07/14 11:38:38 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasqlr.dll
[2011/07/14 11:38:38 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaorar.dll
[2011/07/14 11:38:38 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaurl.dll
[2011/07/14 11:38:38 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasc.dll
[2011/07/14 11:38:38 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaer.dll
[2011/07/14 11:38:38 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaenum.dll
[2011/07/14 11:38:38 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdadc.dll
[2011/07/14 11:38:37 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2011/07/14 11:38:37 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll
[2011/07/14 11:38:37 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll
[2011/07/14 11:38:37 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdarem.dll
[2011/07/14 11:38:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado27.tlb
[2011/07/14 11:38:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado26.tlb
[2011/07/14 11:38:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado25.tlb
[2011/07/14 11:38:37 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado21.tlb
[2011/07/14 11:38:37 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado20.tlb
[2011/07/14 11:38:37 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadrh15.dll
[2011/07/14 11:38:37 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msador15.dll
[2011/07/14 11:38:37 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msader15.dll
[2011/07/14 11:38:36 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2011/07/14 11:38:36 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprst.dll
[2011/07/14 11:38:36 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadds.dll
[2011/07/14 11:38:36 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadco.dll
[2011/07/14 11:38:36 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcf.dll
[2011/07/14 11:38:36 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcs.dll
[2011/07/14 11:38:36 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdfmap.dll
[2011/07/14 11:38:36 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaddsr.dll
[2011/07/14 11:38:36 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcer.dll
[2011/07/14 11:38:36 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaremr.dll
[2011/07/14 11:38:36 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprsr.dll
[2011/07/14 11:38:36 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcor.dll
[2011/07/14 11:38:36 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcfr.dll
[2011/07/14 11:38:35 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hmmapi.dll
[2011/07/14 11:38:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2011/07/14 11:38:34 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedw.exe
[2011/07/14 11:38:32 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2011/07/14 11:38:29 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2011/07/14 11:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/07/14 11:37:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2011/07/14 11:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2011/07/14 11:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2011/07/14 11:37:19 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2011/07/14 11:37:18 | 001,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2011/07/14 11:37:18 | 000,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2011/07/14 11:37:18 | 000,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2011/07/14 11:37:18 | 000,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2011/07/14 11:37:18 | 000,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2011/07/14 11:37:18 | 000,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2011/07/14 11:37:17 | 002,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2011/07/14 11:37:17 | 001,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2011/07/14 11:37:17 | 000,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2011/07/14 11:37:17 | 000,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2011/07/14 11:37:17 | 000,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2011/07/14 11:37:17 | 000,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2011/07/14 11:37:17 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2011/07/14 11:37:17 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2011/07/14 11:37:17 | 000,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2011/07/14 11:37:17 | 000,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2011/07/14 11:37:16 | 001,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2011/07/14 11:37:16 | 000,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2011/07/14 11:37:16 | 000,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2011/07/14 11:37:16 | 000,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2011/07/14 11:37:16 | 000,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2011/07/14 11:37:15 | 000,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2011/07/14 11:37:15 | 000,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2011/07/14 11:37:15 | 000,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2011/07/14 11:37:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2011/07/14 11:37:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2011/07/14 11:37:15 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2011/07/14 11:37:07 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2011/07/14 11:37:07 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2011/07/14 11:37:06 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2011/07/14 11:37:06 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2011/07/14 11:37:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2011/07/14 11:37:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2011/07/14 11:37:06 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2011/07/14 11:37:06 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2011/07/14 11:37:06 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2011/07/14 11:37:06 | 000,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll
[2011/07/14 11:37:05 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2011/07/14 11:37:05 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2011/07/14 11:36:58 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2011/07/14 11:36:58 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2011/07/14 11:36:58 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2011/07/14 11:36:58 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2011/07/14 11:36:58 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2011/07/14 11:36:58 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2011/07/14 11:36:57 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2011/07/14 11:36:57 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2011/07/14 11:36:57 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2011/07/14 11:36:57 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2011/07/14 11:36:57 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2011/07/14 11:36:57 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2011/07/14 11:36:57 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2011/07/14 11:36:57 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2011/07/14 11:36:56 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2011/07/14 11:36:56 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe
[2011/07/14 11:36:56 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2011/07/14 11:36:56 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qwinsta.exe
[2011/07/14 11:36:56 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2011/07/14 11:36:56 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe
[2011/07/14 11:36:56 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2011/07/14 11:36:56 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qappsrv.exe
[2011/07/14 11:36:56 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2011/07/14 11:36:56 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe
[2011/07/14 11:36:56 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2011/07/14 11:36:56 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe
[2011/07/14 11:36:56 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2011/07/14 11:36:56 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe
[2011/07/14 11:36:56 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2011/07/14 11:36:56 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe
[2011/07/14 11:36:56 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2011/07/14 11:36:56 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe
[2011/07/14 11:36:56 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2011/07/14 11:36:56 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe
[2011/07/14 11:36:56 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2011/07/14 11:36:56 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcfgex.dll
[2011/07/14 11:36:55 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2011/07/14 11:36:55 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msg.exe
[2011/07/14 11:36:55 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtsadmin.tlb
[2011/07/14 11:36:55 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdmodem.dll
[2011/07/14 11:36:55 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2011/07/14 11:36:55 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2011/07/14 11:36:55 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe
[2011/07/14 11:36:54 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.dll
[2011/07/14 11:36:54 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2011/07/14 11:36:54 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comaddin.dll
[2011/07/14 11:36:54 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2011/07/14 11:36:54 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2011/07/14 11:36:54 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxlegih.dll
[2011/07/14 11:36:54 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2011/07/14 11:36:54 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxdm.dll
[2011/07/14 11:36:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcomcnfg.exe
[2011/07/14 11:36:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2011/07/14 11:36:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrereg.exe
[2011/07/14 11:36:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2011/07/14 11:36:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxex.dll
[2011/07/14 11:36:53 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsnap.dll
[2011/07/14 11:36:53 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2011/07/14 11:36:53 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2011/07/14 11:36:53 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stclient.dll
[2011/07/14 11:36:53 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmi2xml.dll
[2011/07/14 11:36:50 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipicmp.dll
[2011/07/14 11:36:50 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmimsg.dll
[2011/07/14 11:36:50 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.tlb
[2011/07/14 11:36:50 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmitimep.dll
[2011/07/14 11:36:50 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.tlb
[2011/07/14 11:36:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmtr.dll
[2011/07/14 11:36:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmt.exe
[2011/07/14 11:36:50 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.dll
[2011/07/14 11:36:49 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll
[2011/07/14 11:36:49 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprov.dll
[2011/07/14 11:36:49 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\updprov.dll
[2011/07/14 11:36:49 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmplprov.dll
[2011/07/14 11:36:49 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trnsprov.dll
[2011/07/14 11:36:49 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fwdprov.dll
[2011/07/14 11:36:49 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpcons.dll
[2011/07/14 11:36:49 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unsecapp.exe
[2011/07/14 11:36:34 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2011/07/14 11:36:33 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2011/07/14 11:36:33 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\accwiz.exe
[2011/07/14 11:36:33 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2011/07/14 11:36:33 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2011/07/14 11:36:33 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndrec32.exe
[2011/07/14 11:36:33 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2011/07/14 11:36:33 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2011/07/14 11:36:33 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\access.cpl
[2011/07/14 11:36:33 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2011/07/14 11:36:32 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dialer.exe
[2011/07/14 11:36:32 | 000,345,088 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2011/07/14 11:36:32 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2011/07/14 11:36:32 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2011/07/14 11:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2011/07/14 11:36:31 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2011/07/14 11:36:31 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spider.exe
[2011/07/14 11:36:31 | 000,139,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/07/14 11:36:31 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clipbrd.exe
[2011/07/14 11:36:31 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2011/07/14 11:36:31 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdtcp.sys
[2011/07/14 11:36:31 | 000,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdpipe.sys
[2011/07/14 11:36:30 | 000,655,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2011/07/14 11:36:30 | 000,407,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstsc.exe
[2011/07/14 11:36:30 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sessmgr.exe
[2011/07/14 11:36:30 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2011/07/14 11:36:30 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscfgwmi.dll
[2011/07/14 11:36:30 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2011/07/14 11:36:30 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdshost.exe
[2011/07/14 11:36:30 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\remotepg.dll
[2011/07/14 11:36:30 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2011/07/14 11:36:30 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdsaddin.exe
[2011/07/14 11:36:29 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\termsrv.dll
[2011/07/14 11:36:29 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2011/07/14 11:36:29 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdchost.dll
[2011/07/14 11:36:29 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2011/07/14 11:36:29 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwsx.dll
[2011/07/14 11:36:29 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2011/07/14 11:36:29 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpclip.exe
[2011/07/14 11:36:29 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2011/07/14 11:36:29 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscupgrd.exe
[2011/07/14 11:36:29 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2011/07/14 11:36:29 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qprocess.exe
[2011/07/14 11:36:29 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2011/07/14 11:36:29 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpsnd.dll
[2011/07/14 11:36:28 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2011/07/14 11:36:28 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcprx.dll
[2011/07/14 11:36:28 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2011/07/14 11:36:28 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcuiu.dll
[2011/07/14 11:36:28 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2011/07/14 11:36:28 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxoci.dll
[2011/07/14 11:36:28 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgbkend.dll
[2011/07/14 11:36:28 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2011/07/14 11:36:28 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2011/07/14 11:36:28 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icaapi.dll
[2011/07/14 11:36:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2011/07/14 11:36:27 | 000,949,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2011/07/14 11:36:27 | 000,949,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtctm.dll
[2011/07/14 11:36:27 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2011/07/14 11:36:27 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtclog.dll
[2011/07/14 11:36:27 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2011/07/14 11:36:27 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xolehlp.dll
[2011/07/14 11:36:27 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtc.exe
[2011/07/14 11:36:26 | 000,628,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrvut.dll
[2011/07/14 11:36:26 | 000,628,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2011/07/14 11:36:26 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comadmin.dll
[2011/07/14 11:36:26 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clbcatex.dll
[2011/07/14 11:36:26 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2011/07/14 11:36:26 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrvps.dll
[2011/07/14 11:36:26 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2011/07/14 11:36:26 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2011/07/14 11:36:26 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2011/07/14 11:36:26 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.exe
[2011/07/14 11:36:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2011/07/14 11:36:25 | 001,251,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsvcs.dll
[2011/07/14 11:36:25 | 001,251,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2011/07/14 11:36:25 | 000,540,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comuid.dll
[2011/07/14 11:36:25 | 000,540,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2011/07/14 11:36:25 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrv.dll
[2011/07/14 11:36:25 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2011/07/14 11:36:24 | 000,501,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clbcatq.dll
[2011/07/14 11:36:23 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipcima.dll
[2011/07/14 11:36:23 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmisvc.dll
[2011/07/14 11:36:23 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprov.dll
[2011/07/14 11:36:23 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmidcprv.dll
[2011/07/14 11:36:23 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipdskq.dll
[2011/07/14 11:36:23 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiutils.dll
[2011/07/14 11:36:23 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipjobj.dll
[2011/07/14 11:36:23 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipiprt.dll
[2011/07/14 11:36:23 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipsess.dll
[2011/07/14 11:36:22 | 000,530,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcore.dll
[2011/07/14 11:36:22 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemess.dll
[2011/07/14 11:36:22 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcomn.dll
[2011/07/14 11:36:22 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemupgd.dll
[2011/07/14 11:36:22 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiadap.exe
[2011/07/14 11:36:22 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.dll
[2011/07/14 11:36:22 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiapsrv.exe
[2011/07/14 11:36:22 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemtest.exe
[2011/07/14 11:36:22 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiaprpl.dll
[2011/07/14 11:36:22 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcons.dll
[2011/07/14 11:36:22 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmicookr.dll
[2011/07/14 11:36:22 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemsvc.dll
[2011/07/14 11:36:22 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemprox.dll
[2011/07/14 11:36:22 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiapres.dll
[2011/07/14 11:36:21 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\provthrd.dll
[2011/07/14 11:36:21 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntevt.dll
[2011/07/14 11:36:21 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcntl.dll
[2011/07/14 11:36:21 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\repdrvfs.dll
[2011/07/14 11:36:21 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viewprov.dll
[2011/07/14 11:36:21 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stdprov.dll
[2011/07/14 11:36:21 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrcons.exe
[2011/07/14 11:36:20 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\framedyn.dll
[2011/07/14 11:36:20 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofd.dll
[2011/07/14 11:36:20 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ncprov.dll
[2011/07/14 11:36:20 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\krnlprov.dll
[2011/07/14 11:36:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofcomp.exe
[2011/07/14 11:36:19 | 001,352,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cimwin32.dll
[2011/07/14 11:36:19 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\esscli.dll
[2011/07/14 11:36:18 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmprops.dll
[2011/07/14 11:36:18 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2011/07/14 11:36:18 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2011/07/14 11:36:18 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licwmi.dll
[2011/07/14 11:36:18 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2011/07/14 11:36:18 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\servdeps.dll
[2011/07/14 11:36:18 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2011/07/14 11:36:18 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mmfutil.dll
[2011/07/14 11:23:04 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTL8139.sys
[2011/07/14 11:22:44 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2011/07/14 11:21:33 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2011/07/14 11:21:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/07/14 11:21:31 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll
[2011/07/14 11:21:31 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll
[2011/07/14 11:21:29 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spttseng.dll
[2011/07/14 11:21:28 | 000,741,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.dll
[2011/07/14 11:21:28 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.cpl
[2011/07/14 11:21:28 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2011/07/14 11:21:28 | 000,000,000 | R--D | C] -- C:\Program Files
[2011/07/14 11:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2011/07/14 11:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2011/07/14 11:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2011/07/14 11:21:26 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2011/07/14 11:21:26 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2011/07/14 11:21:25 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TINTLGNT.IME
[2011/07/14 11:21:25 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2011/07/14 11:21:25 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2011/07/14 11:21:25 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2011/07/14 11:21:25 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winar30.ime
[2011/07/14 11:21:25 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2011/07/14 11:21:25 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\quick.ime
[2011/07/14 11:21:25 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2011/07/14 11:21:25 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2011/07/14 11:21:25 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2011/07/14 11:21:25 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2011/07/14 11:21:25 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CINTLGNT.IME
[2011/07/14 11:21:25 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2011/07/14 11:21:25 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\miniime.tpl
[2011/07/14 11:21:25 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2011/07/14 11:21:24 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\phon.ime
[2011/07/14 11:21:24 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2011/07/14 11:21:24 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2011/07/14 11:21:24 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dayi.ime
[2011/07/14 11:21:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2011/07/14 11:21:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chajei.ime
[2011/07/14 11:21:24 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uniime.dll
[2011/07/14 11:21:24 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2011/07/14 11:21:24 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winime.ime
[2011/07/14 11:21:24 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2011/07/14 11:21:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicdime.ime
[2011/07/14 11:21:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2011/07/14 11:21:24 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2011/07/14 11:21:24 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\romanime.ime
[2011/07/14 11:21:24 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2011/07/14 11:21:24 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2011/07/14 11:21:16 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PINTLGNT.IME
[2011/07/14 11:21:16 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2011/07/14 11:21:16 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINZM.IME
[2011/07/14 11:21:16 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2011/07/14 11:21:16 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINSP.IME
[2011/07/14 11:21:16 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2011/07/14 11:21:16 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINPY.IME
[2011/07/14 11:21:16 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2011/07/14 11:21:16 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2011/07/14 11:21:16 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2011/07/14 11:21:15 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81k.dll
[2011/07/14 11:21:15 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2011/07/14 11:21:15 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81.ime
[2011/07/14 11:21:15 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2011/07/14 11:21:15 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2011/07/14 11:21:15 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2011/07/14 11:21:15 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2011/07/14 11:21:15 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2011/07/14 11:21:15 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2011/07/14 11:21:14 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2011/07/14 11:21:14 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2011/07/14 11:21:14 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2011/07/14 11:21:14 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2011/07/14 11:21:14 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2011/07/14 11:21:14 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2011/07/14 11:21:13 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2011/07/14 11:21:13 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2011/07/14 11:21:13 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2011/07/14 11:21:13 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2011/07/14 11:21:13 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2011/07/14 11:21:02 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2011/07/14 11:21:02 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chsbrkr.dll
[2011/07/14 11:21:02 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2011/07/14 11:21:02 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chtbrkr.dll
[2011/07/14 11:21:01 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\korwbrkr.dll
[2011/07/14 11:21:01 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2011/07/14 11:21:00 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.lex
[2011/07/14 11:21:00 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2011/07/14 11:21:00 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.dll
[2011/07/14 11:21:00 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2011/07/14 11:21:00 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2011/07/14 11:20:54 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2011/07/14 11:20:47 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2011/07/14 11:20:38 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINGB.IME
[2011/07/14 11:20:38 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2011/07/14 11:20:37 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2011/07/14 11:20:37 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_g18030.dll
[2011/07/14 11:20:37 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2011/07/14 11:20:36 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101a.dll
[2011/07/14 11:20:36 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2011/07/14 11:20:32 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2011/07/14 11:20:32 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2011/07/14 11:20:31 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2011/07/14 11:20:31 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2011/07/14 11:20:31 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2011/07/14 11:20:23 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2011/07/14 11:20:23 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2011/07/14 11:20:22 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2011/07/14 11:20:22 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2011/07/14 11:20:22 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2011/07/14 11:20:22 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecAT.dll
[2011/07/14 11:20:22 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2011/07/14 11:20:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecNT.dll
[2011/07/14 11:20:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2011/07/14 11:20:22 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec95.dll
[2011/07/14 11:20:22 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2011/07/14 11:20:22 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdibm02.dll
[2011/07/14 11:20:22 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2011/07/14 11:20:22 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\f3ahvoas.dll
[2011/07/14 11:20:22 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2011/07/14 11:20:22 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41a.dll
[2011/07/14 11:20:22 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2011/07/14 11:20:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41j.dll
[2011/07/14 11:20:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2011/07/14 11:20:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdax2.dll
[2011/07/14 11:20:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2011/07/14 11:20:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106n.dll
[2011/07/14 11:20:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2011/07/14 11:20:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101.dll
[2011/07/14 11:20:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2011/07/14 11:20:21 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2011/07/14 11:20:21 | 000,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2011/07/14 11:20:21 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2011/07/14 11:19:54 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2011/07/14 11:19:54 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2011/07/14 11:19:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2011/07/14 11:19:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_is2022.dll
[2011/07/14 11:19:48 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2011/07/14 11:19:48 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2011/07/14 11:19:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2011/07/14 11:19:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2011/07/14 11:19:48 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2011/07/14 11:19:44 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt041f.dll
[2011/07/14 11:19:44 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2011/07/14 11:19:42 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0419.dll
[2011/07/14 11:19:42 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2011/07/14 11:19:42 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2011/07/14 11:19:42 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuq.dll
[2011/07/14 11:19:42 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuf.dll
[2011/07/14 11:19:42 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2011/07/14 11:19:42 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdazel.dll
[2011/07/14 11:19:40 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0408.dll
[2011/07/14 11:19:40 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2011/07/14 11:19:40 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2011/07/14 11:19:40 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2011/07/14 11:19:40 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2011/07/14 11:19:40 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2011/07/14 11:19:40 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2011/07/14 11:19:40 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2011/07/14 11:19:40 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2011/07/14 11:19:40 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2011/07/14 11:19:40 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2011/07/14 11:19:40 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2011/07/14 11:19:40 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2011/07/14 11:19:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycc.dll
[2011/07/14 11:19:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbduzb.dll
[2011/07/14 11:19:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdur.dll
[2011/07/14 11:19:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtat.dll
[2011/07/14 11:19:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru1.dll
[2011/07/14 11:19:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru.dll
[2011/07/14 11:19:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmon.dll
[2011/07/14 11:19:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkyr.dll
[2011/07/14 11:19:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkaz.dll
[2011/07/14 11:19:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbu.dll
[2011/07/14 11:19:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdblr.dll
[2011/07/14 11:19:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdaze.dll
[2011/07/14 11:19:38 | 000,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2011/07/14 11:19:38 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhept.dll
[2011/07/14 11:19:38 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2011/07/14 11:19:38 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela3.dll
[2011/07/14 11:19:38 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2011/07/14 11:19:38 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2011/07/14 11:19:38 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela2.dll
[2011/07/14 11:19:38 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgkl.dll
[2011/07/14 11:19:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2011/07/14 11:19:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2011/07/14 11:19:38 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2011/07/14 11:19:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe319.dll
[2011/07/14 11:19:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe220.dll
[2011/07/14 11:19:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe.dll
[2011/07/14 11:19:37 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2011/07/14 11:19:37 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2011/07/14 11:19:37 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2011/07/14 11:19:37 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv1.dll
[2011/07/14 11:19:37 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv.dll
[2011/07/14 11:19:37 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdest.dll
[2011/07/14 11:19:37 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2011/07/14 11:19:37 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2011/07/14 11:19:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt1.dll
[2011/07/14 11:19:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt.dll
[2011/07/14 11:19:36 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040e.dll
[2011/07/14 11:19:36 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0415.dll
[2011/07/14 11:19:36 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0405.dll
[2011/07/14 11:19:35 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2011/07/14 11:19:35 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2011/07/14 11:19:35 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2011/07/14 11:19:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl1.dll
[2011/07/14 11:19:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl.dll
[2011/07/14 11:19:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl.dll
[2011/07/14 11:19:35 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2011/07/14 11:19:35 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2011/07/14 11:19:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdro.dll
[2011/07/14 11:19:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl1.dll
[2011/07/14 11:19:34 | 000,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2011/07/14 11:19:34 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz.dll
[2011/07/14 11:19:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2011/07/14 11:19:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2011/07/14 11:19:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2011/07/14 11:19:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2011/07/14 11:19:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2011/07/14 11:19:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2011/07/14 11:19:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycl.dll
[2011/07/14 11:19:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu.dll
[2011/07/14 11:19:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz2.dll
[2011/07/14 11:19:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz1.dll
[2011/07/14 11:19:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcr.dll
[2011/07/14 11:19:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdal.dll
[2011/07/14 11:19:34 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2011/07/14 11:19:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu1.dll
[2011/07/14 11:19:32 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\dgrpsetu.dll
[2011/07/14 11:19:32 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll
[2011/07/14 11:19:32 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgsetup.dll
[2011/07/14 11:19:32 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll
[2011/07/14 11:19:32 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2011/07/14 11:19:32 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2011/07/14 11:19:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2011/07/14 11:19:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2011/07/14 11:19:31 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll
[2011/07/14 11:19:31 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnclass.dll
[2011/07/14 11:19:31 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2011/07/14 11:19:31 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2011/07/14 11:19:31 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2011/07/14 11:19:31 | 000,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2011/07/14 11:19:31 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2011/07/14 11:19:31 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2011/07/14 11:19:31 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2011/07/14 11:19:31 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2011/07/14 11:19:31 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2011/07/14 11:19:30 | 000,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2011/07/14 11:19:30 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2011/07/14 11:19:30 | 000,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2011/07/14 11:19:30 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2011/07/14 11:19:30 | 000,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2011/07/14 11:19:30 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2011/07/14 11:19:30 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2011/07/14 11:19:30 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2011/07/14 11:19:30 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2011/07/14 11:19:29 | 000,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2011/07/14 11:19:29 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2011/07/14 11:19:29 | 000,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2011/07/14 11:19:29 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2011/07/14 11:19:29 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskman.exe
[2011/07/14 11:19:29 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irenum.sys
[2011/07/14 11:19:28 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINSPOOL.DRV
[2011/07/14 11:19:28 | 000,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL
[2011/07/14 11:19:28 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\batt.dll
[2011/07/14 11:19:28 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2011/07/14 11:19:26 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2011/07/14 11:19:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2011/07/14 11:19:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2011/07/14 11:19:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2011/07/14 11:19:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2011/07/14 11:19:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2011/07/14 11:18:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/07/14 11:18:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2011/07/14 11:18:53 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/07/14 11:18:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2011/07/14 11:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2011/07/14 11:10:16 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2011/07/14 11:10:16 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2011/07/14 11:10:16 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2011/07/14 11:10:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/07/14 11:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2010/06/14 16:54:37 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/06/14 16:48:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Owner\UserData
[2010/06/14 16:42:58 | 000,000,000 | -HSD | C] -- C:\FOUND.000
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/14 13:36:58 | 000,000,212 | RHS- | M] () -- C:\boot.ini
[2011/07/14 13:11:54 | 000,347,268 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011/07/14 13:11:54 | 000,305,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/14 13:11:54 | 000,037,760 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/14 11:46:12 | 000,083,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/14 11:45:10 | 000,000,287 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/07/14 11:41:38 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/14 11:41:38 | 000,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2011/07/14 11:41:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/07/14 11:41:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/07/14 11:41:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2011/07/14 11:41:38 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/07/14 11:41:38 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/07/14 11:41:32 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/07/14 11:41:30 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/07/14 11:41:30 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/07/14 11:41:20 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/07/14 11:40:26 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2011/07/14 11:40:26 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2011/07/14 11:40:20 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2011/07/14 11:40:20 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2011/07/14 11:40:20 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2011/07/14 11:40:20 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2011/07/14 11:40:20 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2011/07/14 11:40:20 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2011/07/14 11:38:18 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/07/14 11:38:02 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2011/07/14 11:38:02 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2011/07/14 11:19:34 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/14 16:59:16 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/06/14 16:54:38 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/06/14 16:54:20 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/06/14 16:53:22 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2010/06/14 16:48:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/14 16:48:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/14 16:47:50 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/06/14 16:44:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/14 13:10:18 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Owner\ntuser.ini
[2011/07/14 13:10:16 | 000,020,480 | -H-- | C] () -- C:\Documents and Settings\Owner\ntuser.dat.LOG
[2011/07/14 13:10:14 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2011/07/14 11:45:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/07/14 11:42:25 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2011/07/14 11:42:24 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2011/07/14 11:42:24 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2011/07/14 11:42:23 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2011/07/14 11:42:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2011/07/14 11:42:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2011/07/14 11:42:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2011/07/14 11:42:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2011/07/14 11:42:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2011/07/14 11:42:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2011/07/14 11:42:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2011/07/14 11:42:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2011/07/14 11:42:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2011/07/14 11:42:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2011/07/14 11:42:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2011/07/14 11:42:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2011/07/14 11:42:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2011/07/14 11:42:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2011/07/14 11:41:37 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/14 11:41:37 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/07/14 11:41:37 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/07/14 11:41:37 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2011/07/14 11:41:37 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2011/07/14 11:41:29 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/07/14 11:41:29 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/07/14 11:41:28 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2011/07/14 11:40:25 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2011/07/14 11:40:25 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2011/07/14 11:40:19 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2011/07/14 11:40:19 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2011/07/14 11:40:19 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2011/07/14 11:40:19 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2011/07/14 11:40:19 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2011/07/14 11:40:19 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2011/07/14 11:40:00 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2011/07/14 11:39:27 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2011/07/14 11:39:27 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2011/07/14 11:39:20 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2011/07/14 11:39:06 | 000,004,639 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2011/07/14 11:38:52 | 000,376,320 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2011/07/14 11:38:17 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/07/14 11:37:00 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2011/07/14 11:37:00 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2011/07/14 11:37:00 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2011/07/14 11:37:00 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2011/07/14 11:37:00 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2011/07/14 11:37:00 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2011/07/14 11:37:00 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2011/07/14 11:37:00 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2011/07/14 11:36:59 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2011/07/14 11:36:59 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2011/07/14 11:36:59 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2011/07/14 11:36:59 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2011/07/14 11:36:59 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2011/07/14 11:36:59 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2011/07/14 11:36:59 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2011/07/14 11:36:59 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2011/07/14 11:36:58 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2011/07/14 11:36:58 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2011/07/14 11:36:58 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2011/07/14 11:36:56 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2011/07/14 11:36:56 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2011/07/14 11:36:55 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2011/07/14 11:36:49 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2011/07/14 11:21:30 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2011/07/14 11:21:30 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2011/07/14 11:21:29 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2011/07/14 11:21:29 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2011/07/14 11:21:25 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/07/14 11:21:24 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/07/14 11:21:16 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/07/14 11:21:14 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/07/14 11:21:10 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_720.nls
[2011/07/14 11:21:07 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_862.nls
[2011/07/14 11:21:01 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2011/07/14 11:21:01 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/07/14 11:21:01 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2011/07/14 11:21:01 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2011/07/14 11:20:48 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2011/07/14 11:20:48 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2011/07/14 11:20:48 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2011/07/14 11:20:48 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2011/07/14 11:20:48 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2011/07/14 11:20:48 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2011/07/14 11:20:48 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2011/07/14 11:20:48 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2011/07/14 11:20:48 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2011/07/14 11:20:48 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2011/07/14 11:20:48 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2011/07/14 11:20:48 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2011/07/14 11:20:47 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2011/07/14 11:20:47 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\c_10002.nls
[2011/07/14 11:20:47 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2011/07/14 11:20:47 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.nls
[2011/07/14 11:20:47 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2011/07/14 11:20:47 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\big5.nls
[2011/07/14 11:20:47 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2011/07/14 11:20:47 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2011/07/14 11:20:47 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2011/07/14 11:20:46 | 000,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP
[2011/07/14 11:20:46 | 000,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP
[2011/07/14 11:20:38 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2011/07/14 11:20:38 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2011/07/14 11:20:38 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2011/07/14 11:20:37 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2011/07/14 11:20:37 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_10008.nls
[2011/07/14 11:20:37 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\prcp.nls
[2011/07/14 11:20:37 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2011/07/14 11:20:37 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\prc.nls
[2011/07/14 11:20:37 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2011/07/14 11:20:32 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/07/14 11:20:32 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/07/14 11:20:23 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\c_1361.nls
[2011/07/14 11:20:23 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2011/07/14 11:20:23 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_10003.nls
[2011/07/14 11:20:23 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\ksc.nls
[2011/07/14 11:20:23 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2011/07/14 11:20:15 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/07/14 11:19:49 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2011/07/14 11:19:49 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_20949.nls
[2011/07/14 11:19:49 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2011/07/14 11:19:49 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_20936.nls
[2011/07/14 11:19:48 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2011/07/14 11:19:48 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\c_20932.nls
[2011/07/14 11:19:48 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2011/07/14 11:19:48 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\c_20000.nls
[2011/07/14 11:19:48 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2011/07/14 11:19:48 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_10001.nls
[2011/07/14 11:19:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2011/07/14 11:19:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21027.nls
[2011/07/14 11:19:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2011/07/14 11:19:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20290.nls
[2011/07/14 11:19:48 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\xjis.nls
[2011/07/14 11:19:48 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2011/07/14 11:19:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
[2011/07/14 11:19:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2011/07/14 11:19:42 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2011/07/14 11:19:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2011/07/14 11:19:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2011/07/14 11:19:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2011/07/14 11:19:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2011/07/14 11:19:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2011/07/14 11:19:38 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2011/07/14 11:19:38 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2011/07/14 11:19:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2011/07/14 11:19:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2011/07/14 11:19:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2011/07/14 11:19:36 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2011/07/14 11:19:36 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2011/07/14 11:19:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2011/07/14 11:19:34 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2011/07/14 11:19:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2011/07/14 11:19:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2011/07/14 11:19:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2011/07/14 11:19:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2011/07/14 11:19:29 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/07/14 11:19:18 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/07/14 11:19:18 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/07/14 11:19:18 | 000,168,806 | ---- | C] () -- C:\WINDOWS\System32\dllcache\startoc.cat
[2011/07/14 11:19:18 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/07/14 11:19:18 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2011/07/14 11:19:18 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2011/07/14 11:19:18 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2011/07/14 11:19:18 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/07/14 11:19:18 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2011/07/14 11:19:18 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2011/07/14 11:19:18 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/07/14 11:19:18 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011/07/14 11:19:18 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2011/07/14 11:19:18 | 000,007,029 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/07/14 11:19:17 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2011/07/14 11:19:17 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011/07/14 11:19:17 | 000,382,952 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2011/07/14 11:18:23 | 000,083,928 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/14 11:17:48 | 000,000,212 | RHS- | C] () -- C:\boot.ini
[2011/07/14 11:17:42 | 000,000,287 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/07/14 03:21:10 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2011/07/14 03:21:07 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2011/07/14 03:20:23 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2011/07/14 03:19:42 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls
[2011/07/14 03:19:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
[2011/07/14 03:19:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls
[2011/07/14 03:19:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
[2011/07/14 03:19:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls
[2011/07/14 03:19:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls
[2011/07/14 03:19:38 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls
[2011/07/14 03:19:38 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls
[2011/07/14 03:19:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls
[2011/07/14 03:19:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
[2011/07/14 03:19:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls
[2011/07/14 03:19:36 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls
[2011/07/14 03:19:36 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls
[2011/07/14 03:19:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
[2011/07/14 03:19:34 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls
[2011/07/14 03:19:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls
[2011/07/14 03:19:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls
[2011/07/14 03:19:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls
[2011/07/14 03:19:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
[2010/06/14 16:54:18 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/06/14 16:53:21 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2004/08/04 12:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 12:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
< End of report >


#9 DSR13

DSR13
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 14 June 2010 - 07:13 PM

UNREAL...

combofix says it will not run...only for windows2000 and xp

my OS is incompatable!!!!


i uploaded a newer OTL log,

#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:19 AM

Posted 15 June 2010 - 11:13 PM

Hi,

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 DSR13

DSR13
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 19 June 2010 - 07:05 PM

here is why the combofix will not run


[Version]
Signature="$Windows NT$"

[DefaultInstall]
AddReg=AddReg_
DelReg=DelReg_
; DelFiles=DelFiles_

[AddReg_]
HKLM, "SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce"
HKCR, "exefile\shell\open\command",,0,"""%1"" %*"
HKCR, "cfxxefile\shell\open\command",,0,"""%1"" %*"
HKCR, "comfile\shell\open\command",,0,"""%1"" %*"
HKCR, "cmdfile\shell\open\command",,0,"""%1"" %*"
HKCR, "batfile\shell\open\command",,0,"""%1"" %*"
HKCR, "piffile\shell\open\command",,0,"""%1"" %*"
HKCR, ".bat",,0,"batfile"
HKCR, ".cmd",,0,"cmdfile"
HKCR, ".pif",,0,"piffile"
HKCR, ".com",,0,"comfile"
HKCR, ".exe",,0,"exefile"
HKCR, ".cfxxe",,0,"cfxxefile"
HKLM, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", RestrictRun, 0x00010001, 0x00000000
HKCU, "Software\Microsoft\Windows\CurrentVersion\Policies\System", DisableRegistryTools, 0x00010001, 0x00000000
HKCU, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", RestrictRun, 0x00010001, 0x00000000
HKLM, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", RestrictRun, 0x00010001, 0x00000000
HKCU, "Software\Policies\Microsoft\Windows\System", DisableCMD, 0x00010001, 0x00000000
HKCU, "Console", QuickEdit, 0x00010001, 0x00000000
HKCU, "Console", InsertMode, 0x00010001, 0x00000000


[DelReg_]
HKLM, %IFEO%\cmd.exe
HKLM, %IFEO%\cmd.execf
HKLM, %IFEO%\attrib.exe
HKLM, %IFEO%\chcp.com
HKLM, %IFEO%\cscript.exe
HKLM, %IFEO%\catchme.cfxxe
HKLM, %IFEO%\erdnt.exe
HKLM, %IFEO%\erunt.cfxxe
HKLM, %IFEO%\expand.exe
HKLM, %IFEO%\find.exe
HKLM, %IFEO%\Findstr.exe
HKLM, %IFEO%\sed.cfxxe
HKLM, %IFEO%\grep.cfxxe
HKLM, %IFEO%\psexec.cfxxe
HKLM, %IFEO%\Nircmd.exe
HKLM, %IFEO%\Nircmd.com
HKLM, %IFEO%\Nircmd.com
HKLM, %IFEO%\N.com
HKLM, %IFEO%\ComboFix.exe
HKLM, %IFEO%\Combo-Fix.exe
HKLM, %IFEO%\reg.exe
HKLM, %IFEO%\regedit.exe
HKLM, %IFEO%\regt.cfxxe
HKLM, %IFEO%\rstrui.exe
HKLM, %IFEO%\rundll32.exe
HKLM, %IFEO%\taskmgr.exe
HKLM, %IFEO%\wscript.exe
HKLM, %IFEO%\xcopy.exe
HKLM, %IFEO%\dumphive.cfxxe
HKLM, %IFEO%\extract.exe
HKLM, %IFEO%\fdsv.cfxxe
HKLM, %IFEO%\handle.cfxxe
HKLM, %IFEO%\listdlls.cfxxe
HKLM, %IFEO%\moveex.cfxxe
HKLM, %IFEO%\gsar.cfxxe
HKLM, %IFEO%\mtee.cfxxe
HKLM, %IFEO%\restartit.cfxxe
HKLM, %IFEO%\setpath.cfxxe
HKLM, %IFEO%\sf.cfxxe
HKLM, %IFEO%\swreg.cfxxe
HKLM, %IFEO%\swsc.exe
HKLM, %IFEO%\swsc.cfxxe
HKLM, %IFEO%\swxcacls.cfxxe
HKLM, %IFEO%\PEV.cfxxe
HKLM, %IFEO%\PEV.exe
HKLM, %IFEO%\hidec.exe
HKLM, %IFEO%\zip.cfxxe
HKLM, %IFEO%\swreg.exe
HKLM, %IFEO%\ctfmon.exe

[Strings]
IFEO = "Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options"

[DelFiles_]
Nircmd.scr

[DestinationDirs]
DelFiles_=01

#12 DSR13

DSR13
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 19 June 2010 - 07:14 PM

OTL logfile created on: 6/19/2010 5:10:15 PM - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

246.00 Mb Total Physical Memory | 48.00 Mb Available Physical Memory | 20.00% Memory free
232.00 Mb Paging File | 36.00 Mb Available in Paging File | 16.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.76 Gb Total Space | 8.34 Gb Free Space | 85.48% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GIP76
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\JNAMK97S\DCOMbob[1].exe (Gibson Research Corp.)
PRC - C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\JNAMK97S\removaltool-win32-en[1].exe (Avira GmbH)
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avnotify.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)


========== Driver Services (All) ==========

DRV - (WDICA) -- File not found
DRV - (ViaIde) -- File not found
DRV - (ultra) -- File not found
DRV - (TosIde) -- File not found
DRV - (symc8xx) -- File not found
DRV - (symc810) -- File not found
DRV - (sym_u3) -- File not found
DRV - (sym_hi) -- File not found
DRV - (Sparrow) -- File not found
DRV - (Simbad) -- File not found
DRV - (ql1280) -- File not found
DRV - (ql1240) -- File not found
DRV - (ql12160) -- File not found
DRV - (Ql10wnt) -- File not found
DRV - (ql1080) -- File not found
DRV - (perc2hib) -- File not found
DRV - (perc2) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (mraid35x) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (ini910u) -- File not found
DRV - (i2omp) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (hpn) -- File not found
DRV - (dpti2o) -- File not found
DRV - (dac960nt) -- File not found
DRV - (Cpqarray) -- File not found
DRV - (CmdIde) -- File not found
DRV - (Changer) -- File not found
DRV - (cd20xrnt) -- File not found
DRV - (Atdisk) -- File not found
DRV - (asc3550) -- File not found
DRV - (asc3350p) -- File not found
DRV - (asc) -- File not found
DRV - (amsint) -- File not found
DRV - (AliIde) -- File not found
DRV - (aic78xx) -- File not found
DRV - (aic78u2) -- File not found
DRV - (Aha154x) -- File not found
DRV - (adpu160m) -- File not found
DRV - (abp480n5) -- File not found
DRV - (Abiosdsk) -- File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (dmboot) -- C:\WINDOWS\system32\drivers\dmboot.sys (Microsoft Corp., Veritas Software)
DRV - (Ntfs) -- C:\WINDOWS\system32\drivers\ntfs.sys (Microsoft Corporation)
DRV - (Tcpip) -- C:\WINDOWS\system32\drivers\tcpip.sys (Microsoft Corporation)
DRV - (HTTP) -- C:\WINDOWS\system32\drivers\http.sys (Microsoft Corporation)
DRV - (Update) -- C:\WINDOWS\system32\drivers\update.sys (Microsoft Corporation)
DRV - (ACPI) -- C:\WINDOWS\system32\DRIVERS\ACPI.sys (Microsoft Corporation)
DRV - (NDIS) -- C:\WINDOWS\system32\drivers\ndis.sys (Microsoft Corporation)
DRV - (MRxDAV) -- C:\WINDOWS\system32\drivers\mrxdav.sys (Microsoft Corporation)
DRV - (NetBT) -- C:\WINDOWS\system32\drivers\netbt.sys (Microsoft Corporation)
DRV - (dmio) -- C:\WINDOWS\system32\drivers\dmio.sys (Microsoft Corp., Veritas Software)
DRV - (Fastfat) -- C:\WINDOWS\system32\drivers\fastfat.sys (Microsoft Corporation)
DRV - (AFD) -- C:\WINDOWS\System32\drivers\afd.sys (Microsoft Corporation)
DRV - (IpNat) -- C:\WINDOWS\system32\drivers\ipnat.sys (Microsoft Corporation)
DRV - (Ftdisk) -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys (Microsoft Corporation)
DRV - (Pcmcia) -- C:\WINDOWS\system32\DRIVERS\pcmcia.sys (Microsoft Corporation)
DRV - (Mup) -- C:\WINDOWS\system32\drivers\mup.sys (Microsoft Corporation)
DRV - (atapi) -- C:\WINDOWS\system32\DRIVERS\atapi.sys (Microsoft Corporation)
DRV - (KSecDD) -- C:\WINDOWS\system32\drivers\ksecdd.sys (Microsoft Corporation)
DRV - (NdisWan) -- C:\WINDOWS\system32\drivers\ndiswan.sys (Microsoft Corporation)
DRV - (Parport) -- C:\WINDOWS\system32\drivers\parport.sys (Microsoft Corporation)
DRV - (IPSec) -- C:\WINDOWS\system32\drivers\ipsec.sys (Microsoft Corporation)
DRV - (PCI) -- C:\WINDOWS\system32\DRIVERS\pci.sys (Microsoft Corporation)
DRV - (Udfs) -- C:\WINDOWS\system32\drivers\udfs.sys (Microsoft Corporation)
DRV - (Serial) -- C:\WINDOWS\system32\drivers\serial.sys (Microsoft Corporation)
DRV - (Cdfs) -- C:\WINDOWS\system32\drivers\cdfs.sys (Microsoft Corporation)
DRV - (Atmarpc) -- C:\WINDOWS\system32\drivers\atmarpc.sys (Microsoft Corporation)
DRV - (usbhub) -- C:\WINDOWS\system32\drivers\usbhub.sys (Microsoft Corporation)
DRV - (i8042prt) -- C:\WINDOWS\system32\drivers\i8042prt.sys (Microsoft Corporation)
DRV - (VolSnap) -- C:\WINDOWS\system32\drivers\volsnap.sys (Microsoft Corporation)
DRV - (Rasl2tp) WAN Miniport (L2TP) -- C:\WINDOWS\system32\drivers\rasl2tp.sys (Microsoft Corporation)
DRV - (Cdrom) -- C:\WINDOWS\system32\drivers\cdrom.sys (Microsoft Corporation)
DRV - (PptpMiniport) WAN Miniport (PPTP) -- C:\WINDOWS\system32\drivers\raspptp.sys (Microsoft Corporation)
DRV - (MountMgr) -- C:\WINDOWS\system32\drivers\mountmgr.sys (Microsoft Corporation)
DRV - (Imapi) -- C:\WINDOWS\system32\drivers\imapi.sys (Microsoft Corporation)
DRV - (RasPppoe) -- C:\WINDOWS\system32\drivers\raspppoe.sys (Microsoft Corporation)
DRV - (NDProxy) -- C:\WINDOWS\system32\drivers\ndproxy.sys (Microsoft Corporation)
DRV - (Disk) -- C:\WINDOWS\system32\DRIVERS\disk.sys (Microsoft Corporation)
DRV - (intelppm) -- C:\WINDOWS\system32\drivers\intelppm.sys (Microsoft Corporation)
DRV - (isapnp) -- C:\WINDOWS\system32\DRIVERS\isapnp.sys (Microsoft Corporation)
DRV - (Gpc) -- C:\WINDOWS\system32\drivers\msgpc.sys (Microsoft Corporation)
DRV - (Fips) -- C:\WINDOWS\system32\drivers\fips.sys (Microsoft Corporation)
DRV - (Wanarp) -- C:\WINDOWS\system32\drivers\wanarp.sys (Microsoft Corporation)
DRV - (IpFilterDriver) -- C:\WINDOWS\system32\drivers\ipfltdrv.sys (Microsoft Corporation)
DRV - (NwlnkFwd) -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys (Microsoft Corporation)
DRV - (Npfs) -- C:\WINDOWS\system32\drivers\npfs.sys (Microsoft Corporation)
DRV - (Modem) -- C:\WINDOWS\system32\drivers\modem.sys (Microsoft Corporation)
DRV - (Ip6Fw) -- C:\WINDOWS\system32\drivers\ip6fw.sys (Microsoft Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys ()
DRV - (Fdc) -- C:\WINDOWS\system32\drivers\fdc.sys (Microsoft Corporation)
DRV - (usbehci) -- C:\WINDOWS\system32\drivers\usbehci.sys (Microsoft Corporation)
DRV - (Kbdclass) -- C:\WINDOWS\system32\drivers\kbdclass.sys (Microsoft Corporation)
DRV - (Mouclass) -- C:\WINDOWS\system32\drivers\mouclass.sys (Microsoft Corporation)
DRV - (VgaSave) -- C:\WINDOWS\System32\drivers\vga.sys (Microsoft Corporation)
DRV - (IpInIp) -- C:\WINDOWS\system32\drivers\ipinip.sys (Microsoft Corporation)
DRV - (usbuhci) -- C:\WINDOWS\system32\drivers\usbuhci.sys (Microsoft Corporation)
DRV - (Flpydisk) -- C:\WINDOWS\system32\drivers\flpydisk.sys (Microsoft Corporation)
DRV - (Msfs) -- C:\WINDOWS\system32\drivers\msfs.sys (Microsoft Corporation)
DRV - (PartMgr) -- C:\WINDOWS\system32\drivers\partmgr.sys (Microsoft Corporation)
DRV - (Cdaudio) -- C:\WINDOWS\system32\drivers\cdaudio.sys (Microsoft Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (Raspti) -- C:\WINDOWS\system32\drivers\raspti.sys (Microsoft Corporation)
DRV - (mssmbios) -- C:\WINDOWS\system32\drivers\mssmbios.sys (Microsoft Corporation)
DRV - (AsyncMac) -- C:\WINDOWS\system32\drivers\asyncmac.sys (Microsoft Corporation)
DRV - (cbidf2k) -- C:\WINDOWS\system32\drivers\cbidf2k.sys (Microsoft Corporation)
DRV - (Ndisuio) -- C:\WINDOWS\system32\drivers\ndisuio.sys (Microsoft Corporation)
DRV - (NwlnkFlt) -- C:\WINDOWS\system32\drivers\nwlnkflt.sys (Microsoft Corporation)
DRV - (ACPIEC) -- C:\WINDOWS\system32\DRIVERS\ACPIEC.sys (Microsoft Corporation)
DRV - (Sfloppy) -- C:\WINDOWS\system32\drivers\sfloppy.sys (Microsoft Corporation)
DRV - (IRENUM) -- C:\WINDOWS\system32\drivers\irenum.sys (Microsoft Corporation)
DRV - (NdisTapi) -- C:\WINDOWS\system32\drivers\ndistapi.sys (Microsoft Corporation)
DRV - (RasAcd) -- C:\WINDOWS\system32\drivers\rasacd.sys (Microsoft Corporation)
DRV - (ParVdm) -- C:\WINDOWS\system32\drivers\parvdm.sys (Microsoft Corporation)
DRV - (dmload) -- C:\WINDOWS\system32\drivers\dmload.sys (Microsoft Corp., Veritas Software.)
DRV - (swenum) -- C:\WINDOWS\system32\drivers\swenum.sys (Microsoft Corporation)
DRV - (RDPCDD) -- C:\WINDOWS\system32\drivers\rdpcdd.sys (Microsoft Corporation)
DRV - (mnmdd) -- C:\WINDOWS\system32\drivers\mnmdd.sys (Microsoft Corporation)
DRV - (Beep) -- C:\WINDOWS\system32\drivers\beep.sys (Microsoft Corporation)
DRV - (PCIIde) -- C:\WINDOWS\system32\drivers\pciide.sys (Microsoft Corporation)
DRV - (Null) -- C:\WINDOWS\system32\drivers\null.sys (Microsoft Corporation)
DRV - (RDPWD) -- C:\WINDOWS\system32\drivers\rdpwd.sys (Microsoft Corporation)
DRV - (FltMgr) -- C:\WINDOWS\system32\DRIVERS\fltMgr.sys (Microsoft Corporation)
DRV - (sr) -- C:\WINDOWS\system32\DRIVERS\sr.sys (Microsoft Corporation)
DRV - (TDTCP) -- C:\WINDOWS\system32\drivers\tdtcp.sys (Microsoft Corporation)
DRV - (TDPIPE) -- C:\WINDOWS\system32\drivers\tdpipe.sys (Microsoft Corporation)
DRV - (TermDD) -- C:\WINDOWS\system32\drivers\termdd.sys (Microsoft Corporation)
DRV - (WmiAcpi) -- C:\WINDOWS\system32\drivers\wmiacpi.sys (Microsoft Corporation)
DRV - (CmBatt) -- C:\WINDOWS\system32\drivers\CmBatt.sys (Microsoft Corporation)
DRV - (IntelIde) -- C:\WINDOWS\system32\DRIVERS\intelide.sys (Microsoft Corporation)
DRV - (redbook) -- C:\WINDOWS\system32\drivers\redbook.sys (Microsoft Corporation)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (audstub) -- C:\WINDOWS\system32\drivers\audstub.sys (Microsoft Corporation)
DRV - (Compbatt) -- C:\WINDOWS\system32\DRIVERS\compbatt.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm






IE - HKU\S-1-5-21-796845957-823518204-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-796845957-823518204-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 0
IE - HKU\S-1-5-21-796845957-823518204-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-796845957-823518204-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/
IE - HKU\S-1-5-21-796845957-823518204-839522115-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-796845957-823518204-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/06/19 15:56:14 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\S-1-5-21-796845957-823518204-839522115-1003\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-796845957-823518204-839522115-1003\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SRFirstRun] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-796845957-823518204-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-796845957-823518204-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 7 Days ==========

[2010/06/19 16:32:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Avira
[2010/06/19 16:31:16 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/06/19 16:31:15 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/06/19 16:31:15 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/06/19 16:31:15 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/06/19 16:31:15 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/06/19 16:31:15 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/06/19 16:31:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/06/19 16:28:19 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/06/19 16:21:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\Temporary Directory 1 for wscfix.zip
[2010/06/19 15:55:10 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/06/19 15:54:20 | 000,518,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTM.exe
[2010/06/19 15:42:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/19 15:40:06 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/06/19 15:30:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\RarSFX0
[2010/06/19 00:04:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/06/18 23:54:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/06/18 23:54:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010/06/18 22:28:34 | 000,000,000 | -HSD | C] -- C:\Recycled
[2010/06/18 22:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Identities
[2010/06/18 22:04:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Pictures
[2010/06/18 22:04:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Music
[2010/06/18 22:04:31 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Owner\Application Data\Microsoft
[2010/06/18 22:04:31 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Owner\Cookies
[2010/06/18 22:04:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Application Data
[2010/06/18 22:04:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu
[2010/06/18 22:04:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\SendTo
[2010/06/18 22:04:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents
[2010/06/18 22:04:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Favorites
[2010/06/18 22:04:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\Local Settings
[2010/06/18 22:04:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Templates
[2010/06/18 22:04:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\PrintHood
[2010/06/18 22:04:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\NetHood
[2010/06/18 22:04:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft
[2010/06/18 22:04:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop
[2010/06/18 22:02:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/06/18 22:02:41 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/06/18 22:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/06/18 22:02:38 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/06/18 21:45:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/06/18 21:39:39 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/06/18 21:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/06/18 21:39:30 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/06/18 21:32:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/06/18 21:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/06/18 21:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/06/18 21:31:32 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2010/06/18 21:30:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/06/18 21:30:38 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/06/18 21:30:38 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/06/18 21:29:41 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2010/06/18 21:29:30 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2010/06/18 21:29:29 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2010/06/18 21:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/06/18 21:29:26 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2010/06/18 21:29:26 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/06/18 21:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/06/18 21:29:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/06/18 21:29:15 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2010/06/18 21:29:15 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2010/06/18 21:29:15 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2010/06/18 21:29:15 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2010/06/18 21:29:14 | 000,430,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2010/06/18 21:29:14 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2010/06/18 21:29:14 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2010/06/18 21:29:14 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2010/06/18 21:29:09 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010/06/18 21:29:05 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2010/06/18 21:29:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2010/06/18 21:29:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2010/06/18 21:29:05 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2010/06/18 21:29:01 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltMc.exe
[2010/06/18 21:29:00 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2010/06/18 21:28:59 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2010/06/18 21:28:59 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2010/06/18 21:28:59 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2010/06/18 21:28:59 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2010/06/18 21:28:58 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2010/06/18 21:28:55 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2010/06/18 21:28:55 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2010/06/18 21:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010/06/18 21:28:54 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2010/06/18 21:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010/06/18 21:28:51 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2010/06/18 21:28:51 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2010/06/18 21:28:51 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2010/06/18 21:28:51 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2010/06/18 21:28:50 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2010/06/18 21:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/06/18 21:28:38 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/06/18 21:28:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/06/18 21:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/06/18 21:28:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/06/18 21:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/06/18 21:27:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/06/18 21:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010/06/18 21:27:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2010/06/18 21:27:29 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2010/06/18 21:27:20 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2010/06/18 21:27:19 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2010/06/18 21:27:19 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2010/06/18 21:27:19 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2010/06/18 21:27:19 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2010/06/18 21:27:18 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2010/06/18 21:27:11 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2010/06/18 21:27:11 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2010/06/18 21:27:10 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2010/06/18 21:27:10 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2010/06/18 21:27:10 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2010/06/18 21:27:10 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2010/06/18 21:27:09 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2010/06/18 21:27:09 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2010/06/18 21:27:09 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2010/06/18 21:27:09 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2010/06/18 21:27:09 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2010/06/18 21:27:09 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2010/06/18 21:27:09 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2010/06/18 21:27:09 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2010/06/18 21:27:09 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2010/06/18 21:27:08 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2010/06/18 21:27:08 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2010/06/18 21:27:08 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2010/06/18 21:27:08 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2010/06/18 21:27:08 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2010/06/18 21:27:08 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2010/06/18 21:27:07 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2010/06/18 21:27:07 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2010/06/18 21:27:07 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2010/06/18 21:27:07 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2010/06/18 21:27:06 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2010/06/18 21:27:06 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2010/06/18 21:27:06 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2010/06/18 21:27:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2010/06/18 21:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010/06/18 21:26:44 | 000,345,088 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2010/06/18 21:26:44 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2010/06/18 21:26:44 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2010/06/18 21:26:44 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2010/06/18 21:26:44 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2010/06/18 21:26:43 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2010/06/18 21:26:43 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2010/06/18 21:26:42 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2010/06/18 21:26:42 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2010/06/18 21:26:41 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2010/06/18 21:26:41 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2010/06/18 21:26:41 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2010/06/18 21:26:41 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2010/06/18 21:26:40 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2010/06/18 21:26:40 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2010/06/18 21:26:40 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2010/06/18 21:26:40 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2010/06/18 21:26:40 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2010/06/18 21:26:40 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2010/06/18 21:26:39 | 000,949,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2010/06/18 21:26:39 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2010/06/18 21:26:39 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2010/06/18 21:26:39 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2010/06/18 21:26:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010/06/18 21:26:38 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2010/06/18 21:26:38 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2010/06/18 21:26:37 | 000,628,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2010/06/18 21:26:37 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2010/06/18 21:26:37 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2010/06/18 21:26:37 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2010/06/18 21:26:37 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2010/06/18 21:26:36 | 001,251,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2010/06/18 21:26:36 | 000,540,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2010/06/18 21:26:29 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2010/06/18 21:26:29 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2010/06/18 21:26:29 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2010/06/18 21:26:28 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2010/06/18 21:14:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/06/18 21:11:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/06/18 21:11:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/06/18 21:11:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2010/06/18 21:11:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2010/06/18 21:11:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2010/06/18 21:10:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/06/18 21:10:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/06/18 21:02:49 | 000,014,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\battc.sys
[2010/06/18 21:02:13 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTL8139.sys
[2010/06/18 21:01:52 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2010/06/18 21:00:49 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/06/18 21:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/06/18 21:00:44 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/06/18 21:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010/06/18 21:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010/06/18 21:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2010/06/18 21:00:41 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TINTLGNT.IME
[2010/06/18 21:00:41 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winar30.ime
[2010/06/18 21:00:41 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\quick.ime
[2010/06/18 21:00:41 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CINTLGNT.IME
[2010/06/18 21:00:40 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\phon.ime
[2010/06/18 21:00:40 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dayi.ime
[2010/06/18 21:00:40 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chajei.ime
[2010/06/18 21:00:40 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uniime.dll
[2010/06/18 21:00:40 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winime.ime
[2010/06/18 21:00:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicdime.ime
[2010/06/18 21:00:40 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\romanime.ime
[2010/06/18 21:00:40 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\miniime.tpl
[2010/06/18 21:00:24 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PINTLGNT.IME
[2010/06/18 21:00:24 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINZM.IME
[2010/06/18 21:00:24 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINSP.IME
[2010/06/18 21:00:24 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINPY.IME
[2010/06/18 21:00:23 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81k.dll
[2010/06/18 21:00:23 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81.ime
[2010/06/18 21:00:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2010/06/18 21:00:10 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chsbrkr.dll
[2010/06/18 21:00:10 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chtbrkr.dll
[2010/06/18 21:00:09 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\korwbrkr.dll
[2010/06/18 21:00:08 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.lex
[2010/06/18 21:00:08 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.dll
[2010/06/18 20:59:45 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_g18030.dll
[2010/06/18 20:59:45 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINGB.IME
[2010/06/18 20:59:44 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101a.dll
[2010/06/18 20:59:30 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecAT.dll
[2010/06/18 20:59:30 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecNT.dll
[2010/06/18 20:59:30 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec95.dll
[2010/06/18 20:59:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41a.dll
[2010/06/18 20:59:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41j.dll
[2010/06/18 20:59:29 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdibm02.dll
[2010/06/18 20:59:29 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\f3ahvoas.dll
[2010/06/18 20:59:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdax2.dll
[2010/06/18 20:59:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106n.dll
[2010/06/18 20:59:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101.dll
[2010/06/18 20:58:56 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_is2022.dll
[2010/06/18 20:58:55 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2010/06/18 20:58:55 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2010/06/18 20:58:55 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2010/06/18 20:58:55 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2010/06/18 20:58:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2010/06/18 20:58:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2010/06/18 20:58:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2010/06/18 20:58:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2010/06/18 20:58:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2010/06/18 20:58:47 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2010/06/18 20:58:47 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2010/06/18 20:58:47 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2010/06/18 20:58:47 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2010/06/18 20:58:47 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2010/06/18 20:58:47 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2010/06/18 20:58:47 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2010/06/18 20:58:47 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2010/06/18 20:58:47 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2010/06/18 20:58:47 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2010/06/18 20:58:47 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2010/06/18 20:58:47 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2010/06/18 20:58:45 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2010/06/18 20:58:45 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2010/06/18 20:58:45 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2010/06/18 20:58:45 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2010/06/18 20:58:45 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2010/06/18 20:58:45 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2010/06/18 20:58:45 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2010/06/18 20:58:43 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2010/06/18 20:58:43 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2010/06/18 20:58:43 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2010/06/18 20:58:43 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2010/06/18 20:58:43 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2010/06/18 20:58:41 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2010/06/18 20:58:41 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2010/06/18 20:58:41 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2010/06/18 20:58:41 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2010/06/18 20:58:41 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2010/06/18 20:58:41 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2010/06/18 20:58:41 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2010/06/18 20:58:41 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2010/06/18 20:58:41 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2010/06/18 20:58:41 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2010/06/18 20:58:41 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2010/06/18 20:58:41 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2010/06/18 20:58:41 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2010/06/18 20:58:38 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll
[2010/06/18 20:58:38 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll
[2010/06/18 20:58:38 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll
[2010/06/18 20:58:38 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010/06/18 20:58:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010/06/18 20:58:37 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2010/06/18 20:58:37 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2010/06/18 20:58:37 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2010/06/18 20:58:37 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2010/06/18 20:58:37 | 000,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2010/06/18 20:58:37 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2010/06/18 20:58:37 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2010/06/18 20:58:37 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2010/06/18 20:58:37 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2010/06/18 20:58:37 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2010/06/18 20:58:36 | 000,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2010/06/18 20:58:36 | 000,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2010/06/18 20:58:36 | 000,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2010/06/18 20:58:36 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2010/06/18 20:58:36 | 000,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2010/06/18 20:58:36 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2010/06/18 20:58:36 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2010/06/18 20:58:36 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2010/06/18 20:58:36 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2010/06/18 20:58:35 | 000,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2010/06/18 20:58:35 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2010/06/18 20:58:35 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2010/06/18 20:58:34 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINSPOOL.DRV
[2010/06/18 20:58:34 | 000,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL
[2010/06/18 20:58:34 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2010/06/18 20:58:32 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2010/06/18 20:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010/06/18 20:49:00 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010/06/18 20:49:00 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010/06/18 20:49:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010/06/18 20:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2010/06/19 16:31:32 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/06/19 16:26:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/19 16:26:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/19 16:21:16 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/06/19 15:56:34 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/06/19 15:56:32 | 002,148,300 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/06/19 15:56:14 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/19 15:54:22 | 000,518,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTM.exe
[2010/06/19 15:49:38 | 000,490,232 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HelpAsst_mebroot_fix.exe
[2010/06/19 15:40:08 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/06/19 15:35:56 | 003,715,012 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\uninstall.exe
[2010/06/19 15:25:44 | 044,089,904 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en.exe
[2010/06/18 23:30:24 | 000,000,262 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/06/18 23:01:22 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Owner\{4446FB48-4FD2-4017-996B-12AEDA811F20}
[2010/06/18 22:26:40 | 000,000,212 | RHS- | M] () -- C:\boot.ini
[2010/06/18 22:13:30 | 000,000,106 | ---- | M] () -- C:\WINDOWS\tasks\Critical Battery Alarm Program.job
[2010/06/18 22:12:40 | 000,000,106 | ---- | M] () -- C:\WINDOWS\tasks\Low Battery Alarm Program.job
[2010/06/18 22:11:22 | 000,347,268 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/18 22:11:22 | 000,305,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/18 22:11:22 | 000,037,760 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/18 21:39:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/18 21:38:44 | 000,083,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/18 21:31:54 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/18 21:31:54 | 000,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/18 21:31:54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/18 21:31:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2010/06/18 21:31:44 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/06/18 21:31:44 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/06/18 21:31:44 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/06/18 21:31:34 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/18 21:30:40 | 000,000,488 | -H-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/06/18 21:30:40 | 000,000,488 | -H-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/06/18 21:30:32 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/06/18 21:30:32 | 000,000,749 | -H-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/06/18 21:30:32 | 000,000,749 | -H-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/06/18 21:30:32 | 000,000,749 | -H-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/06/18 21:30:32 | 000,000,749 | -H-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/06/18 21:30:32 | 000,000,749 | -H-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/06/18 21:28:32 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/18 21:28:18 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/06/18 21:28:18 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2010/06/18 21:11:44 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/18 21:00:54 | 000,001,344 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/19 16:31:31 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/06/19 16:28:53 | 000,516,308 | ---- | C] () -- C:\Documents and Settings\Owner\dd_vcredistMSI0BD1.txt
[2010/06/19 16:28:53 | 000,011,610 | ---- | C] () -- C:\Documents and Settings\Owner\dd_vcredistUI0BD1.txt
[2010/06/19 15:49:36 | 000,490,232 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HelpAsst_mebroot_fix.exe
[2010/06/19 15:35:48 | 003,715,012 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\uninstall.exe
[2010/06/19 15:30:49 | 000,011,664 | ---- | C] () -- C:\Documents and Settings\Owner\dd_vcredistUI5F60.txt
[2010/06/19 15:30:49 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\Owner\dd_vcredistMSI5F60.txt
[2010/06/19 15:27:44 | 000,011,712 | ---- | C] () -- C:\Documents and Settings\Owner\dd_vcredistUI5D04.txt
[2010/06/19 15:27:44 | 000,001,848 | ---- | C] () -- C:\Documents and Settings\Owner\dd_vcredistMSI5D04.txt
[2010/06/19 15:26:38 | 000,011,696 | ---- | C] () -- C:\Documents and Settings\Owner\dd_vcredistUI5C2C.txt
[2010/06/19 15:26:38 | 000,001,840 | ---- | C] () -- C:\Documents and Settings\Owner\dd_vcredistMSI5C2C.txt
[2010/06/19 15:25:43 | 044,089,904 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en.exe
[2010/06/18 23:01:21 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Owner\{4446FB48-4FD2-4017-996B-12AEDA811F20}
[2010/06/18 22:13:16 | 000,000,106 | ---- | C] () -- C:\WINDOWS\tasks\Critical Battery Alarm Program.job
[2010/06/18 22:11:46 | 000,000,106 | ---- | C] () -- C:\WINDOWS\tasks\Low Battery Alarm Program.job
[2010/06/18 22:04:34 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/06/18 22:04:32 | 000,016,384 | -H-- | C] () -- C:\Documents and Settings\Owner\ntuser.dat.LOG
[2010/06/18 22:04:31 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/06/18 21:35:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/18 21:31:52 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/18 21:31:52 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/06/18 21:31:42 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/06/18 21:31:42 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/06/18 21:31:41 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/06/18 21:30:38 | 000,000,488 | -H-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/06/18 21:30:38 | 000,000,488 | -H-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/06/18 21:30:31 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/06/18 21:30:31 | 000,000,749 | -H-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/06/18 21:30:31 | 000,000,749 | -H-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/06/18 21:30:31 | 000,000,749 | -H-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/06/18 21:30:31 | 000,000,749 | -H-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/06/18 21:30:31 | 000,000,749 | -H-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/06/18 21:29:38 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010/06/18 21:29:38 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010/06/18 21:28:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/18 21:27:13 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/06/18 21:27:13 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/06/18 21:27:13 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/06/18 21:27:13 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/06/18 21:27:13 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/06/18 21:27:13 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/06/18 21:27:13 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/06/18 21:27:12 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2010/06/18 21:27:12 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/06/18 21:27:12 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/06/18 21:27:12 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2010/06/18 21:27:12 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/06/18 21:27:12 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/06/18 21:27:11 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2010/06/18 21:27:11 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2010/06/18 21:27:11 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2010/06/18 21:27:11 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2010/06/18 21:27:11 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2010/06/18 21:27:11 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2010/06/18 21:27:09 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010/06/18 21:27:09 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010/06/18 21:27:08 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010/06/18 21:27:01 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2010/06/18 21:00:52 | 000,001,344 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/06/18 21:00:18 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_720.nls
[2010/06/18 21:00:15 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_862.nls
[2010/06/18 21:00:09 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2010/06/18 21:00:09 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2010/06/18 21:00:09 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2010/06/18 20:59:56 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2010/06/18 20:59:56 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2010/06/18 20:59:56 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2010/06/18 20:59:56 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2010/06/18 20:59:56 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2010/06/18 20:59:56 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2010/06/18 20:59:56 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2010/06/18 20:59:56 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2010/06/18 20:59:55 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\c_10002.nls
[2010/06/18 20:59:55 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2010/06/18 20:59:55 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.nls
[2010/06/18 20:59:55 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\big5.nls
[2010/06/18 20:59:55 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2010/06/18 20:59:55 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2010/06/18 20:59:55 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2010/06/18 20:59:55 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2010/06/18 20:59:55 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2010/06/18 20:59:55 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2010/06/18 20:59:54 | 000,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP
[2010/06/18 20:59:54 | 000,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP
[2010/06/18 20:59:46 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2010/06/18 20:59:46 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2010/06/18 20:59:45 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2010/06/18 20:59:45 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\prcp.nls
[2010/06/18 20:59:45 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\prc.nls
[2010/06/18 20:59:44 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_10008.nls
[2010/06/18 20:59:31 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\c_1361.nls
[2010/06/18 20:59:31 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_10003.nls
[2010/06/18 20:59:31 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\ksc.nls
[2010/06/18 20:58:56 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_20949.nls
[2010/06/18 20:58:55 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\c_20932.nls
[2010/06/18 20:58:55 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\c_20000.nls
[2010/06/18 20:58:55 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_20936.nls
[2010/06/18 20:58:55 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_10001.nls
[2010/06/18 20:58:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21027.nls
[2010/06/18 20:58:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20290.nls
[2010/06/18 20:58:55 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\xjis.nls
[2010/06/18 20:58:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2010/06/18 20:58:49 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2010/06/18 20:58:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2010/06/18 20:58:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2010/06/18 20:58:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2010/06/18 20:58:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2010/06/18 20:58:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2010/06/18 20:58:44 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2010/06/18 20:58:44 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2010/06/18 20:58:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2010/06/18 20:58:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2010/06/18 20:58:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2010/06/18 20:58:43 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2010/06/18 20:58:43 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2010/06/18 20:58:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2010/06/18 20:58:40 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2010/06/18 20:58:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2010/06/18 20:58:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2010/06/18 20:58:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2010/06/18 20:58:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2010/06/18 20:58:35 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/06/18 20:57:27 | 000,083,928 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/18 20:56:43 | 000,000,212 | RHS- | C] () -- C:\boot.ini
[2010/06/18 20:56:37 | 000,000,262 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2004/08/04 12:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 12:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2010/06/18 22:12:40 | 000,000,106 | ---- | M] () -- C:\WINDOWS\Tasks\Low Battery Alarm Program.job
[2010/06/18 22:13:30 | 000,000,106 | ---- | M] () -- C:\WINDOWS\Tasks\Critical Battery Alarm Program.job

========== Purity Check ==========


< End of report >




OTL Extras logfile created on: 6/19/2010 5:10:15 PM - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

246.00 Mb Total Physical Memory | 48.00 Mb Available Physical Memory | 20.00% Memory free
232.00 Mb Paging File | 36.00 Mb Available in Paging File | 16.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.76 Gb Total Space | 8.34 Gb Free Space | 85.48% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GIP76
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Minimal

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
";;;;;%System_Root%;;;;\system32\sessmgr.exe" = ;;;;;%System_Root%;;;;\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/19/2010 3:10:31 AM | Computer Name = GIRLE | Source = ESENT | ID = 439
Description = Catalog Database (604) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\tmp.edb. Error -1022.

Error - 6/19/2010 3:10:47 AM | Computer Name = GIRLE | Source = ESENT | ID = 439
Description = Catalog Database (604) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\tmp.edb. Error -1022.

Error - 6/19/2010 3:10:49 AM | Computer Name = GIRLE | Source = ESENT | ID = 439
Description = Catalog Database (604) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\tmp.edb. Error -1022.

Error - 6/19/2010 3:19:58 AM | Computer Name = GIRLE | Source = ESENT | ID = 439
Description = Catalog Database (604) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\tmp.edb. Error -1022.

Error - 6/19/2010 3:19:59 AM | Computer Name = GIRLE | Source = ESENT | ID = 439
Description = Catalog Database (604) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\tmp.edb. Error -1022.

Error - 6/19/2010 3:20:00 AM | Computer Name = GIRLE | Source = ESENT | ID = 439
Description = Catalog Database (604) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\tmp.edb. Error -1022.

Error - 6/19/2010 3:20:05 AM | Computer Name = GIRLE | Source = ESENT | ID = 439
Description = Catalog Database (604) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\tmp.edb. Error -1022.

Error - 6/19/2010 3:22:54 AM | Computer Name = GIRLE | Source = ESENT | ID = 439
Description = Catalog Database (604) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\tmp.edb. Error -1022.

Error - 6/19/2010 3:22:57 AM | Computer Name = GIRLE | Source = ESENT | ID = 439
Description = Catalog Database (604) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\tmp.edb. Error -1022.

Error - 6/19/2010 3:22:58 AM | Computer Name = GIRLE | Source = ESENT | ID = 439
Description = Catalog Database (604) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\tmp.edb. Error -1022.

[ System Events ]
Error - 6/19/2010 3:16:16 AM | Computer Name = GIRLE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 6/19/2010 3:16:16 AM | Computer Name = GIRLE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 6/19/2010 3:17:04 AM | Computer Name = GIRLE | Source = UPS | ID = 2481
Description = The UPS service is not configured correctly.

Error - 6/19/2010 3:20:18 AM | Computer Name = GIRLE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service ntmssvc with
arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}

Error - 6/19/2010 3:23:51 AM | Computer Name = GIRLE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 6/19/2010 7:44:22 PM | Computer Name = GIP76 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 6/19/2010 7:44:22 PM | Computer Name = GIP76 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 6/19/2010 7:44:22 PM | Computer Name = GIP76 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 6/19/2010 7:44:22 PM | Computer Name = GIP76 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 6/19/2010 7:56:19 PM | Computer Name = GIP76 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}


< End of report >



#13 DSR13

DSR13
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 19 June 2010 - 07:28 PM

OTL Extras logfile created on: 6/19/2010 5:10:15 PM - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

246.00 Mb Total Physical Memory | 48.00 Mb Available Physical Memory | 20.00% Memory free
232.00 Mb Paging File | 36.00 Mb Available in Paging File | 16.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.76 Gb Total Space | 8.34 Gb Free Space | 85.48% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GIP76
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Minimal

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
";;;;;%System_Root%;;;;\system32\sessmgr.exe" = ;;;;;%System_Root%;;;;\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/19/2010 3:10:31 AM | Computer Name = GIRLE | Source = ESENT | ID = 439
Description = Catalog Database (604) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\tmp.edb. Error -1022.

Error - 6/19/2010 3:10:47 AM | Computer Name = GIRLE | Source = ESENT | ID = 439
Description = Catalog Database (604) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\tmp.edb. Error -1022.

Error - 6/19/2010 3:10:49 AM | Computer Name = GIRLE | Source = ESENT | ID = 439
Description = Catalog Database (604) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\tmp.edb. Error -1022.

Error - 6/19/2010 3:19:58 AM | Computer Name = GIRLE | Source = ESENT | ID = 439
Description = Catalog Database (604) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\tmp.edb. Error -1022.

Error - 6/19/2010 3:19:59 AM | Computer Name = GIRLE | Source = ESENT | ID = 439
Description = Catalog Database (604) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\tmp.edb. Error -1022.

Error - 6/19/2010 3:20:00 AM | Computer Name = GIRLE | Source = ESENT | ID = 439
Description = Catalog Database (604) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\tmp.edb. Error -1022.

Error - 6/19/2010 3:20:05 AM | Computer Name = GIRLE | Source = ESENT | ID = 439
Description = Catalog Database (604) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\tmp.edb. Error -1022.

Error - 6/19/2010 3:22:54 AM | Computer Name = GIRLE | Source = ESENT | ID = 439
Description = Catalog Database (604) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\tmp.edb. Error -1022.

Error - 6/19/2010 3:22:57 AM | Computer Name = GIRLE | Source = ESENT | ID = 439
Description = Catalog Database (604) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\tmp.edb. Error -1022.

Error - 6/19/2010 3:22:58 AM | Computer Name = GIRLE | Source = ESENT | ID = 439
Description = Catalog Database (604) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\tmp.edb. Error -1022.

[ System Events ]
Error - 6/19/2010 3:16:16 AM | Computer Name = GIRLE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 6/19/2010 3:16:16 AM | Computer Name = GIRLE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 6/19/2010 3:17:04 AM | Computer Name = GIRLE | Source = UPS | ID = 2481
Description = The UPS service is not configured correctly.

Error - 6/19/2010 3:20:18 AM | Computer Name = GIRLE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service ntmssvc with
arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}

Error - 6/19/2010 3:23:51 AM | Computer Name = GIRLE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 6/19/2010 7:44:22 PM | Computer Name = GIP76 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 6/19/2010 7:44:22 PM | Computer Name = GIP76 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 6/19/2010 7:44:22 PM | Computer Name = GIP76 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 6/19/2010 7:44:22 PM | Computer Name = GIP76 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 6/19/2010 7:56:19 PM | Computer Name = GIP76 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}


< End of report >






#14 DSR13

DSR13
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 19 June 2010 - 07:31 PM

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/06/19 17:24
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\INF\LAYOUT.PNF
Status: Could not get file information (Error 0xc0000102)

Path: C:\WINDOWS\INF\WORDPAD.PNF
Status: Could not get file information (Error 0xc0000102)

Path: C:\WINDOWS\INF\WAB50.PNF
Status: Could not get file information (Error 0xc0000102)

Path: C:\WINDOWS\LastGood.Tmp\Local Settings\条䙥汩桥 Systemoo
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Local Settings\g
Status: Locked to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Local Settings\R
Status: Locked to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Local Settings\r
Status: Locked to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Local Settings\牯整d &�&
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Local Settings\
Status: Locked to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Local Settings\%
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Local Settings\y
Status: Locked to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Local Settings\y
Status: Locked to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Local Settings\m
Status: Locked to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Local Settings\t
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\Local Settings\╪vk
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\Local Settings\`▓`╙n╦.
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\Local Settings\-
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\Local Settings\
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\Local Settings\░%
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\Templates\
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Templates\
Status: Locked to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Templates\[■p╦.
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\Start Menu\vk
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Start Menu\P
Status: Locked to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Start Menu\.
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Start Menu\
Status: Locked to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Start Menu\Φvk
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\Start Menu\ ₧p╦.
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\SendTo\ ㈸
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\SendTo\vk
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\SendTo\
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\SendTo\.
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\SendTo\≡42
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\SendTo\αvk
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\SendTo\22
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\SendTo\ᠠnk
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\SendTo\.
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\Recent\S
Status: Locked to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Recent\W
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Recent\P
Status: Locked to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Recent\extensio.n.H
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\Recent\╕w
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\PrintHood\㈀䰀┵ 꽈袐z￐歶
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\PrintHood\敨汬
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\PrintHood\
Status: Locked to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\PrintHood\0~
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\PrintHood\@Bp╦.
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\My Documents\„4
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\My Documents\-0000F80.461
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\My Documents\4
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\NetHood\
Status: Locked to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\.
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\
Status: Locked to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\.
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\NetHood\╪vk

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\Favorites\a
Status: Locked to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Favorites\a
Status: Locked to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Favorites\a
Status: Locked to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Favorites\a
Status: Locked to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Favorites\最攀
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Favorites\i
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Favorites\vk

Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Favorites\
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\Favorites\
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\Favorites\
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\Favorites\
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\Favorites\
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\Favorites\≡i
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\Favorites\╪vk

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\Desktop\
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Desktop\
Status: Locked to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Desktop\
Status: Locked to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Desktop\’7
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Desktop\㞔退㞔� hell.hp#
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Desktop\╪vk
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\Desktop\CheckedV.alu
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\Desktop\╪░7
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\Desktop\5
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\Cookies\h
Status: Locked to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Cookies\g
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Cookies\€g
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Cookies\g
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Cookies\Fh
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Cookies\œg
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Cookies\.BB
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Cookies\@i
Status: Locked to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Cookies\≡╨g
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\Cookies\ǡg
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\Cookies\σg
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\Cookies\Fh
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\Cookies\g
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\Cookies\ ╬
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\LastGood.Tmp\Application Data\a
Status: Locked to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\Application Data\
Status: Visible to the Windows API, but not on disk.

Path: c:\windows\system32\wbem\performance\wmiaprpl.ini
Status: Allocation size mismatch (API: 221184, Raw: 0)

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\pœx.
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\{“=!d.
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\’XH.=
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\Լ/.>
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\38mU._
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\.&‚
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\‰
g5.Œ
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\^hƒ>o›.}+
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\%]‡7.;;{
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\;\ߐcl.3S_
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\vm=xKd.
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\;h—.ƒ
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\?.دp}.Ÿv
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\'Oj‚.$
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\MO..#!
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\>U˜Ÿ.~
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\ﴭᢆ퐟魭栻ᘟﯰ㡿廿䇇
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\O.f
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\c;o.<†S
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\Dz„}.:w
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\›?˜l….o
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\&@”.
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\‡ڏ.H=
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\žvv.ƻ
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\Q.پ
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\Xe;.Ÿ
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\R•e{—.
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\UuY v4.r
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\j}ο!j.7
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\<?jm™G.q
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\p…ƒ.)
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\<r-.]a
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\@ӧ˜dw.y4
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\SSZ“.“
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\quǤ.‹.q

Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\bjce5.ce
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\–:.‹
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\S&{s
.\>
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\˜O/.†
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\<SB.
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\q Wž›ѥ8..9
Status: Invisible to the Windows API!

Path: C:\WINDOWS\LastGood.Tmp\NetHood\\U”œHSu.

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\RarSFX0\VISTA64\AVSHADOW.EXE
Status: Could not get file information (Error 0xc0000102)

Path: C:\Documents and Settings\Owner\RarSFX0\VISTA64\AVIPC64.DLL
Status: Could not get file information (Error 0xc0000102)

Path: C:\Documents and Settings\Owner\RarSFX0\VISTA64\AVIPBB.SYS
Status: Could not get file information (Error 0xc0000102)

Path: C:\Documents and Settings\Owner\RarSFX0\XP\AVSHADOW.EXE
Status: Could not get file information (Error 0xc0000102)

Path: C:\Documents and Settings\Owner\RarSFX0\XP\AVIPBB.SYS
Status: Could not get file information (Error 0xc0000102)

Path: c:\windows\system32\wbem\repository\fs\objects.data
Status: Allocation size mismatch (API: 4661248, Raw: 4513792)

Path: c:\documents and settings\all users\start menu\programs\administrative tools\desktop.ini
Status: Allocation size mismatch (API: 232923136, Raw: 8192)

Path: c:\documents and settings\all users\application data\avira\antivir desktop\temp\avguard.tmp
Status: Allocation size mismatch (API: 257957888, Raw: 31260672)

Path: c:\documents and settings\owner\local settings\temporary internet files\content.ie5\6jujijo9\dcom[1].htm
Status: Allocation size mismatch (API: 270336, Raw: 32768)

Path: c:\documents and settings\owner\local settings\temporary internet files\content.ie5\8vajw7ev\topic321566-15[1].html
Status: Allocation size mismatch (API: 270336, Raw: 40960)

Path: c:\documents and settings\owner\local settings\temporary internet files\content.ie5\8vajw7ev\gmer[1].zip
Status: Allocation size mismatch (API: 532480, Raw: 286720)

Path: c:\documents and settings\owner\local settings\temporary internet files\content.ie5\jnamk97s\ga[1].js
Status: Allocation size mismatch (API: 270336, Raw: 24576)

Path: c:\documents and settings\owner\local settings\temporary internet files\content.ie5\nyh2owmy\index[1].php
Status: Allocation size mismatch (API: 270336, Raw: 16384)

Path: c:\documents and settings\owner\local settings\temporary internet files\content.ie5\nyh2owmy\rootrepeal[1]
Status: Allocation size mismatch (API: 270336, Raw: 16384)



#15 DSR13

DSR13
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 19 June 2010 - 07:39 PM

I cannot believe, but when i saved report it said all were unhooked, and also all did not copy, and i am unable to upload

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/06/19 17:35
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: hooked

#: 053 Function Name: NtCreateThread
Status: hooked

#: 063 Function Name: NtDeleteKey
Status: hooked

#: 065 Function Name: NtDeleteValueKey
Status: hooked

#: 098 Function Name: NtLoadKey
Status: hooked

#: 122 Function Name: NtOpenProcess
Status: hooked

#: 128 Function Name: NtOpenThread
Status: hooked

#: 193 Function Name: NtReplaceKey
Status: hooked

#: 204 Function Name: NtRestoreKey
Status: hooked

#: 247 Function Name: NtSetValueKey
Status: hooked






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users