Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browser search results being redirected


  • This topic is locked This topic is locked
19 replies to this topic

#1 dave richards

dave richards

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 23 July 2010 - 09:45 AM

Hi guys,

My browser search results are being redirected to the following site: searchingandclick34.com

From everything I have read, I have some sort of malware. I installed and ran MalwareBytes, but the redirect problem still exists. Any help would be much appreciated!

Thank you,
Dave

I tried pasting the OTL logs here, but it says the reply is too long and will not post it. Please help. thanks

Merged posts. ~ OB

Edited by Orange Blossom, 27 July 2010 - 11:28 PM.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:01 PM

Posted 31 July 2010 - 07:22 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    user32.dll
    ws2_32.dll
    /md5stop
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.

Please split your logs across posts if you need to.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 dave richards

dave richards
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 02 August 2010 - 04:20 PM

Thanks for the help! OTL only generated 1 report, results are below:

OTL logfile created on: 8/2/2010 10:11:08 AM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\dave\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.87 Gb Total Space | 39.30 Gb Free Space | 70.35% Space Free | Partition Type: NTFS
Drive D: | 111.76 Gb Total Space | 85.85 Gb Free Space | 76.82% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 56.35 Gb Total Space | 19.56 Gb Free Space | 34.72% Space Free | Partition Type: NTFS
Drive I: | 28.40 Gb Total Space | 15.17 Gb Free Space | 53.42% Space Free | Partition Type: NTFS
Drive N: | 680.37 Gb Total Space | 203.32 Gb Free Space | 29.88% Space Free | Partition Type: NTFS
Drive P: | 56.35 Gb Total Space | 19.56 Gb Free Space | 34.72% Space Free | Partition Type: NTFS

Computer Name: DAVES_COMPUTER
Current User Name: dave
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/02 10:09:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dave\Desktop\OTL.exe
PRC - [2010/07/26 17:59:43 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/19 10:22:27 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010/04/16 16:24:32 | 000,024,576 | ---- | M] () -- C:\Program Files\FedEx\ShipManager\BIN\AdminService.exe
PRC - [2010/04/16 16:18:08 | 000,130,352 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\FedEx\ShipManager\SQLAnywhere\Bin32\dbsrv11.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/12/04 14:53:48 | 000,065,536 | ---- | M] () -- C:\UPS\WSTD\WSTDMessaging.exe
PRC - [2008/04/13 21:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/22 23:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2005/05/04 00:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) -- C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe
PRC - [2005/05/03 22:07:32 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MICROSOFT SQL SERVER\80\TOOLS\BINN\sqlmangr.exe
PRC - [2004/10/14 14:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2003/06/08 04:11:36 | 000,049,152 | ---- | M] () -- C:\Program Files\Rainlendar\Rainlendar.exe
PRC - [2001/12/15 12:10:36 | 000,036,864 | ---- | M] (Zenographics) -- C:\WINDOWS\system32\zstatus.exe


========== Modules (SafeList) ==========

MOD - [2010/08/02 10:09:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dave\Desktop\OTL.exe
MOD - [2008/04/13 21:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/07/26 16:00:24 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/07/19 10:22:27 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/16 16:26:54 | 000,005,120 | ---- | M] (FedEx Corporation) [On_Demand | Stopped] -- C:\Program Files\FedEx\ShipManager\BIN\ShipEngineService.exe -- (FedExShipService)
SRV - [2010/04/16 16:26:08 | 000,006,656 | ---- | M] (FedEx Corporation) [On_Demand | Stopped] -- C:\Program Files\FedEx\ShipManager\BIN\TransEngineService.exe -- (FedExTransactionService)
SRV - [2010/04/16 16:24:32 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\FedEx\ShipManager\BIN\AdminService.exe -- (FedExAdminService)
SRV - [2010/04/16 16:23:58 | 000,007,168 | ---- | M] (FedEx Corporation) [Auto | Stopped] -- C:\Program Files\FedEx\ShipManager\BIN\FedEx.Gsm.Common.LoggingService.exe -- (FedExLoggingService)
SRV - [2010/04/16 16:18:08 | 000,130,352 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Program Files\FedEx\ShipManager\SQLAnywhere\Bin32\dbsrv11.exe -- (FedExShipnetDBService)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/05/04 00:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -- (MSSQL$UPSWSDBSERVER)
SRV - [2005/05/03 21:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -- (SQLAgent$UPSWSDBSERVER)


========== Driver Services (SafeList) ==========

DRV - [2010/07/19 13:54:21 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/22 20:24:48 | 000,010,240 | ---- | M] (Number Five Software) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\STLD.SYS -- (Stld)
DRV - [2008/05/16 14:01:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/09/05 14:28:34 | 000,021,196 | ---- | M] (Number Five Software) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\n5lpt.sys -- (n5lpt.sys)
DRV - [2005/02/02 09:26:46 | 000,017,272 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eltnlpt.sys -- (ELTNLPT)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/10/28 11:28:50 | 000,017,652 | ---- | M] (Number Five Software) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\key5usb.sys -- (key5usb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2954807375-92768627-1886871889-1121\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2954807375-92768627-1886871889-1121\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2954807375-92768627-1886871889-1121\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608

FF - HKLM\software\mozilla\Firefox\Extensions\\{E4DB27DF-7475-4EB3-AFAB-AF566B3F07D1}: C:\Documents and Settings\dave\Local Settings\Application Data\{E4DB27DF-7475-4EB3-AFAB-AF566B3F07D1} [2010/07/22 11:05:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/26 17:59:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/28 13:35:17 | 000,000,000 | ---D | M]

[2010/07/19 09:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dave\Application Data\Mozilla\Extensions
[2010/07/30 11:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dave\Application Data\Mozilla\Firefox\Profiles\80768l5f.default\extensions
[2010/07/19 09:37:21 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\dave\Application Data\Mozilla\Firefox\Profiles\80768l5f.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010/07/19 12:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dave\Application Data\Mozilla\Firefox\Profiles\80768l5f.default\extensions\LogMeInClient@logmein.com
[2010/07/19 08:53:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/07/22 12:21:30 | 000,000,819 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 89.149.193.134 www.google.com
O1 - Hosts: 89.149.193.134 us.search.yahoo.com
O1 - Hosts: 89.149.193.134 uk.search.yahoo.com
O1 - Hosts: 89.149.193.134 search.yahoo.com
O1 - Hosts: 89.149.193.134 www.google.com.br
O1 - Hosts: 89.149.193.134 www.google.it
O1 - Hosts: 89.149.193.134 www.google.es
O1 - Hosts: 89.149.193.134 www.google.co.jp
O1 - Hosts: 89.149.193.134 www.google.com.mx
O1 - Hosts: 89.149.193.134 www.google.ca
O1 - Hosts: 89.149.193.134 www.google.com.au
O1 - Hosts: 89.149.193.134 www.google.nl
O1 - Hosts: 89.149.193.134 www.google.co.za
O1 - Hosts: 89.149.193.134 www.google.be
O1 - Hosts: 89.149.193.134 www.google.gr
O1 - Hosts: 89.149.193.134 www.google.at
O1 - Hosts: 89.149.193.134 www.google.se
O1 - Hosts: 89.149.193.134 www.google.ch
O1 - Hosts: 89.149.193.134 www.google.pt
O1 - Hosts: 89.149.193.134 www.google.dk
O1 - Hosts: 89.149.193.134 www.google.fi
O1 - Hosts: 89.149.193.134 www.google.ie
O1 - Hosts: 89.149.193.134 www.google.no
O1 - Hosts: 89.149.193.134 www.google.de
O1 - Hosts: 89.149.193.134 www.google.fr
O1 - Hosts: 2 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2954807375-92768627-1886871889-1121\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe (Zenographics)
O4 - HKLM..\Run: [NA1Messenger] C:\UPS\WSTD\UPSNA1Msgr.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKU\S-1-5-21-2954807375-92768627-1886871889-1121..\Run: [Hqakafi] C:\WINDOWS\lbdipipl.DLL File not found
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\MICROSOFT SQL SERVER\80\TOOLS\BINN\sqlmangr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk = C:\UPS\WSTD\WSTDMessaging.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\WSTD\wstdPldReminder.exe (UPS)
O4 - Startup: C:\Documents and Settings\dave\Start Menu\Programs\Startup\Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2954807375-92768627-1886871889-1121\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2 68.4.16.30 68.4.8.229
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = 686-localdns.com
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/19 08:39:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/10/28 13:03:12 | 000,000,000 | R--D | M] - D:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
Unable to start service SrService!

========== Files/Folders - Created Within 90 Days ==========

[2010/08/02 10:09:55 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\dave\Desktop\OTL.exe
[2010/07/28 13:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/07/28 13:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/07/27 11:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Rainlendar
[2010/07/23 07:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/07/23 07:18:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/07/22 17:38:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Application Data\Malwarebytes
[2010/07/22 17:37:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/22 17:37:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/22 17:37:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/22 17:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/22 17:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Application Data\Windows Search
[2010/07/22 17:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Gibinsoft Shared
[2010/07/22 17:25:20 | 000,000,000 | ---D | C] -- C:\Program Files\GiPo@Utilities
[2010/07/22 17:04:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Local Settings\Application Data\Temp
[2010/07/22 17:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Local Settings\Application Data\Google
[2010/07/22 13:18:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/07/22 13:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Application Data\Avira
[2010/07/22 13:13:40 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/07/22 13:13:34 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/07/22 13:13:34 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/07/22 13:13:34 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/07/22 13:13:34 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/07/22 13:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/07/22 13:13:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/07/22 12:48:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/07/22 12:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/07/22 12:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/07/22 12:01:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/22 12:01:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2010/07/22 12:01:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2010/07/22 11:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Local Settings\Application Data\{E4DB27DF-7475-4EB3-AFAB-AF566B3F07D1}
[2010/07/22 11:04:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Local Settings\Application Data\LogMeIn
[2010/07/22 11:04:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/07/21 11:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\Media Player Classic
[2010/07/21 11:39:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Application Data\Media Player Classic
[2010/07/20 17:42:36 | 000,434,230 | ---- | C] (Best Software Canada Ltd.) -- C:\WINDOWS\System32\PvxOdb32.dll
[2010/07/20 17:42:36 | 000,102,400 | ---- | C] (Best Software Canada Ltd.) -- C:\WINDOWS\System32\pvkiw32.dll
[2010/07/20 17:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\Best Software Canada Ltd
[2010/07/20 17:42:04 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2010/07/20 11:32:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ziusb
[2010/07/20 11:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\Zebra
[2010/07/20 11:28:38 | 000,010,240 | ---- | C] (Number Five Software) -- C:\WINDOWS\System32\drivers\STLD.SYS
[2010/07/20 11:28:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Number Five Software
[2010/07/20 11:28:36 | 000,021,196 | ---- | C] (Number Five Software) -- C:\WINDOWS\System32\drivers\n5lpt.sys
[2010/07/20 11:28:29 | 000,415,232 | ---- | C] (Number Five Software) -- C:\WINDOWS\System32\Scos4com.exe
[2010/07/20 11:28:29 | 000,324,096 | ---- | C] (Number Five Software) -- C:\WINDOWS\System32\Sccpanel.cpl
[2010/07/20 11:28:29 | 000,084,480 | ---- | C] (Number Five Software) -- C:\WINDOWS\System32\Scos3api.dll
[2010/07/20 11:28:28 | 000,036,864 | ---- | C] (Victor Company of Japan, Limited) -- C:\WINDOWS\System32\PCPKSEC.dll
[2010/07/20 11:28:21 | 000,109,056 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\W32cfgcr.dll
[2010/07/20 11:28:21 | 000,098,816 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\W32GR09.DLL
[2010/07/20 11:28:21 | 000,089,600 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\W32gr07.dll
[2010/07/20 11:28:21 | 000,044,032 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\W32gtser.dll
[2010/07/20 11:28:21 | 000,044,032 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\W32gesin.dll
[2010/07/20 11:28:21 | 000,038,912 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\W32gtser.exe
[2010/07/20 11:28:21 | 000,036,352 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\W32GCR40.DLL
[2010/07/20 11:28:21 | 000,026,624 | ---- | C] (Gemplus Development) -- C:\WINDOWS\System32\W32gemer.dll
[2010/07/20 11:28:21 | 000,023,040 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\W32gchan.dll
[2010/07/20 11:28:21 | 000,018,432 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\WGCR40.DLL
[2010/07/20 11:28:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Number Five
[2010/07/20 11:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\Number Five
[2010/07/19 15:04:09 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2010/07/19 15:04:07 | 001,568,768 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagX7.dll
[2010/07/19 15:04:07 | 000,476,320 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXpr7.dll
[2010/07/19 15:04:07 | 000,471,040 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXRA7.dll
[2010/07/19 15:04:07 | 000,262,144 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXR7.dll
[2010/07/19 15:04:07 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2010/07/19 15:04:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2010/07/19 15:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[2010/07/19 13:54:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/19 13:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\Softland
[2010/07/19 13:54:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Application Data\Softland
[2010/07/19 13:54:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Softland
[2010/07/19 13:54:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\My Documents\My Backup4all
[2010/07/19 12:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\UltraFXP
[2010/07/19 11:54:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2010/07/19 11:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2010/07/19 11:51:52 | 000,000,000 | ---D | C] -- C:\Program Files\FedEx
[2010/07/19 11:50:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FedEx
[2010/07/19 11:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ZUD Drivers
[2010/07/19 11:14:40 | 000,000,000 | ---D | C] -- C:\Program Files\MICROSOFT SQL SERVER
[2010/07/19 11:13:55 | 000,000,000 | ---D | C] -- C:\UPS
[2010/07/19 11:10:29 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/07/19 11:09:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/07/19 11:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\My Documents\Updater5
[2010/07/19 11:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/07/19 10:59:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/07/19 10:59:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Local Settings\Application Data\Identities
[2010/07/19 10:59:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Application Data\Windows Desktop Search
[2010/07/19 10:58:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2010/07/19 10:58:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/07/19 10:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Control Panels
[2010/07/19 10:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ALM
[2010/07/19 10:39:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Local Settings\Application Data\Adobe
[2010/07/19 10:31:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/07/19 10:27:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/19 10:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/07/19 10:22:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/07/19 10:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/07/19 10:15:55 | 001,122,304 | ---- | C] (RICOH CO., LTD.) -- C:\WINDOWS\System32\Neo28dat.dll
[2010/07/19 10:15:55 | 000,815,570 | ---- | C] (RICOH CO., LTD.) -- C:\WINDOWS\System32\RC87E140.DLL
[2010/07/19 10:15:55 | 000,595,340 | ---- | C] (RICOH) -- C:\WINDOWS\System32\rpcsecl.dll
[2010/07/19 10:15:55 | 000,167,936 | ---- | C] (Ricoh Co.,Ltd.) -- C:\WINDOWS\System32\JCUI.exe
[2010/07/19 10:15:55 | 000,098,304 | ---- | C] (RICOH CO.,Ltd.) -- C:\WINDOWS\System32\RICJC32.dll
[2010/07/19 10:15:55 | 000,077,824 | ---- | C] (RICOH CO., LTD.) -- C:\WINDOWS\System32\Rc4manNT.dll
[2010/07/19 10:15:55 | 000,069,632 | ---- | C] (RICOH COMPANY,LTD.) -- C:\WINDOWS\System32\TIFmtA.dll
[2010/07/19 10:15:55 | 000,065,536 | ---- | C] (RICOH CO., LTD.) -- C:\WINDOWS\System32\RCPRINT.dll
[2010/07/19 10:15:55 | 000,061,440 | ---- | C] (RICOH COMPANY,LTD.) -- C:\WINDOWS\System32\TrackID.dll
[2010/07/19 10:15:55 | 000,057,344 | ---- | C] (RICOH Co.,Ltd.) -- C:\WINDOWS\System32\rdrvinf.dll
[2010/07/19 10:15:55 | 000,054,784 | ---- | C] (RICOH) -- C:\WINDOWS\System32\rdrvlog.dll
[2010/07/19 10:15:55 | 000,053,248 | ---- | C] (RICOH CO.,Ltd.) -- C:\WINDOWS\System32\RICDB32.dll
[2010/07/19 10:15:55 | 000,049,152 | ---- | C] (RICOH COMPANY,LTD.) -- C:\WINDOWS\System32\TIBase64.dll
[2010/07/19 10:15:55 | 000,037,376 | ---- | C] (RICOH CO.,Ltd.) -- C:\WINDOWS\System32\MFRICRES.dll
[2010/07/19 10:15:55 | 000,032,768 | ---- | C] (RICOH CO., LTD.) -- C:\WINDOWS\System32\RC00C140.dll
[2010/07/19 10:15:55 | 000,027,136 | ---- | C] (RICOH CO., LTD.) -- C:\WINDOWS\System32\RCINST.dll
[2010/07/19 10:15:53 | 000,000,000 | -H-D | C] -- C:\_rpcs
[2010/07/19 10:00:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Desktop\WN10
[2010/07/19 10:00:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Desktop\WN09
[2010/07/19 10:00:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Desktop\SP11
[2010/07/19 10:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Desktop\SP10
[2010/07/19 10:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Desktop\retailer registration forms
[2010/07/19 09:59:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Desktop\resized
[2010/07/19 09:59:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Desktop\albums
[2010/07/19 09:51:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Application Data\Miranda
[2010/07/19 09:50:14 | 000,000,000 | ---D | C] -- C:\Program Files\Miranda IM
[2010/07/19 09:43:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Application Data\Macromedia
[2010/07/19 09:43:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Application Data\Adobe
[2010/07/19 09:36:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\My Documents\Downloads
[2010/07/19 09:34:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Local Settings\Application Data\Mozilla
[2010/07/19 09:34:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Application Data\Mozilla
[2010/07/19 09:19:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\SchCache
[2010/07/19 09:18:37 | 000,000,000 | ---D | C] -- C:\fc_v3
[2010/07/19 09:15:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/07/19 09:15:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/07/19 09:15:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/07/19 09:11:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/07/19 09:11:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Local Settings\Application Data\Microsoft Help
[2010/07/19 09:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/07/19 09:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/07/19 09:11:18 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/07/19 09:09:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Local Settings\Application Data\Symantec
[2010/07/19 09:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/07/19 09:08:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/07/19 09:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Application Data\Identities
[2010/07/19 09:04:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\dave\My Documents\My Pictures
[2010/07/19 09:04:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\dave\My Documents\My Music
[2010/07/19 09:04:39 | 000,000,000 | --SD | C] -- C:\Documents and Settings\dave\Application Data\Microsoft
[2010/07/19 09:04:39 | 000,000,000 | --SD | C] -- C:\Documents and Settings\dave\Cookies
[2010/07/19 09:04:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\dave\SendTo
[2010/07/19 09:04:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\dave\Recent
[2010/07/19 09:04:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\dave\Application Data
[2010/07/19 09:04:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\dave\Start Menu
[2010/07/19 09:04:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\dave\My Documents
[2010/07/19 09:04:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\dave\Favorites
[2010/07/19 09:04:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\dave\Templates
[2010/07/19 09:04:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\dave\PrintHood
[2010/07/19 09:04:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\dave\NetHood
[2010/07/19 09:04:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\dave\Local Settings
[2010/07/19 09:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Local Settings\Application Data\Microsoft
[2010/07/19 09:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Desktop
[2010/07/19 09:03:32 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/07/19 08:59:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2010/07/19 08:58:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2010/07/19 08:58:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/07/19 08:57:50 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/07/19 08:54:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/19 08:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/19 08:51:02 | 000,900,388 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\hpflash1.exe
[2010/07/19 08:51:02 | 000,229,376 | ---- | C] (Zenographics) -- C:\WINDOWS\System32\vsetup.dll
[2010/07/19 08:51:02 | 000,147,456 | ---- | C] (Zenographics) -- C:\WINDOWS\System32\ZUNINST.EXE
[2010/07/19 08:51:02 | 000,090,112 | ---- | C] (Zenographics) -- C:\WINDOWS\apptune.exe
[2010/07/19 08:51:02 | 000,086,016 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\ZSPOOL.DLL
[2010/07/19 08:51:02 | 000,077,824 | ---- | C] (Zenographics) -- C:\WINDOWS\System32\zlmhp1.dll
[2010/07/19 08:51:02 | 000,073,728 | ---- | C] (Zenographics) -- C:\WINDOWS\System32\ZSHP1000.dll
[2010/07/19 08:51:02 | 000,070,656 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\Sd32.dll
[2010/07/19 08:51:02 | 000,054,784 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\zPJL.dll
[2010/07/19 08:51:02 | 000,049,152 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\Zlang.dll
[2010/07/19 08:51:02 | 000,045,056 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\zpp.dll
[2010/07/19 08:51:02 | 000,036,864 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\zpppcl.dll
[2010/07/19 08:51:02 | 000,036,864 | ---- | C] (Zenographics) -- C:\WINDOWS\System32\zstatus.exe
[2010/07/19 08:51:02 | 000,028,672 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\zlm.dll
[2010/07/19 08:51:02 | 000,023,552 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\ZGDI32.DLL
[2010/07/19 08:51:02 | 000,019,456 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\ZTAG32.DLL
[2010/07/19 08:51:02 | 000,012,288 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\IMF32.DLL
[2010/07/19 08:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\hp LaserJet 1000
[2010/07/19 08:50:37 | 000,000,000 | ---D | C] -- C:\lj1488
[2010/07/19 08:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/07/19 08:48:39 | 000,000,000 | ---D | C] -- C:\drvrtmp
[2010/07/19 08:45:36 | 000,991,232 | ---- | C] (Sensaura) -- C:\WINDOWS\System32\virtear.dll
[2010/07/19 08:45:36 | 000,049,152 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\DSndUp.exe
[2010/07/19 08:45:36 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2010/07/19 08:45:36 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/07/19 08:45:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\VirtualEar
[2010/07/19 08:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2010/07/19 08:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/07/19 08:45:25 | 000,311,296 | ---- | C] (Analog Devices Incorporated) -- C:\WINDOWS\System32\Edcrypt.dll
[2010/07/19 08:45:24 | 000,000,000 | ---D | C] -- C:\dell
[2010/07/19 08:44:13 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/07/19 08:43:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/07/19 08:43:12 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/07/19 08:43:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/07/19 08:43:11 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/07/19 08:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/07/19 08:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/07/19 08:43:02 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/07/19 08:41:25 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/07/19 08:41:25 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/07/19 08:41:25 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/07/19 08:40:22 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/07/19 08:39:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/07/19 08:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/07/19 08:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/07/19 08:38:23 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/07/19 08:38:12 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/07/19 08:38:12 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/07/19 08:38:01 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010/07/19 08:37:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010/07/19 08:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/07/19 08:37:23 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/07/19 08:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/07/19 08:37:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/07/19 08:37:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/07/19 08:37:12 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010/07/19 08:36:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/07/19 08:36:48 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010/07/19 08:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010/07/19 08:36:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/07/19 08:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/07/19 08:36:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/07/19 08:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/07/19 08:35:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/07/19 08:35:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/07/19 08:35:40 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010/07/19 08:35:40 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/07/19 08:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/07/19 08:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2010/07/19 08:35:00 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010/07/19 08:34:59 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2010/07/19 08:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2010/07/19 08:34:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/07/19 08:34:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010/07/19 08:34:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010/07/19 08:34:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/07/19 01:29:00 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/07/19 01:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/07/19 01:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010/07/19 01:28:55 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/07/19 01:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010/07/19 01:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2010/07/19 01:28:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/07/19 01:28:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/07/19 01:28:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2010/07/19 01:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2010/07/19 01:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2010/07/19 01:28:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/07/19 01:28:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010/07/19 01:28:11 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/07/19 01:28:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/07/19 01:27:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010/07/19 01:27:48 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/07/19 01:23:58 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010/07/19 01:23:58 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/07/19 01:23:58 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010/07/19 01:23:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/02 10:09:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dave\Desktop\OTL.exe
[2010/08/02 10:08:55 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\dave\NTUSER.DAT
[2010/08/02 03:00:02 | 000,000,542 | ---- | M] () -- C:\WINDOWS\tasks\b4a_Dave's PC Backup.job
[2010/07/29 11:51:57 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/27 13:40:36 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/27 11:08:20 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\dave\Start Menu\Programs\Startup\Rainlendar.lnk
[2010/07/26 16:46:44 | 000,000,300 | ---- | M] () -- C:\Documents and Settings\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to shared-data on 'westlife' (H).lnk
[2010/07/22 18:22:59 | 000,000,199 | ---- | M] () -- C:\WINDOWS\wstdUPSWSHIP.INI
[2010/07/22 18:22:29 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/07/22 18:22:21 | 000,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/22 18:21:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/22 18:21:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/22 18:21:23 | 2146,504,704 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/22 18:20:30 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\dave\ntuser.ini
[2010/07/22 18:20:27 | 004,768,656 | -H-- | M] () -- C:\Documents and Settings\dave\Local Settings\Application Data\IconCache.db
[2010/07/22 12:31:19 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/07/22 12:21:30 | 000,000,819 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/22 12:21:15 | 000,002,496 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2010/07/22 12:21:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\rasacd.vir
[2010/07/22 12:02:24 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2010/07/22 11:28:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\vpc32.INI
[2010/07/22 11:19:45 | 001,497,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/22 11:19:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/22 11:05:05 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Wlatinasuleja.dat
[2010/07/22 11:05:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Fgexamewiga.bin
[2010/07/22 10:38:07 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\dave\Desktop\EUR SP11 SAMPLES.xls
[2010/07/20 17:47:37 | 000,001,168 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/07/20 17:42:37 | 000,004,339 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/20 11:28:16 | 000,000,662 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/20 10:34:11 | 000,049,680 | ---- | M] () -- C:\Documents and Settings\dave\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/19 13:54:21 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/07/19 12:11:29 | 000,001,009 | ---- | M] () -- C:\Documents and Settings\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\FedEx Ship Manager.lnk
[2010/07/19 12:11:07 | 000,000,587 | ---- | M] () -- C:\Documents and Settings\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\UPS WorldShip.lnk
[2010/07/19 11:19:11 | 000,000,635 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk
[2010/07/19 11:19:11 | 000,000,581 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk
[2010/07/19 11:15:19 | 000,492,184 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/19 11:15:19 | 000,434,074 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/19 11:15:19 | 000,074,178 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/19 11:15:10 | 000,001,908 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
[2010/07/19 11:13:23 | 000,002,338 | ---- | M] () -- C:\WINDOWS\System32\msrCheckResult.xml
[2010/07/19 10:58:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/19 10:38:34 | 000,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
[2010/07/19 10:15:57 | 000,000,076 | ---- | M] () -- C:\WINDOWS\ricdb.ini
[2010/07/19 10:15:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\RPCS.ini
[2010/07/19 09:46:48 | 000,000,187 | ---- | M] () -- C:\Documents and Settings\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to WD USB 2 (D).lnk
[2010/07/19 09:18:55 | 000,001,703 | ---- | M] () -- C:\Documents and Settings\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Full CircleŽ.lnk
[2010/07/19 09:07:31 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Shipping.lnk
[2010/07/19 09:06:35 | 000,001,614 | ---- | M] () -- C:\Documents and Settings\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/19 09:04:47 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/07/19 09:03:36 | 000,002,412 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/07/19 09:00:16 | 000,000,008 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/07/19 08:53:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/07/19 08:43:06 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/07/19 08:42:04 | 000,000,780 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/07/19 08:39:25 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/19 08:39:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/07/19 08:39:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/19 08:39:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2010/07/19 08:39:25 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/07/19 08:39:25 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/19 08:39:17 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/07/19 08:39:16 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/07/19 08:39:16 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/19 08:38:12 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/07/19 08:38:12 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/07/19 08:38:05 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/07/19 08:38:05 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/07/19 08:38:05 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/07/19 08:38:05 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/07/19 08:38:05 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/07/19 08:38:05 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/07/19 08:36:05 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/19 08:35:53 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/07/19 08:35:53 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2010/07/19 08:33:51 | 000,000,211 | -HS- | M] () -- C:\BOOT.BAK
[2010/07/19 01:29:04 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/07/19 01:28:55 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/06 14:22:44 | 000,779,922 | ---- | M] () -- C:\Documents and Settings\dave\Desktop\hscsg.pdf
[2010/06/21 15:13:14 | 000,933,868 | ---- | M] () -- C:\Documents and Settings\dave\Desktop\AT&T Local.pdf
[2010/06/21 12:08:08 | 000,823,996 | ---- | M] () -- C:\Documents and Settings\dave\Desktop\AT&T Summary.pdf
[2010/06/02 14:31:54 | 000,517,959 | ---- | M] () -- C:\Documents and Settings\dave\Desktop\Dueler AT RH-S.pdf
[2010/06/02 13:23:30 | 000,024,683 | ---- | M] () -- C:\Documents and Settings\dave\Desktop\Bridgestone Dueler AT RH-S.jpg
[2010/05/17 11:01:30 | 000,055,808 | ---- | M] () -- C:\Documents and Settings\dave\Desktop\Suspense report Westlife May 2010.xls
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/27 13:40:36 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/27 11:08:20 | 000,001,592 | ---- | C] () -- C:\Documents and Settings\dave\Start Menu\Programs\Startup\Rainlendar.lnk
[2010/07/26 16:46:44 | 000,000,300 | ---- | C] () -- C:\Documents and Settings\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to shared-data on 'westlife' (H).lnk
[2010/07/22 18:21:23 | 2146,504,704 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/22 12:21:15 | 000,002,496 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2010/07/22 12:21:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\rasacd.vir
[2010/07/22 12:17:10 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/07/22 12:02:23 | 000,000,211 | -HS- | C] () -- C:\BOOT.BAK
[2010/07/22 12:02:17 | 000,260,288 | RHS- | C] () -- C:\cmldr
[2010/07/22 11:28:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010/07/22 11:05:05 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Wlatinasuleja.dat
[2010/07/22 11:05:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Fgexamewiga.bin
[2010/07/20 17:42:36 | 000,037,062 | ---- | C] () -- C:\WINDOWS\System32\ODBCINST.HLP
[2010/07/20 17:42:36 | 000,016,119 | ---- | C] () -- C:\WINDOWS\System32\ODBCINST.CHM
[2010/07/20 11:28:33 | 000,008,284 | ---- | C] () -- C:\WINDOWS\System32\N5lpt.vxd
[2010/07/20 11:28:29 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\Scos4prx.dll
[2010/07/19 14:14:57 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/19 13:58:31 | 000,000,542 | ---- | C] () -- C:\WINDOWS\tasks\b4a_Dave's PC Backup.job
[2010/07/19 13:54:20 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/07/19 12:11:29 | 000,001,009 | ---- | C] () -- C:\Documents and Settings\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\FedEx Ship Manager.lnk
[2010/07/19 12:11:07 | 000,000,587 | ---- | C] () -- C:\Documents and Settings\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\UPS WorldShip.lnk
[2010/07/19 11:19:20 | 000,000,199 | ---- | C] () -- C:\WINDOWS\wstdUPSWSHIP.INI
[2010/07/19 11:19:11 | 000,000,635 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk
[2010/07/19 11:19:11 | 000,000,581 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk
[2010/07/19 11:15:10 | 000,001,908 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
[2010/07/19 11:14:37 | 000,001,168 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/07/19 11:13:22 | 000,002,338 | ---- | C] () -- C:\WINDOWS\System32\msrCheckResult.xml
[2010/07/19 10:38:34 | 000,002,337 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/07/19 10:38:34 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
[2010/07/19 10:35:02 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2010/07/19 10:15:56 | 000,000,076 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2010/07/19 10:15:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2010/07/19 10:03:41 | 000,017,653 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\WestlifeCategories.xlsx
[2010/07/19 10:03:40 | 003,888,255 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\WEDDING TIMELINE.jpg
[2010/07/19 10:03:40 | 000,995,328 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\warranty3.mdb
[2010/07/19 10:03:40 | 000,514,355 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\SLI.pdf
[2010/07/19 10:03:40 | 000,075,010 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\Westlife - Online Closeouts and Price Adjustments.xlsx
[2010/07/19 10:03:40 | 000,057,856 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\SP10 Products MASTER.xls
[2010/07/19 10:03:40 | 000,055,808 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\Suspense report Westlife May 2010.xls
[2010/07/19 10:03:39 | 000,779,922 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\hscsg.pdf
[2010/07/19 10:03:39 | 000,103,988 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\Home_Occ_Permit.pdf
[2010/07/19 10:03:39 | 000,041,862 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\Rhenus Freight Billing.pdf
[2010/07/19 10:03:39 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\PRE-SET COMM INV.xls
[2010/07/19 10:03:39 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\Guest_List_Spreadsheet.xls
[2010/07/19 10:03:39 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\fill issues NRI.xls
[2010/07/19 10:03:39 | 000,011,648 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\retailer registration list.xlsx
[2010/07/19 10:03:29 | 003,916,852 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\FAQ - NEW LOGO.jpg
[2010/07/19 10:03:29 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\EUR SP11 SAMPLES.xls
[2010/07/19 10:03:28 | 003,247,327 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\Collections - NEW LOGO.jpg
[2010/07/19 10:03:28 | 001,003,430 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\Dicks TMS_user_guide.pdf
[2010/07/19 10:03:28 | 000,933,868 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\AT&T Local.pdf
[2010/07/19 10:03:28 | 000,823,996 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\AT&T Summary.pdf
[2010/07/19 10:03:28 | 000,517,959 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\Dueler AT RH-S.pdf
[2010/07/19 10:03:28 | 000,233,501 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\confMarriageApp.pdf
[2010/07/19 10:03:28 | 000,120,329 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\bill of lading.pdf
[2010/07/19 10:03:28 | 000,024,683 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\Bridgestone Dueler AT RH-S.jpg
[2010/07/19 10:03:28 | 000,012,074 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\Dicks Guidelines.docx
[2010/07/19 10:03:27 | 003,702,843 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\A La Carte NEW LOGO.jpg
[2010/07/19 10:03:27 | 002,277,888 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\686SACK.com Instructions.doc
[2010/07/19 10:03:27 | 000,651,336 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\686SACK Terms & Conditions.xlsx
[2010/07/19 09:46:48 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to WD USB 2 (D).lnk
[2010/07/19 09:18:55 | 000,001,703 | ---- | C] () -- C:\Documents and Settings\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Full CircleŽ.lnk
[2010/07/19 09:07:31 | 000,000,372 | ---- | C] () -- C:\Documents and Settings\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Shipping.lnk
[2010/07/19 09:06:35 | 000,001,614 | ---- | C] () -- C:\Documents and Settings\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/19 09:04:47 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/07/19 09:04:39 | 002,097,152 | -H-- | C] () -- C:\Documents and Settings\dave\NTUSER.DAT
[2010/07/19 09:04:39 | 000,020,480 | -H-- | C] () -- C:\Documents and Settings\dave\ntuser.dat.LOG
[2010/07/19 09:04:39 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\dave\ntuser.ini
[2010/07/19 09:03:36 | 000,002,412 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/07/19 09:00:16 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/07/19 08:58:09 | 000,186,097 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/19 08:58:09 | 000,018,070 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010/07/19 08:53:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/19 08:51:04 | 000,233,525 | ---- | C] () -- C:\WINDOWS\System32\isutil.dll
[2010/07/19 08:51:02 | 000,115,061 | ---- | C] () -- C:\WINDOWS\System32\sihp1000.img
[2010/07/19 08:51:02 | 000,007,315 | ---- | C] () -- C:\WINDOWS\System32\ZShp1000.hlp
[2010/07/19 08:51:02 | 000,001,145 | ---- | C] () -- C:\WINDOWS\System32\SDhp1000.UNZ
[2010/07/19 08:51:02 | 000,000,271 | ---- | C] () -- C:\WINDOWS\apptune.ini
[2010/07/19 08:48:41 | 000,005,110 | R--- | C] () -- C:\WINDOWS\System32\e100b325.din
[2010/07/19 08:48:39 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2010/07/19 08:43:06 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/07/19 08:42:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/19 08:41:48 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/07/19 08:41:21 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/07/19 08:41:21 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/07/19 08:41:19 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/07/19 08:41:03 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/07/19 08:41:02 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/07/19 08:40:56 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/07/19 08:40:55 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/07/19 08:40:53 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/07/19 08:40:44 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/07/19 08:40:39 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/07/19 08:40:35 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/07/19 08:40:25 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/07/19 08:40:22 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/07/19 08:40:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/07/19 08:40:21 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/07/19 08:40:21 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/07/19 08:40:21 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/07/19 08:40:21 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/07/19 08:40:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/07/19 08:40:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/07/19 08:40:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/07/19 08:40:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/07/19 08:40:20 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/07/19 08:40:20 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/07/19 08:40:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/07/19 08:40:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/07/19 08:40:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/07/19 08:40:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/07/19 08:40:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/07/19 08:40:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/07/19 08:40:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/07/19 08:40:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/07/19 08:40:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/07/19 08:40:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/07/19 08:40:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/07/19 08:40:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/07/19 08:40:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/07/19 08:40:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/07/19 08:40:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/07/19 08:40:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/07/19 08:40:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/07/19 08:40:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/07/19 08:40:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/07/19 08:40:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/07/19 08:40:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/07/19 08:40:18 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/07/19 08:40:18 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/07/19 08:40:18 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/07/19 08:40:18 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/07/19 08:40:18 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/07/19 08:40:18 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/07/19 08:40:18 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/07/19 08:40:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/07/19 08:40:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/07/19 08:40:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/07/19 08:40:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/07/19 08:40:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/07/19 08:40:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/07/19 08:40:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/07/19 08:40:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/07/19 08:40:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/07/19 08:40:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/07/19 08:40:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/07/19 08:40:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/07/19 08:40:16 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/07/19 08:40:16 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/07/19 08:40:16 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/07/19 08:40:16 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/07/19 08:40:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/07/19 08:40:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/07/19 08:40:15 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/07/19 08:40:15 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/07/19 08:39:25 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/19 08:39:25 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/07/19 08:39:25 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/07/19 08:39:25 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010/07/19 08:39:25 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010/07/19 08:39:16 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/07/19 08:39:16 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/19 08:39:15 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/07/19 08:38:12 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/07/19 08:38:12 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/07/19 08:38:05 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/07/19 08:38:05 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/07/19 08:38:05 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/07/19 08:38:05 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/07/19 08:38:05 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/07/19 08:38:05 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/07/19 08:37:48 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2010/07/19 08:37:34 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010/07/19 08:37:34 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010/07/19 08:37:28 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2010/07/19 08:36:53 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2010/07/19 08:36:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/19 08:35:17 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/07/19 08:35:17 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/07/19 08:35:17 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/07/19 08:35:17 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/07/19 08:35:17 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/07/19 08:35:17 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/07/19 08:35:16 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2010/07/19 08:35:16 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/07/19 08:35:16 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2010/07/19 08:35:16 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/07/19 08:35:16 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/07/19 08:35:16 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2010/07/19 08:35:16 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/07/19 08:35:16 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2010/07/19 08:35:16 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2010/07/19 08:35:16 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2010/07/19 08:35:16 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/07/19 08:35:15 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2010/07/19 08:35:15 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2010/07/19 08:35:14 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010/07/19 08:35:14 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010/07/19 08:35:13 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010/07/19 08:35:08 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2010/07/19 01:29:04 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2010/07/19 01:29:03 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/07/19 01:28:57 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2010/07/19 01:28:57 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2010/07/19 01:28:56 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2010/07/19 01:28:56 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2010/07/19 01:28:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
[2010/07/19 01:28:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2010/07/19 01:28:52 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls
[2010/07/19 01:28:52 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2010/07/19 01:28:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
[2010/07/19 01:28:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2010/07/19 01:28:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls
[2010/07/19 01:28:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2010/07/19 01:28:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
[2010/07/19 01:28:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2010/07/19 01:28:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls
[2010/07/19 01:28:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2010/07/19 01:28:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls
[2010/07/19 01:28:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2010/07/19 01:28:49 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls
[2010/07/19 01:28:49 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2010/07/19 01:28:49 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls
[2010/07/19 01:28:49 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2010/07/19 01:28:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls
[2010/07/19 01:28:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2010/07/19 01:28:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
[2010/07/19 01:28:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2010/07/19 01:28:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls
[2010/07/19 01:28:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2010/07/19 01:28:48 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls
[2010/07/19 01:28:48 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2010/07/19 01:28:48 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls
[2010/07/19 01:28:48 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2010/07/19 01:28:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
[2010/07/19 01:28:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2010/07/19 01:28:47 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls
[2010/07/19 01:28:47 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2010/07/19 01:28:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls
[2010/07/19 01:28:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2010/07/19 01:28:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls
[2010/07/19 01:28:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2010/07/19 01:28:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls
[2010/07/19 01:28:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2010/07/19 01:28:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
[2010/07/19 01:28:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2010/07/19 01:28:40 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/07/19 01:28:29 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/07/19 01:28:29 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/07/19 01:28:29 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/07/19 01:28:29 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/07/19 01:28:29 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/07/19 01:28:29 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/07/19 01:28:29 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/07/19 01:28:29 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/07/19 01:28:29 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/07/19 01:28:29 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/07/19 01:28:29 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/07/19 01:28:29 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/07/19 01:28:29 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/07/19 01:28:29 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/07/19 01:28:28 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/07/19 01:28:28 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2010/07/19 01:28:28 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/07/19 01:28:28 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/07/19 01:28:27 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/07/19 01:27:47 | 001,497,184 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/19 01:27:15 | 000,000,282 | RHS- | C] () -- C:\boot.ini
[2010/07/19 01:27:11 | 000,000,780 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2008/05/16 14:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 14:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/16 14:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 14:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/16 14:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/02/02 09:26:46 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\eltnlpt.sys
[2003/04/08 13:41:20 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\nssckbi.dll

========== LOP Check ==========

[2010/07/19 11:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FedEx
[2010/07/22 12:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/07/22 11:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/07/19 13:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softland
[2010/07/19 11:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2010/08/02 10:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/19 09:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dave\Application Data\Miranda
[2010/07/19 13:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dave\Application Data\Softland
[2010/07/19 10:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dave\Application Data\Windows Desktop Search
[2010/07/22 17:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dave\Application Data\Windows Search
[2010/08/02 03:00:02 | 000,000,542 | ---- | M] () -- C:\WINDOWS\Tasks\b4a_Dave's PC Backup.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 21:41:52 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/07/19 01:27:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/07/19 01:27:14 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/07/19 01:27:14 | 000,913,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2010/07/19 08:39:25 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/19 08:33:51 | 000,000,211 | -HS- | M] () -- C:\BOOT.BAK
[2010/07/22 12:02:24 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2008/04/13 16:02:08 | 000,260,288 | RHS- | M] () -- C:\cmldr
[2010/07/19 08:39:25 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/07/23 12:00:02 | 000,006,388 | ---- | M] () -- C:\count_log_out.txt
[2010/07/19 11:55:28 | 008,069,296 | ---- | M] () -- C:\FSMMSILog.txt
[2010/07/22 18:21:23 | 2146,504,704 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/19 08:39:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/19 08:39:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/13 14:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/13 16:01:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/22 18:21:21 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2001/12/15 12:10:36 | 000,009,728 | ---- | M] (Zenographics, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\IMFPRINT.DLL
[2001/12/15 12:10:36 | 001,941,504 | ---- | M] (Hewlett-Packard Corp.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\pcldll6l.dll
[2001/12/15 12:10:36 | 000,045,056 | ---- | M] (Zenographics, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\zpp.dll
[2001/12/15 12:10:36 | 000,036,864 | ---- | M] (Zenographics, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\zpppcl.dll

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2008/04/13 21:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/13 17:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2008/04/13 21:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 16:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 21:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 21:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 21:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 21:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/13 21:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 21:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USER32.DLL >
[2008/04/13 21:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\dllcache\user32.dll
[2008/04/13 21:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< MD5 for: WS2_32.DLL >
[2008/04/13 21:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008/04/13 21:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"AutoInstallMinorUpdates" = 1

========== Alternate Data Streams ==========

@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:21654C57
< End of report >

Attached Files

  • Attached File  ark.txt   229.96KB   5 downloads


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:01 PM

Posted 02 August 2010 - 05:44 PM

Hello, dave richards.
Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 dave richards

dave richards
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 02 August 2010 - 06:15 PM

Ok, ComboFix.txt attached. So far the redirect problem seems to have now been fixed.

Attached Files



#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:01 PM

Posted 04 August 2010 - 05:59 PM

Hello, dave richards.

Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
http://www.bleepingcomputer.com/forums/t/334075/browser-search-results-being-redirected/

Collect::
c:\windows\Wlatinasuleja.dat
c:\windows\Fgexamewiga.bin
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]


Save this as CFScript.txt





Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 dave richards

dave richards
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 04 August 2010 - 06:29 PM

ComboFix 10-08-04.04 - dave 08/04/2010 16:12:00.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1254 [GMT -7:00]
Running from: c:\documents and settings\dave\Desktop\etavaresCF.exe
Command switches used :: c:\documents and settings\dave\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

file zipped: c:\windows\Fgexamewiga.bin
file zipped: c:\windows\Wlatinasuleja.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Fgexamewiga.bin
c:\windows\Wlatinasuleja.dat

.
((((((((((((((((((((((((( Files Created from 2010-07-04 to 2010-08-04 )))))))))))))))))))))))))))))))
.

2010-08-03 17:29 . 2010-08-03 17:29 -------- d-s---w- c:\documents and settings\dave\UserData
2010-08-02 23:00 . 2010-08-02 23:00 -------- d-----w- c:\documents and settings\dave\Local Settings\Application Data\PCHealth
2010-07-27 18:08 . 2010-07-27 18:08 -------- d-----w- c:\program files\Rainlendar
2010-07-23 14:18 . 2010-07-23 14:18 -------- d-----w- c:\program files\Symantec
2010-07-23 00:38 . 2010-07-23 00:38 -------- d-----w- c:\documents and settings\dave\Application Data\Malwarebytes
2010-07-23 00:37 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-23 00:37 . 2010-07-23 00:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-23 00:37 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-23 00:37 . 2010-07-23 00:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-23 00:30 . 2010-07-23 00:30 -------- d-----w- c:\documents and settings\dave\Application Data\Windows Search
2010-07-23 00:25 . 2010-07-23 00:25 -------- d-----w- c:\program files\Common Files\Gibinsoft Shared
2010-07-23 00:25 . 2010-07-23 00:25 -------- d-----w- c:\program files\GiPo@Utilities
2010-07-23 00:04 . 2010-07-23 00:05 -------- d-----w- c:\documents and settings\dave\Local Settings\Application Data\Temp
2010-07-23 00:04 . 2010-07-23 02:09 -------- d-----w- c:\documents and settings\dave\Local Settings\Application Data\Google
2010-07-22 20:18 . 2010-07-23 01:24 -------- d-----w- c:\windows\system32\NtmsData
2010-07-22 20:17 . 2010-07-22 20:17 -------- d-----w- c:\documents and settings\dave\Application Data\Avira
2010-07-22 20:13 . 2010-03-01 17:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-07-22 20:13 . 2010-02-16 21:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-22 20:13 . 2009-05-11 19:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-07-22 20:13 . 2009-05-11 19:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-07-22 20:13 . 2010-07-22 20:13 -------- d-----w- c:\program files\Avira
2010-07-22 20:13 . 2010-07-22 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-07-22 19:21 . 2010-07-22 19:21 0 ----a-w- c:\windows\system32\drivers\rasacd.vir
2010-07-22 19:17 . 2010-07-22 19:31 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-07-22 19:09 . 2010-07-22 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-07-22 19:09 . 2010-07-22 19:09 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-07-22 18:04 . 2010-07-22 18:04 -------- d-----w- c:\documents and settings\dave\Local Settings\Application Data\LogMeIn
2010-07-22 18:04 . 2010-07-22 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
2010-07-21 18:39 . 2010-07-21 18:39 -------- d-----w- c:\program files\Media Player Classic
2010-07-21 18:39 . 2010-07-21 18:39 -------- d-----w- c:\documents and settings\dave\Application Data\Media Player Classic
2010-07-21 00:42 . 2002-07-16 10:21 434230 ----a-w- c:\windows\system32\PvxOdb32.dll
2010-07-21 00:42 . 2002-07-16 10:21 102400 ----a-w- c:\windows\system32\pvkiw32.dll
2010-07-21 00:42 . 2010-07-21 00:42 -------- d-----w- c:\program files\Best Software Canada Ltd
2010-07-21 00:42 . 1998-02-07 05:37 299520 ----a-w- c:\windows\uninst.exe
2010-07-20 22:18 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-07-20 22:18 . 2008-04-14 12:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-07-20 22:18 . 2008-04-14 07:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-07-20 22:18 . 2008-04-14 07:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-07-20 18:32 . 2010-07-20 18:32 -------- d-----w- c:\windows\ziusb
2010-07-20 18:32 . 2010-07-20 18:32 -------- d-----w- c:\program files\Zebra
2010-07-19 22:04 . 2004-03-03 00:37 125184 ------w- c:\windows\system32\drivers\imagesrv.sys
2010-07-19 22:04 . 2004-03-03 00:37 5504 ------w- c:\windows\system32\drivers\imagedrv.sys
2010-07-19 22:04 . 2000-06-26 18:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2010-07-19 22:04 . 2010-07-19 22:04 -------- d-----w- c:\program files\Common Files\Ahead
2010-07-19 22:04 . 2004-07-27 00:16 476320 ------w- c:\windows\system32\ImagXpr7.dll
2010-07-19 22:04 . 2004-07-27 00:16 471040 ------w- c:\windows\system32\ImagXRA7.dll
2010-07-19 22:04 . 2004-07-27 00:16 262144 ------w- c:\windows\system32\ImagXR7.dll
2010-07-19 22:04 . 2004-07-27 00:16 1568768 ------w- c:\windows\system32\ImagX7.dll
2010-07-19 22:04 . 2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2010-07-19 22:04 . 2010-07-19 22:04 -------- d-----w- c:\program files\Ahead
2010-07-19 20:54 . 2010-02-09 00:24 188928 ----a-w- c:\documents and settings\dave\Application Data\Softland\Backup4all Professional 4\Plugins\MicrosoftOutlookSources.dll
2010-07-19 20:54 . 2010-02-09 00:24 173056 ----a-w- c:\documents and settings\dave\Application Data\Softland\Backup4all Professional 4\Plugins\OutlookExpressSources.dll
2010-07-19 20:54 . 2010-08-04 17:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-19 20:54 . 2010-07-19 20:54 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-19 20:54 . 2010-07-19 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Softland
2010-07-19 20:54 . 2010-07-19 20:54 -------- d-----w- c:\program files\Softland
2010-07-19 20:54 . 2010-07-19 20:54 -------- d-----w- c:\documents and settings\dave\Application Data\Softland
2010-07-19 19:25 . 2010-06-01 18:44 3907584 ----a-w- c:\documents and settings\dave\Application Data\Mozilla\Firefox\Profiles\80768l5f.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
2010-07-19 19:25 . 2010-01-25 18:58 462848 ----a-w- c:\documents and settings\dave\Application Data\Mozilla\Firefox\Profiles\80768l5f.default\extensions\LogMeInClient@logmein.com\plugins\ractrlkeyhook.dll
2010-07-19 19:25 . 2010-01-15 21:26 70984 ----a-w- c:\documents and settings\dave\Application Data\Mozilla\Firefox\Profiles\80768l5f.default\extensions\LogMeInClient@logmein.com\plugins\LMIProxyHelper.exe
2010-07-19 19:25 . 2010-01-15 21:25 864256 ----a-w- c:\documents and settings\dave\Application Data\Mozilla\Firefox\Profiles\80768l5f.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardianDll.dll
2010-07-19 19:25 . 2010-01-15 21:25 315392 ----a-w- c:\documents and settings\dave\Application Data\Mozilla\Firefox\Profiles\80768l5f.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardianEvt.dll
2010-07-19 19:25 . 2010-01-15 21:25 372736 ----a-w- c:\documents and settings\dave\Application Data\Mozilla\Firefox\Profiles\80768l5f.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardian.exe
2010-07-19 19:16 . 2010-07-27 22:23 -------- d---a-w- c:\program files\UltraFXP
2010-07-19 19:00 . 2010-07-19 19:00 20 ----a-w- c:\documents and settings\All Users\Application Data\FedEx\FSM\LDS\BACKUP\Mci1NP00.SCR
2010-07-19 19:00 . 2010-07-19 19:00 18 ----a-w- c:\documents and settings\All Users\Application Data\FedEx\FSM\LDS\DLOAD\MCI1NP00.SCR
2010-07-19 18:54 . 2010-07-19 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\SQL Anywhere 11
2010-07-19 18:52 . 2010-07-19 18:52 -------- d-----w- c:\program files\Common Files\Intuit
2010-07-19 18:51 . 2010-07-19 18:51 -------- d-----w- c:\program files\FedEx
2010-07-19 18:50 . 2010-07-19 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\FedEx
2010-07-19 18:43 . 2010-07-19 18:43 -------- d-----w- c:\program files\Common Files\ZUD Drivers
2010-07-19 18:15 . 2002-12-18 00:23 33340 ----a-w- c:\windows\system32\dbmsqlgc.dll
2010-07-19 18:15 . 2002-10-20 22:05 24576 ----a-w- c:\windows\system32\dbmsgnet.dll
2010-07-19 18:15 . 1998-10-29 23:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-07-19 18:14 . 2010-07-19 18:14 -------- d-----w- c:\program files\MICROSOFT SQL SERVER
2010-07-19 18:13 . 2010-08-03 18:32 -------- d-----w- C:\UPS
2010-07-19 18:04 . 2010-07-19 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-07-19 17:59 . 2010-07-19 23:37 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-07-19 17:59 . 2010-07-19 17:59 -------- d-----w- c:\documents and settings\dave\Local Settings\Application Data\Identities
2010-07-19 17:59 . 2010-07-19 17:59 -------- d-----w- c:\documents and settings\dave\Application Data\Windows Desktop Search
2010-07-19 17:58 . 2010-07-19 17:58 -------- d-----w- c:\program files\Windows Desktop Search
2010-07-19 17:58 . 2010-07-19 17:58 -------- d-----w- c:\windows\system32\GroupPolicy
2010-07-19 17:58 . 2007-09-27 17:46 23856 ----a-w- c:\windows\system32\spupdsvc.exe
2010-07-19 17:45 . 2010-07-19 17:45 -------- d-----w- c:\program files\Common Files\Control Panels
2010-07-19 17:42 . 2010-07-19 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM
2010-07-19 17:39 . 2010-07-27 20:57 -------- d-----w- c:\documents and settings\dave\Local Settings\Application Data\Adobe
2010-07-19 17:35 . 2007-02-20 23:04 190696 ----a-w- c:\windows\system32\NPSWF32_FlashUtil.exe
2010-07-19 17:35 . 2007-02-20 23:04 2463976 ----a-w- c:\windows\system32\NPSWF32.dll
2010-07-19 17:27 . 2010-07-19 17:27 -------- d-----w- c:\program files\Bonjour
2010-07-19 17:22 . 2010-07-19 17:22 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-07-19 17:20 . 2010-07-19 17:48 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-19 16:51 . 2010-07-19 16:51 -------- d-----w- c:\documents and settings\dave\Application Data\Miranda
2010-07-19 16:50 . 2010-07-19 16:50 -------- d-----w- c:\program files\Miranda IM
2010-07-19 16:48 . 2010-07-20 17:34 49680 ----a-w- c:\documents and settings\dave\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-19 16:34 . 2010-07-19 16:34 -------- d-----w- c:\documents and settings\dave\Local Settings\Application Data\Mozilla
2010-07-19 16:19 . 2010-07-19 16:19 -------- d-----w- c:\windows\SchCache
2010-07-19 16:18 . 2010-07-19 16:18 28542 ----a-r- c:\documents and settings\dave\Application Data\Microsoft\Installer\{0EBF2022-B80A-4D24-96FD-4D3BB8D1ED4B}\NewShortcut1_E8136D2DC10B40309C64CEBE5C76D16D.exe
2010-07-19 16:18 . 2010-07-19 16:18 28542 ----a-r- c:\documents and settings\dave\Application Data\Microsoft\Installer\{0EBF2022-B80A-4D24-96FD-4D3BB8D1ED4B}\Full_Circle_v31_E8136D2DC10B40309C64CEBE5C76D16D.exe
2010-07-19 16:18 . 2010-07-19 16:18 28542 ----a-r- c:\documents and settings\dave\Application Data\Microsoft\Installer\{0EBF2022-B80A-4D24-96FD-4D3BB8D1ED4B}\ARPPRODUCTICON.exe
2010-07-19 16:18 . 2010-08-03 18:47 -------- d-----w- C:\fc_v3
2010-07-19 16:15 . 2010-07-19 16:15 -------- d-----w- c:\program files\Microsoft Works
2010-07-19 16:11 . 2010-07-19 16:12 -------- d-----w- c:\windows\SHELLNEW
2010-07-19 16:11 . 2010-07-19 16:11 -------- d-----w- c:\documents and settings\dave\Local Settings\Application Data\Microsoft Help
2010-07-19 16:11 . 2010-07-19 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-19 16:11 . 2010-07-19 16:11 -------- d-----r- C:\MSOCache
2010-07-19 16:09 . 2010-07-19 16:09 -------- d-----w- c:\documents and settings\dave\Local Settings\Application Data\Symantec
2010-07-19 16:08 . 2010-07-23 14:18 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-19 16:08 . 2010-07-23 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-19 16:00 . 2010-07-19 16:00 8 ----a-w- c:\windows\system32\nvModes.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-20 18:33 . 2010-07-19 15:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-20 18:28 . 2010-07-20 18:28 -------- d-----w- c:\program files\Common Files\Number Five Software
2010-07-20 18:28 . 2010-07-20 18:28 -------- d-----w- c:\program files\Common Files\Number Five
2010-07-20 18:28 . 2010-07-20 18:28 -------- d-----w- c:\program files\Number Five
2010-07-20 15:47 . 2010-07-19 15:38 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-19 19:00 . 2010-04-16 23:19 20 ----a-w- c:\documents and settings\All Users\Application Data\FedEx\FSM\SCRIPT\MCI1NP00.SCR
2010-07-19 16:18 . 2010-07-19 15:45 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-19 15:59 . 2010-07-19 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-07-19 15:53 . 2010-07-19 15:53 0 ----a-w- c:\windows\nsreg.dat
2010-07-19 15:51 . 2010-07-19 15:51 -------- d-----w- c:\program files\hp LaserJet 1000
2010-07-19 15:45 . 2010-07-19 15:45 -------- d-----w- c:\program files\Analog Devices
2010-07-19 15:44 . 2010-07-19 15:44 12328 ----a-w- c:\documents and settings\dave-desktop\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-19 15:39 . 2010-07-19 15:39 -------- d-----w- c:\program files\microsoft frontpage
2010-07-19 15:36 . 2010-07-19 15:36 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"hp 1000 firmware"="c:\program files\hp LaserJet 1000\fwdl.exe" [2001-12-15 36864]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"NA1Messenger"="c:\ups\WSTD\UPSNA1Msgr.exe" [2008-12-04 24576]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\documents and settings\dave\Start Menu\Programs\Startup\
Rainlendar.lnk - c:\program files\Rainlendar\Rainlendar.exe [2003-6-8 49152]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2010-7-19 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Service Manager.lnk - c:\program files\MICROSOFT SQL SERVER\80\TOOLS\BINN\sqlmangr.exe [2005-5-3 81920]
UPS WorldShip Messaging Utility.lnk - c:\ups\WSTD\WSTDMessaging.exe [2008-12-4 65536]
UPS WorldShip PLD Reminder Utility.lnk - c:\ups\WSTD\wstdPldReminder.exe [2008-12-2 31744]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/22/2010 1:13 PM 135336]
R2 ELTNLPT;ELTNLPT;c:\windows\system32\drivers\eltnlpt.sys [2/2/2005 9:26 AM 17272]
R2 FedExAdminService;FedEx Administration Service;c:\program files\FedEx\ShipManager\BIN\AdminService.exe [4/16/2010 4:24 PM 24576]
R2 FedExLoggingService;FedEx Logging Service;c:\program files\FedEx\ShipManager\BIN\FedEx.Gsm.Common.LoggingService.exe [4/16/2010 4:23 PM 7168]
R2 FedExShipnetDBService;FedEx Shipnet Database Service;c:\program files\FedEx\ShipManager\SQLAnywhere\Bin32\dbsrv11.exe [4/16/2010 4:18 PM 130352]
R2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER --> c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER [?]
R2 n5lpt.sys;N5 Print Device;c:\windows\system32\drivers\n5lpt.sys [7/20/2010 11:28 AM 21196]
R2 Stld;Stld;c:\windows\system32\drivers\STLD.SYS [7/20/2010 11:28 AM 10240]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/19/2010 1:54 PM 691696]
S2 key5usb;KeyFive USB Reader;c:\windows\system32\drivers\key5usb.sys [7/24/2009 11:11 AM 17652]
S3 FedExShipService;FedEx Shipping Engine;c:\program files\FedEx\ShipManager\BIN\ShipEngineService.exe [4/16/2010 4:26 PM 5120]
S3 FedExTransactionService;FedEx Transaction Engine;c:\program files\FedEx\ShipManager\BIN\TransEngineService.exe [4/16/2010 4:26 PM 6656]
S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER --> c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER [?]
.
Contents of the 'Scheduled Tasks' folder

2010-08-04 c:\windows\Tasks\b4a_Dave's PC Backup.job
- c:\program files\Softland\Backup4all Professional 4\b4aSchedStarter.exe [2010-03-03 19:22]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\dave\Application Data\Mozilla\Firefox\Profiles\80768l5f.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\documents and settings\dave\Application Data\Mozilla\Firefox\Profiles\80768l5f.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-04 16:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(724)
c:\program files\Bonjour\mdnsNSP.dll
.
Completion time: 2010-08-04 16:18:41
ComboFix-quarantined-files.txt 2010-08-04 23:18
ComboFix2.txt 2010-08-02 23:09

Pre-Run: 38,607,470,592 bytes free
Post-Run: 38,606,270,464 bytes free

- - End Of File - - 1976BF031460A61CB624D7F70C14F37F
Upload was successful

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:01 PM

Posted 05 August 2010 - 06:00 PM

Hello, dave richards.


Step 1

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :OTL
    SRV - File not found [On_Demand | Stopped] -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate)
    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\S-1-5-21-2954807375-92768627-1886871889-1121..\Run: [Hqakafi] C:\WINDOWS\lbdipipl.DLL File not found
    O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found
    O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    :Commands
    [EmptyTemp]
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.



Step 2

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.



Step 3

Download and run HAMeb_check.exe
Post the contents of the resulting log.



Step 4

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 dave richards

dave richards
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 09 August 2010 - 12:17 PM

OTL FIX Log:

All processes killed
========== OTL ==========
Service LiveUpdate stopped successfully!
Service LiveUpdate deleted successfully!
File C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE not found.
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File C:\WINDOWS\System32\hidserv.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_USERS\S-1-5-21-2954807375-92768627-1886871889-1121\Software\Microsoft\Windows\CurrentVersion\Run\\Hqakafi not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall Adobe Download Manager not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: dave
->Temp folder emptied: 937231 bytes
->Temporary Internet Files folder emptied: 2184806 bytes
->FireFox cache emptied: 92953814 bytes
->Flash cache emptied: 25265 bytes

User: dave-desktop
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 8677347 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5951488 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 108.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08052010_160246

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


OTL Log:

OTL logfile created on: 8/5/2010 4:08:08 PM - Run 4
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\dave\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.87 Gb Total Space | 36.04 Gb Free Space | 64.52% Space Free | Partition Type: NTFS
Drive D: | 111.76 Gb Total Space | 82.53 Gb Free Space | 73.85% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 56.35 Gb Total Space | 19.46 Gb Free Space | 34.53% Space Free | Partition Type: NTFS
Drive I: | 28.40 Gb Total Space | 15.22 Gb Free Space | 53.57% Space Free | Partition Type: NTFS
Drive N: | 680.37 Gb Total Space | 201.90 Gb Free Space | 29.67% Space Free | Partition Type: NTFS
Drive P: | 56.35 Gb Total Space | 19.46 Gb Free Space | 34.53% Space Free | Partition Type: NTFS

Computer Name: DAVES_COMPUTER
Current User Name: dave
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/05 16:02:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dave\Desktop\OTL.exe
PRC - [2010/07/26 17:59:43 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/19 10:22:27 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010/04/16 16:24:32 | 000,024,576 | ---- | M] () -- C:\Program Files\FedEx\ShipManager\BIN\AdminService.exe
PRC - [2010/04/16 16:23:58 | 000,007,168 | ---- | M] (FedEx Corporation) -- C:\Program Files\FedEx\ShipManager\BIN\FedEx.Gsm.Common.LoggingService.exe
PRC - [2010/04/16 16:18:08 | 000,130,352 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\FedEx\ShipManager\SQLAnywhere\Bin32\dbsrv11.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/02/22 12:19:41 | 000,224,936 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avnotify.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/12/04 14:53:48 | 000,065,536 | ---- | M] () -- C:\UPS\WSTD\WSTDMessaging.exe
PRC - [2008/12/04 14:50:00 | 000,024,576 | ---- | M] () -- C:\UPS\WSTD\UPSNA1Msgr.exe
PRC - [2008/04/13 21:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/23 01:40:14 | 000,046,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
PRC - [2006/10/22 23:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2005/05/04 00:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) -- C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe
PRC - [2005/05/03 22:07:32 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MICROSOFT SQL SERVER\80\TOOLS\BINN\sqlmangr.exe
PRC - [2004/10/14 14:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2003/06/08 04:11:36 | 000,049,152 | ---- | M] () -- C:\Program Files\Rainlendar\Rainlendar.exe
PRC - [2001/12/15 12:10:36 | 000,036,864 | ---- | M] (Zenographics) -- C:\WINDOWS\system32\zstatus.exe


========== Modules (SafeList) ==========

MOD - [2010/08/05 16:02:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dave\Desktop\OTL.exe
MOD - [2008/04/13 21:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/07/19 10:22:27 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/16 16:26:54 | 000,005,120 | ---- | M] (FedEx Corporation) [On_Demand | Stopped] -- C:\Program Files\FedEx\ShipManager\BIN\ShipEngineService.exe -- (FedExShipService)
SRV - [2010/04/16 16:26:08 | 000,006,656 | ---- | M] (FedEx Corporation) [On_Demand | Stopped] -- C:\Program Files\FedEx\ShipManager\BIN\TransEngineService.exe -- (FedExTransactionService)
SRV - [2010/04/16 16:24:32 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\FedEx\ShipManager\BIN\AdminService.exe -- (FedExAdminService)
SRV - [2010/04/16 16:23:58 | 000,007,168 | ---- | M] (FedEx Corporation) [Auto | Running] -- C:\Program Files\FedEx\ShipManager\BIN\FedEx.Gsm.Common.LoggingService.exe -- (FedExLoggingService)
SRV - [2010/04/16 16:18:08 | 000,130,352 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Program Files\FedEx\ShipManager\SQLAnywhere\Bin32\dbsrv11.exe -- (FedExShipnetDBService)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/05/04 00:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -- (MSSQL$UPSWSDBSERVER)
SRV - [2005/05/03 21:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -- (SQLAgent$UPSWSDBSERVER)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\etavaresCF\catchme.sys -- (catchme)
DRV - [2010/07/19 13:54:21 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/22 20:24:48 | 000,010,240 | ---- | M] (Number Five Software) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\STLD.SYS -- (Stld)
DRV - [2008/05/16 14:01:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/09/05 14:28:34 | 000,021,196 | ---- | M] (Number Five Software) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\n5lpt.sys -- (n5lpt.sys)
DRV - [2005/02/02 09:26:46 | 000,017,272 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eltnlpt.sys -- (ELTNLPT)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/10/28 11:28:50 | 000,017,652 | ---- | M] (Number Five Software) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\key5usb.sys -- (key5usb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2954807375-92768627-1886871889-1121\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2954807375-92768627-1886871889-1121\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2954807375-92768627-1886871889-1121\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/26 17:59:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/28 13:35:17 | 000,000,000 | ---D | M]

[2010/07/19 09:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dave\Application Data\Mozilla\Extensions
[2010/08/04 16:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dave\Application Data\Mozilla\Firefox\Profiles\80768l5f.default\extensions
[2010/07/19 09:37:21 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\dave\Application Data\Mozilla\Firefox\Profiles\80768l5f.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010/07/19 12:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dave\Application Data\Mozilla\Firefox\Profiles\80768l5f.default\extensions\LogMeInClient@logmein.com
[2010/07/19 08:53:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/08/04 16:17:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2954807375-92768627-1886871889-1121\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe (Zenographics)
O4 - HKLM..\Run: [NA1Messenger] C:\UPS\WSTD\UPSNA1Msgr.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\MICROSOFT SQL SERVER\80\TOOLS\BINN\sqlmangr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk = C:\UPS\WSTD\WSTDMessaging.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\WSTD\wstdPldReminder.exe (UPS)
O4 - Startup: C:\Documents and Settings\dave\Start Menu\Programs\Startup\Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2954807375-92768627-1886871889-1121\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2954807375-92768627-1886871889-1121\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2954807375-92768627-1886871889-1121\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2954807375-92768627-1886871889-1121\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2 68.4.16.30 68.4.8.229
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = 686-localdns.com
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/19 08:39:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/10/28 13:03:12 | 000,000,000 | R--D | M] - D:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/05 16:02:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/05 16:01:43 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\dave\Desktop\OTL.exe
[2010/08/04 16:31:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/03 11:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Desktop\missing items
[2010/08/03 10:29:08 | 000,000,000 | --SD | C] -- C:\Documents and Settings\dave\UserData
[2010/08/02 16:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Local Settings\Application Data\PCHealth
[2010/08/02 15:56:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/02 15:56:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/02 15:56:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/02 15:56:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/02 15:55:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/02 15:53:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/27 11:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Rainlendar
[2010/07/23 07:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/07/23 07:18:15 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/07/22 17:38:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Application Data\Malwarebytes
[2010/07/22 17:37:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/22 17:37:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/22 17:37:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/22 17:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/22 17:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Application Data\Windows Search
[2010/07/22 17:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Gibinsoft Shared
[2010/07/22 17:25:20 | 000,000,000 | ---D | C] -- C:\Program Files\GiPo@Utilities
[2010/07/22 17:04:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Local Settings\Application Data\Temp
[2010/07/22 17:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Local Settings\Application Data\Google
[2010/07/22 13:18:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/07/22 13:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Application Data\Avira
[2010/07/22 13:13:40 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/07/22 13:13:34 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/07/22 13:13:34 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/07/22 13:13:34 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/07/22 13:13:34 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/07/22 13:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/07/22 13:13:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/07/22 12:48:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/07/22 12:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/07/22 12:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/07/22 12:01:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/22 12:01:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2010/07/22 12:01:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2010/07/22 11:04:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Local Settings\Application Data\LogMeIn
[2010/07/22 11:04:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/07/21 11:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\Media Player Classic
[2010/07/21 11:39:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Application Data\Media Player Classic
[2010/07/20 17:42:36 | 000,434,230 | ---- | C] (Best Software Canada Ltd.) -- C:\WINDOWS\System32\PvxOdb32.dll
[2010/07/20 17:42:36 | 000,102,400 | ---- | C] (Best Software Canada Ltd.) -- C:\WINDOWS\System32\pvkiw32.dll
[2010/07/20 17:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\Best Software Canada Ltd
[2010/07/20 17:42:04 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2010/07/20 15:18:48 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2010/07/20 15:18:46 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2010/07/20 15:18:45 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2010/07/20 11:32:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ziusb
[2010/07/20 11:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\Zebra
[2010/07/20 11:28:38 | 000,010,240 | ---- | C] (Number Five Software) -- C:\WINDOWS\System32\drivers\STLD.SYS
[2010/07/20 11:28:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Number Five Software
[2010/07/20 11:28:36 | 000,021,196 | ---- | C] (Number Five Software) -- C:\WINDOWS\System32\drivers\n5lpt.sys
[2010/07/20 11:28:29 | 000,415,232 | ---- | C] (Number Five Software) -- C:\WINDOWS\System32\Scos4com.exe
[2010/07/20 11:28:29 | 000,324,096 | ---- | C] (Number Five Software) -- C:\WINDOWS\System32\Sccpanel.cpl
[2010/07/20 11:28:29 | 000,084,480 | ---- | C] (Number Five Software) -- C:\WINDOWS\System32\Scos3api.dll
[2010/07/20 11:28:28 | 000,036,864 | ---- | C] (Victor Company of Japan, Limited) -- C:\WINDOWS\System32\PCPKSEC.dll
[2010/07/20 11:28:27 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msvcr70.dll
[2010/07/20 11:28:21 | 000,109,056 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\W32cfgcr.dll
[2010/07/20 11:28:21 | 000,098,816 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\W32GR09.DLL
[2010/07/20 11:28:21 | 000,089,600 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\W32gr07.dll
[2010/07/20 11:28:21 | 000,044,032 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\W32gtser.dll
[2010/07/20 11:28:21 | 000,044,032 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\W32gesin.dll
[2010/07/20 11:28:21 | 000,038,912 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\W32gtser.exe
[2010/07/20 11:28:21 | 000,036,352 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\W32GCR40.DLL
[2010/07/20 11:28:21 | 000,026,624 | ---- | C] (Gemplus Development) -- C:\WINDOWS\System32\W32gemer.dll
[2010/07/20 11:28:21 | 000,023,040 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\W32gchan.dll
[2010/07/20 11:28:21 | 000,018,432 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\WGCR40.DLL
[2010/07/20 11:28:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Number Five
[2010/07/20 11:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\Number Five
[2010/07/19 15:04:36 | 000,125,184 | ---- | C] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\imagesrv.sys
[2010/07/19 15:04:36 | 000,005,504 | ---- | C] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\imagedrv.sys
[2010/07/19 15:04:09 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2010/07/19 15:04:07 | 001,568,768 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagX7.dll
[2010/07/19 15:04:07 | 000,476,320 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXpr7.dll
[2010/07/19 15:04:07 | 000,471,040 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXRA7.dll
[2010/07/19 15:04:07 | 000,262,144 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXR7.dll
[2010/07/19 15:04:07 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2010/07/19 15:04:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2010/07/19 15:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[2010/07/19 14:13:45 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uxtheme.backup
[2010/07/19 13:54:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/19 13:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\Softland
[2010/07/19 13:54:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Application Data\Softland
[2010/07/19 13:54:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Softland
[2010/07/19 13:54:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\My Documents\My Backup4all
[2010/07/19 12:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\UltraFXP
[2010/07/19 11:54:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2010/07/19 11:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2010/07/19 11:51:52 | 000,000,000 | ---D | C] -- C:\Program Files\FedEx
[2010/07/19 11:50:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FedEx
[2010/07/19 11:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ZUD Drivers
[2010/07/19 11:15:10 | 000,033,340 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dbmsqlgc.dll
[2010/07/19 11:15:10 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dbmsgnet.dll
[2010/07/19 11:15:09 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2010/07/19 11:14:40 | 000,000,000 | ---D | C] -- C:\Program Files\MICROSOFT SQL SERVER
[2010/07/19 11:13:55 | 000,000,000 | ---D | C] -- C:\UPS
[2010/07/19 11:10:29 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/07/19 11:09:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/07/19 11:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\My Documents\Updater5
[2010/07/19 11:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/07/19 10:59:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/07/19 10:59:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Local Settings\Application Data\Identities
[2010/07/19 10:59:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Application Data\Windows Desktop Search
[2010/07/19 10:58:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2010/07/19 10:58:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/07/19 10:58:31 | 000,023,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2010/07/19 10:58:06 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/07/19 10:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Control Panels
[2010/07/19 10:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ALM
[2010/07/19 10:39:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Local Settings\Application Data\Adobe
[2010/07/19 10:35:02 | 000,190,696 | ---- | C] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\NPSWF32_FlashUtil.exe
[2010/07/19 10:31:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/07/19 10:27:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/19 10:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/07/19 10:22:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/07/19 10:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/07/19 10:15:55 | 001,122,304 | ---- | C] (RICOH CO., LTD.) -- C:\WINDOWS\System32\Neo28dat.dll
[2010/07/19 10:15:55 | 000,815,570 | ---- | C] (RICOH CO., LTD.) -- C:\WINDOWS\System32\RC87E140.DLL
[2010/07/19 10:15:55 | 000,595,340 | ---- | C] (RICOH) -- C:\WINDOWS\System32\rpcsecl.dll
[2010/07/19 10:15:55 | 000,167,936 | ---- | C] (Ricoh Co.,Ltd.) -- C:\WINDOWS\System32\JCUI.exe
[2010/07/19 10:15:55 | 000,098,304 | ---- | C] (RICOH CO.,Ltd.) -- C:\WINDOWS\System32\RICJC32.dll
[2010/07/19 10:15:55 | 000,077,824 | ---- | C] (RICOH CO., LTD.) -- C:\WINDOWS\System32\Rc4manNT.dll
[2010/07/19 10:15:55 | 000,069,632 | ---- | C] (RICOH COMPANY,LTD.) -- C:\WINDOWS\System32\TIFmtA.dll
[2010/07/19 10:15:55 | 000,065,536 | ---- | C] (RICOH CO., LTD.) -- C:\WINDOWS\System32\RCPRINT.dll
[2010/07/19 10:15:55 | 000,061,440 | ---- | C] (RICOH COMPANY,LTD.) -- C:\WINDOWS\System32\TrackID.dll
[2010/07/19 10:15:55 | 000,057,344 | ---- | C] (RICOH Co.,Ltd.) -- C:\WINDOWS\System32\rdrvinf.dll
[2010/07/19 10:15:55 | 000,054,784 | ---- | C] (RICOH) -- C:\WINDOWS\System32\rdrvlog.dll
[2010/07/19 10:15:55 | 000,053,248 | ---- | C] (RICOH CO.,Ltd.) -- C:\WINDOWS\System32\RICDB32.dll
[2010/07/19 10:15:55 | 000,049,152 | ---- | C] (RICOH COMPANY,LTD.) -- C:\WINDOWS\System32\TIBase64.dll
[2010/07/19 10:15:55 | 000,037,376 | ---- | C] (RICOH CO.,Ltd.) -- C:\WINDOWS\System32\MFRICRES.dll
[2010/07/19 10:15:55 | 000,032,768 | ---- | C] (RICOH CO., LTD.) -- C:\WINDOWS\System32\RC00C140.dll
[2010/07/19 10:15:55 | 000,027,136 | ---- | C] (RICOH CO., LTD.) -- C:\WINDOWS\System32\RCINST.dll
[2010/07/19 10:15:53 | 000,000,000 | ---D | C] -- C:\_rpcs
[2010/07/19 10:00:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Desktop\WN10
[2010/07/19 10:00:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Desktop\WN09
[2010/07/19 10:00:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Desktop\SP11
[2010/07/19 10:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Desktop\SP10
[2010/07/19 10:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Desktop\retailer registration forms
[2010/07/19 09:59:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Desktop\resized
[2010/07/19 09:59:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Desktop\albums
[2010/07/19 09:51:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Application Data\Miranda
[2010/07/19 09:50:14 | 000,000,000 | ---D | C] -- C:\Program Files\Miranda IM
[2010/07/19 09:43:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Application Data\Macromedia
[2010/07/19 09:43:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Application Data\Adobe
[2010/07/19 09:36:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\My Documents\Downloads
[2010/07/19 09:34:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Local Settings\Application Data\Mozilla
[2010/07/19 09:34:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Application Data\Mozilla
[2010/07/19 09:19:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\SchCache
[2010/07/19 09:18:37 | 000,000,000 | ---D | C] -- C:\fc_v3
[2010/07/19 09:15:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/07/19 09:15:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/07/19 09:15:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/07/19 09:11:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/07/19 09:11:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Local Settings\Application Data\Microsoft Help
[2010/07/19 09:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/07/19 09:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/07/19 09:11:18 | 000,000,000 | R--D | C] -- C:\MSOCache
[2010/07/19 09:09:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Local Settings\Application Data\Symantec
[2010/07/19 09:08:46 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\capicom.dll
[2010/07/19 09:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/07/19 09:08:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/07/19 09:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Application Data\Identities
[2010/07/19 09:04:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\dave\My Documents\My Pictures
[2010/07/19 09:04:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\dave\My Documents\My Music
[2010/07/19 09:04:39 | 000,000,000 | --SD | C] -- C:\Documents and Settings\dave\Application Data\Microsoft
[2010/07/19 09:04:39 | 000,000,000 | --SD | C] -- C:\Documents and Settings\dave\Cookies
[2010/07/19 09:04:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\dave\SendTo
[2010/07/19 09:04:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\dave\Recent
[2010/07/19 09:04:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\dave\Application Data
[2010/07/19 09:04:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\dave\Start Menu
[2010/07/19 09:04:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\dave\My Documents
[2010/07/19 09:04:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\dave\Favorites
[2010/07/19 09:04:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\dave\Templates
[2010/07/19 09:04:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\dave\PrintHood
[2010/07/19 09:04:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\dave\NetHood
[2010/07/19 09:04:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\dave\Local Settings
[2010/07/19 09:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Local Settings\Application Data\Microsoft
[2010/07/19 09:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Desktop
[2010/07/19 09:03:32 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/07/19 08:59:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2010/07/19 08:58:09 | 000,446,464 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvudisp.exe
[2010/07/19 08:58:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2010/07/19 08:58:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/07/19 08:57:58 | 000,446,464 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NVUNINST.EXE
[2010/07/19 08:57:50 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/07/19 08:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/19 08:51:02 | 001,941,504 | ---- | C] (Hewlett-Packard Corp.) -- C:\WINDOWS\System32\pcldll6l.dll
[2010/07/19 08:51:02 | 000,900,388 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\hpflash1.exe
[2010/07/19 08:51:02 | 000,229,376 | ---- | C] (Zenographics) -- C:\WINDOWS\System32\vsetup.dll
[2010/07/19 08:51:02 | 000,151,552 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\SDhp1000.DLL
[2010/07/19 08:51:02 | 000,147,456 | ---- | C] (Zenographics) -- C:\WINDOWS\System32\ZUNINST.EXE
[2010/07/19 08:51:02 | 000,090,112 | ---- | C] (Zenographics) -- C:\WINDOWS\apptune.exe
[2010/07/19 08:51:02 | 000,086,016 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\ZSPOOL.DLL
[2010/07/19 08:51:02 | 000,077,824 | ---- | C] (Zenographics) -- C:\WINDOWS\System32\zlmhp1.dll
[2010/07/19 08:51:02 | 000,073,728 | ---- | C] (Zenographics) -- C:\WINDOWS\System32\ZSHP1000.dll
[2010/07/19 08:51:02 | 000,070,656 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\Sd32.dll
[2010/07/19 08:51:02 | 000,054,784 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\zPJL.dll
[2010/07/19 08:51:02 | 000,049,152 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\Zlang.dll
[2010/07/19 08:51:02 | 000,045,056 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\zpp.dll
[2010/07/19 08:51:02 | 000,036,864 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\zpppcl.dll
[2010/07/19 08:51:02 | 000,036,864 | ---- | C] (Zenographics) -- C:\WINDOWS\System32\zstatus.exe
[2010/07/19 08:51:02 | 000,028,672 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\zlm.dll
[2010/07/19 08:51:02 | 000,023,552 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\ZGDI32.DLL
[2010/07/19 08:51:02 | 000,019,456 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\ZTAG32.DLL
[2010/07/19 08:51:02 | 000,012,288 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\IMF32.DLL
[2010/07/19 08:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\hp LaserJet 1000
[2010/07/19 08:50:37 | 000,000,000 | ---D | C] -- C:\lj1488
[2010/07/19 08:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/07/19 08:48:39 | 000,145,408 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100b325.sys
[2010/07/19 08:48:39 | 000,118,784 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\Prounstl.exe
[2010/07/19 08:48:39 | 000,024,064 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\IntelNic.dll
[2010/07/19 08:48:39 | 000,000,000 | ---D | C] -- C:\drvrtmp
[2010/07/19 08:47:44 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys
[2010/07/19 08:47:42 | 000,083,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys
[2010/07/19 08:47:41 | 000,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys
[2010/07/19 08:47:39 | 000,056,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys
[2010/07/19 08:47:37 | 000,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys
[2010/07/19 08:47:35 | 000,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys
[2010/07/19 08:47:34 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmkaud.sys
[2010/07/19 08:47:32 | 000,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysaudio.sys
[2010/07/19 08:47:31 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mskssrv.sys
[2010/07/19 08:47:29 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspqm.sys
[2010/07/19 08:47:27 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspclock.sys
[2010/07/19 08:45:39 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2010/07/19 08:45:39 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys
[2010/07/19 08:45:39 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2010/07/19 08:45:39 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2010/07/19 08:45:39 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2010/07/19 08:45:39 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2010/07/19 08:45:39 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2010/07/19 08:45:39 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll
[2010/07/19 08:45:36 | 000,991,232 | ---- | C] (Sensaura) -- C:\WINDOWS\System32\virtear.dll
[2010/07/19 08:45:36 | 000,065,536 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\Audio3d.dll
[2010/07/19 08:45:36 | 000,049,152 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\DSndUp.exe
[2010/07/19 08:45:36 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2010/07/19 08:45:36 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/07/19 08:45:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\VirtualEar
[2010/07/19 08:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2010/07/19 08:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/07/19 08:45:25 | 000,765,952 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System\crlds3d.dll
[2010/07/19 08:45:25 | 000,732,928 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\senfilt.sys
[2010/07/19 08:45:25 | 000,311,296 | ---- | C] (Analog Devices Incorporated) -- C:\WINDOWS\System32\Edcrypt.dll
[2010/07/19 08:45:25 | 000,023,040 | ---- | C] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\PostProc.dll
[2010/07/19 08:45:24 | 000,000,000 | ---D | C] -- C:\dell
[2010/07/19 08:44:13 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/07/19 08:43:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/07/19 08:43:12 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/07/19 08:43:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/07/19 08:43:11 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/07/19 08:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/07/19 08:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/07/19 08:43:02 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/07/19 08:41:44 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2010/07/19 08:41:44 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2010/07/19 08:41:44 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2010/07/19 08:41:43 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2010/07/19 08:41:43 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2010/07/19 08:41:43 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2010/07/19 08:41:42 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2010/07/19 08:41:42 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2010/07/19 08:41:42 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2010/07/19 08:41:41 | 000,364,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2010/07/19 08:41:41 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2010/07/19 08:41:41 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2010/07/19 08:41:41 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2010/07/19 08:41:41 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2010/07/19 08:41:41 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2010/07/19 08:41:40 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2010/07/19 08:41:40 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2010/07/19 08:41:40 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2010/07/19 08:41:39 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2010/07/19 08:41:39 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2010/07/19 08:41:38 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2010/07/19 08:41:38 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2010/07/19 08:41:37 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2010/07/19 08:41:37 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2010/07/19 08:41:37 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2010/07/19 08:41:37 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2010/07/19 08:41:37 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2010/07/19 08:41:36 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2010/07/19 08:41:36 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2010/07/19 08:41:36 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2010/07/19 08:41:36 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2010/07/19 08:41:34 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2010/07/19 08:41:34 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2010/07/19 08:41:34 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2010/07/19 08:41:34 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2010/07/19 08:41:33 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2010/07/19 08:41:33 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2010/07/19 08:41:32 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2010/07/19 08:41:32 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2010/07/19 08:41:32 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2010/07/19 08:41:32 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2010/07/19 08:41:32 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2010/07/19 08:41:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2010/07/19 08:41:31 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2010/07/19 08:41:31 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2010/07/19 08:41:31 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2010/07/19 08:41:31 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2010/07/19 08:41:31 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2010/07/19 08:41:31 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpapi.dll
[2010/07/19 08:41:30 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2010/07/19 08:41:30 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2010/07/19 08:41:30 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2010/07/19 08:41:30 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2010/07/19 08:41:30 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2010/07/19 08:41:30 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2010/07/19 08:41:30 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2010/07/19 08:41:30 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2010/07/19 08:41:30 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2010/07/19 08:41:29 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2010/07/19 08:41:29 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2010/07/19 08:41:29 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2010/07/19 08:41:29 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2010/07/19 08:41:29 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2010/07/19 08:41:29 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2010/07/19 08:41:29 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2010/07/19 08:41:29 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2010/07/19 08:41:29 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2010/07/19 08:41:26 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seo.dll
[2010/07/19 08:41:26 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2010/07/19 08:41:26 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2010/07/19 08:41:25 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/07/19 08:41:25 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/07/19 08:41:25 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/07/19 08:41:25 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2010/07/19 08:41:25 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwnh.dll
[2010/07/19 08:41:24 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2010/07/19 08:41:24 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2010/07/19 08:41:24 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2010/07/19 08:41:24 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2010/07/19 08:41:23 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2010/07/19 08:41:22 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2010/07/19 08:41:22 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2010/07/19 08:41:22 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2010/07/19 08:41:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2010/07/19 08:41:20 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2010/07/19 08:41:20 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2010/07/19 08:41:20 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2010/07/19 08:41:20 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2010/07/19 08:41:20 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2010/07/19 08:41:20 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2010/07/19 08:41:20 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2010/07/19 08:41:19 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2010/07/19 08:41:19 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2010/07/19 08:41:19 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2010/07/19 08:41:18 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2010/07/19 08:41:18 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2010/07/19 08:41:18 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2010/07/19 08:41:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2010/07/19 08:41:17 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2010/07/19 08:41:16 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2010/07/19 08:41:15 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2010/07/19 08:41:14 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2010/07/19 08:41:14 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2010/07/19 08:41:11 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2010/07/19 08:41:11 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2010/07/19 08:41:11 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiregmv.exe
[2010/07/19 08:41:06 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2010/07/19 08:41:06 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2010/07/19 08:41:06 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2010/07/19 08:41:06 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2010/07/19 08:41:05 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2010/07/19 08:41:05 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2010/07/19 08:41:04 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2010/07/19 08:41:04 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2010/07/19 08:41:04 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2010/07/19 08:41:04 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2010/07/19 08:41:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2010/07/19 08:41:03 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2010/07/19 08:41:02 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2010/07/19 08:41:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2010/07/19 08:41:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2010/07/19 08:41:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2010/07/19 08:41:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2010/07/19 08:41:01 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2010/07/19 08:41:01 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2010/07/19 08:41:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2010/07/19 08:41:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2010/07/19 08:41:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2010/07/19 08:41:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2010/07/19 08:41:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2010/07/19 08:41:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2010/07/19 08:41:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2010/07/19 08:41:00 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2010/07/19 08:41:00 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2010/07/19 08:41:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2010/07/19 08:41:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2010/07/19 08:41:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2010/07/19 08:41:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2010/07/19 08:41:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2010/07/19 08:41:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2010/07/19 08:41:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2010/07/19 08:41:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2010/07/19 08:40:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2010/07/19 08:40:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2010/07/19 08:40:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2010/07/19 08:40:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2010/07/19 08:40:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2010/07/19 08:40:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2010/07/19 08:40:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2010/07/19 08:40:59 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2010/07/19 08:40:59 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2010/07/19 08:40:59 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2010/07/19 08:40:58 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2010/07/19 08:40:58 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2010/07/19 08:40:58 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2010/07/19 08:40:58 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2010/07/19 08:40:58 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2010/07/19 08:40:58 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2010/07/19 08:40:58 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2010/07/19 08:40:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2010/07/19 08:40:57 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2010/07/19 08:40:57 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2010/07/19 08:40:56 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2010/07/19 08:40:56 | 000,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2010/07/19 08:40:56 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2010/07/19 08:40:56 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2010/07/19 08:40:56 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2010/07/19 08:40:55 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2010/07/19 08:40:55 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2010/07/19 08:40:55 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2010/07/19 08:40:55 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2010/07/19 08:40:55 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2010/07/19 08:40:55 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2010/07/19 08:40:55 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2010/07/19 08:40:54 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2010/07/19 08:40:54 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2010/07/19 08:40:54 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2010/07/19 08:40:54 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2010/07/19 08:40:54 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2010/07/19 08:40:54 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2010/07/19 08:40:54 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2010/07/19 08:40:53 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2010/07/19 08:40:53 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2010/07/19 08:40:53 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2010/07/19 08:40:53 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2010/07/19 08:40:53 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2010/07/19 08:40:53 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2010/07/19 08:40:53 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2010/07/19 08:40:52 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2010/07/19 08:40:52 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2010/07/19 08:40:52 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2010/07/19 08:40:52 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2010/07/19 08:40:52 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2010/07/19 08:40:52 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2010/07/19 08:40:52 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2010/07/19 08:40:48 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2010/07/19 08:40:41 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2010/07/19 08:40:41 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2010/07/19 08:40:41 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2010/07/19 08:40:40 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2010/07/19 08:40:40 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2010/07/19 08:40:39 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2010/07/19 08:40:39 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2010/07/19 08:40:38 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2010/07/19 08:40:38 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2010/07/19 08:40:38 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2010/07/19 08:40:38 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2010/07/19 08:40:38 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2010/07/19 08:40:38 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2010/07/19 08:40:38 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2010/07/19 08:40:37 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2010/07/19 08:40:37 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2010/07/19 08:40:37 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2010/07/19 08:40:37 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2010/07/19 08:40:37 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2010/07/19 08:40:37 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2010/07/19 08:40:37 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2010/07/19 08:40:37 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2010/07/19 08:40:37 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2010/07/19 08:40:37 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2010/07/19 08:40:36 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2010/07/19 08:40:36 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2010/07/19 08:40:36 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2010/07/19 08:40:36 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2010/07/19 08:40:36 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2010/07/19 08:40:36 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2010/07/19 08:40:36 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2010/07/19 08:40:36 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2010/07/19 08:40:35 | 000,618,605 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4autl.dll
[2010/07/19 08:40:35 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2010/07/19 08:40:35 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2010/07/19 08:40:35 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2010/07/19 08:40:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2010/07/19 08:40:34 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2010/07/19 08:40:34 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2010/07/19 08:40:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2010/07/19 08:40:34 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2010/07/19 08:40:33 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2010/07/19 08:40:33 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010/07/19 08:40:33 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010/07/19 08:40:33 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010/07/19 08:40:33 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2010/07/19 08:40:33 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2010/07/19 08:40:32 | 000,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
[2010/07/19 08:40:29 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2010/07/19 08:40:28 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2010/07/19 08:40:27 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2010/07/19 08:40:27 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2010/07/19 08:40:27 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2010/07/19 08:40:27 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2010/07/19 08:40:27 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2010/07/19 08:40:26 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2010/07/19 08:40:25 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2010/07/19 08:40:25 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2010/07/19 08:40:25 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2010/07/19 08:40:25 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2010/07/19 08:40:24 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2010/07/19 08:40:24 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2010/07/19 08:40:24 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2010/07/19 08:40:23 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2010/07/19 08:40:23 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2010/07/19 08:40:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2010/07/19 08:40:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2010/07/19 08:40:23 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2010/07/19 08:40:22 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2010/07/19 08:40:22 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/07/19 08:40:22 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2010/07/19 08:40:22 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2010/07/19 08:40:15 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2010/07/19 08:40:14 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2010/07/19 08:40:14 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2010/07/19 08:40:14 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2010/07/19 08:40:14 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2010/07/19 08:40:13 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2010/07/19 08:40:13 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2010/07/19 08:40:13 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2010/07/19 08:40:13 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2010/07/19 08:40:13 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2010/07/19 08:40:13 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2010/07/19 08:40:13 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2010/07/19 08:40:12 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2010/07/19 08:40:12 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2010/07/19 08:40:12 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2010/07/19 08:40:11 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2010/07/19 08:40:11 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2010/07/19 08:40:11 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2010/07/19 08:40:09 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2010/07/19 08:40:08 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsnap.dll
[2010/07/19 08:40:08 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2010/07/19 08:40:08 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2010/07/19 08:40:08 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2010/07/19 08:40:07 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpadm.dll
[2010/07/19 08:40:07 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2010/07/19 08:40:07 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2010/07/19 08:40:04 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2010/07/19 08:40:03 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2010/07/19 08:40:03 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2010/07/19 08:40:03 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2010/07/19 08:40:03 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2010/07/19 08:40:03 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2010/07/19 08:40:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2010/07/19 08:40:03 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2010/07/19 08:40:02 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2010/07/19 08:40:02 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2010/07/19 08:40:02 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2010/07/19 08:40:02 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2010/07/19 08:40:02 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2010/07/19 08:40:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2010/07/19 08:40:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2010/07/19 08:40:01 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2010/07/19 08:40:01 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2010/07/19 08:40:01 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2010/07/19 08:40:01 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2010/07/19 08:40:01 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2010/07/19 08:40:01 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2010/07/19 08:40:00 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2010/07/19 08:40:00 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2010/07/19 08:40:00 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2010/07/19 08:40:00 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2010/07/19 08:40:00 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2010/07/19 08:40:00 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2010/07/19 08:40:00 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2010/07/19 08:39:59 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2010/07/19 08:39:59 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2010/07/19 08:39:59 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2010/07/19 08:39:59 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2010/07/19 08:39:59 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2010/07/19 08:39:58 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2010/07/19 08:39:58 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2010/07/19 08:39:58 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2010/07/19 08:39:58 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2010/07/19 08:39:58 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2010/07/19 08:39:58 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2010/07/19 08:39:57 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2010/07/19 08:39:57 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2010/07/19 08:39:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/07/19 08:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/07/19 08:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/07/19 08:39:05 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2010/07/19 08:38:23 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/07/19 08:38:12 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/07/19 08:38:12 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/07/19 08:38:01 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010/07/19 08:37:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010/07/19 08:37:35 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe
[2010/07/19 08:37:35 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notiflag.exe
[2010/07/19 08:37:35 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brpinfo.dll
[2010/07/19 08:37:35 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atrace.dll
[2010/07/19 08:37:35 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2010/07/19 08:37:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hcappres.dll
[2010/07/19 08:37:28 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe
[2010/07/19 08:37:27 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wb32.exe
[2010/07/19 08:37:27 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2010/07/19 08:37:27 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmevtmsg.dll
[2010/07/19 08:37:26 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acctres.dll
[2010/07/19 08:37:26 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2010/07/19 08:37:26 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe
[2010/07/19 08:37:26 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cb32.exe
[2010/07/19 08:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/07/19 08:37:23 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2010/07/19 08:37:23 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2010/07/19 08:37:23 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll
[2010/07/19 08:37:23 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoapr.dll
[2010/07/19 08:37:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2010/07/19 08:37:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2010/07/19 08:37:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icfgnt5.dll
[2010/07/19 08:37:23 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/07/19 08:37:22 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoap1.dll
[2010/07/19 08:37:22 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieinfo5.ocx
[2010/07/19 08:37:22 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wisc10.dll
[2010/07/19 08:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/07/19 08:37:20 | 000,726,078 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srchui.dll
[2010/07/19 08:37:20 | 000,058,434 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srchctls.dll
[2010/07/19 08:37:19 | 003,166,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgr3en.dll
[2010/07/19 08:37:19 | 000,851,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2010/07/19 08:37:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/07/19 08:37:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/07/19 08:37:18 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe
[2010/07/19 08:37:18 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpvis.dll
[2010/07/19 08:37:18 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2010/07/19 08:37:18 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpband.dll
[2010/07/19 08:37:17 | 000,786,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migrate.exe
[2010/07/19 08:37:17 | 000,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2010/07/19 08:37:17 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2010/07/19 08:37:17 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2010/07/19 08:37:17 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll
[2010/07/19 08:37:17 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2010/07/19 08:37:17 | 000,004,639 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2010/07/19 08:37:16 | 001,135,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2010/07/19 08:37:16 | 000,430,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2010/07/19 08:37:16 | 000,430,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2010/07/19 08:37:16 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2010/07/19 08:37:16 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng1.dll
[2010/07/19 08:37:16 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2010/07/19 08:37:16 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt1.exe
[2010/07/19 08:37:16 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2010/07/19 08:37:16 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2010/07/19 08:37:16 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2010/07/19 08:37:16 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2010/07/19 08:37:16 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2010/07/19 08:37:16 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2010/07/19 08:37:16 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2010/07/19 08:37:16 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauserv.dll
[2010/07/19 08:37:15 | 000,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgr.dll
[2010/07/19 08:37:15 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2010/07/19 08:37:15 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgrprxy.dll
[2010/07/19 08:37:15 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx2.dll
[2010/07/19 08:37:15 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2010/07/19 08:37:15 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx4.dll
[2010/07/19 08:37:15 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2010/07/19 08:37:15 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx3.dll
[2010/07/19 08:37:15 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2010/07/19 08:37:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res2.dll
[2010/07/19 08:37:14 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2eres.dll
[2010/07/19 08:37:13 | 004,256,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res.dll
[2010/07/19 08:37:13 | 000,502,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxa.dll
[2010/07/19 08:37:13 | 000,402,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2filt.dll
[2010/07/19 08:37:13 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxb.dll
[2010/07/19 08:37:13 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ae.dll
[2010/07/19 08:37:13 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ext.dll
[2010/07/19 08:37:12 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/07/19 08:37:12 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010/07/19 08:36:59 | 000,565,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobmain.dll
[2010/07/19 08:36:59 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobcomm.dll
[2010/07/19 08:36:59 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobshel.dll
[2010/07/19 08:36:59 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobweb.dll
[2010/07/19 08:36:59 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobdl.dll
[2010/07/19 08:36:58 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oobebaln.exe
[2010/07/19 08:36:58 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoobe.exe
[2010/07/19 08:36:55 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uploadm.exe
[2010/07/19 08:36:55 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2010/07/19 08:36:55 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrslv.dll
[2010/07/19 08:36:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2010/07/19 08:36:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrcdlg.dll
[2010/07/19 08:36:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2010/07/19 08:36:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\racpldlg.dll
[2010/07/19 08:36:55 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2010/07/19 08:36:55 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrdm.dll
[2010/07/19 08:36:54 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pchshell.dll
[2010/07/19 08:36:54 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pchsvc.dll
[2010/07/19 08:36:53 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/19 08:36:53 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconfig.exe
[2010/07/19 08:36:53 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hscupd.exe
[2010/07/19 08:36:52 | 000,769,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpctr.exe
[2010/07/19 08:36:52 | 000,380,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rstrui.exe
[2010/07/19 08:36:52 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2010/07/19 08:36:52 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srrstr.dll
[2010/07/19 08:36:52 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srsvc.dll
[2010/07/19 08:36:52 | 000,129,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmgr.sys
[2010/07/19 08:36:52 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltMc.exe
[2010/07/19 08:36:52 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmc.exe
[2010/07/19 08:36:52 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltlib.dll
[2010/07/19 08:36:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/07/19 08:36:51 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2010/07/19 08:36:51 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ils.dll
[2010/07/19 08:36:51 | 000,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sr.sys
[2010/07/19 08:36:51 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srclient.dll
[2010/07/19 08:36:51 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2010/07/19 08:36:51 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmdd.dll
[2010/07/19 08:36:51 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmsrvc.exe
[2010/07/19 08:36:51 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2010/07/19 08:36:51 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\isrdbg32.dll
[2010/07/19 08:36:51 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2010/07/19 08:36:51 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmmkcert.dll
[2010/07/19 08:36:50 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\callcont.dll
[2010/07/19 08:36:50 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmas.dll
[2010/07/19 08:36:50 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nac.dll
[2010/07/19 08:36:50 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2010/07/19 08:36:50 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconf.dll
[2010/07/19 08:36:50 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rrcm.dll
[2010/07/19 08:36:50 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\h323cc.dll
[2010/07/19 08:36:50 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcap32.dll
[2010/07/19 08:36:50 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmasnt.dll
[2010/07/19 08:36:49 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst120.dll
[2010/07/19 08:36:49 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmwb.dll
[2010/07/19 08:36:49 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmoldwb.dll
[2010/07/19 08:36:49 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmft.dll
[2010/07/19 08:36:49 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmchat.dll
[2010/07/19 08:36:49 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmcom.dll
[2010/07/19 08:36:49 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst123.dll
[2010/07/19 08:36:49 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\confmrsl.dll
[2010/07/19 08:36:48 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\conf.exe
[2010/07/19 08:36:48 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32.dll
[2010/07/19 08:36:48 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2010/07/19 08:36:48 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoeacct.dll
[2010/07/19 08:36:48 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32res.dll
[2010/07/19 08:36:48 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2010/07/19 08:36:48 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoert2.dll
[2010/07/19 08:36:48 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\directdb.dll
[2010/07/19 08:36:48 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabimp.dll
[2010/07/19 08:36:48 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/07/19 08:36:48 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabfind.dll
[2010/07/19 08:36:48 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabmig.exe
[2010/07/19 08:36:48 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010/07/19 08:36:47 | 000,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2010/07/19 08:36:47 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oeimport.dll
[2010/07/19 08:36:47 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msimn.exe
[2010/07/19 08:36:47 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2010/07/19 08:36:47 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetres.dll
[2010/07/19 08:36:46 | 002,479,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoeres.dll
[2010/07/19 08:36:46 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstask.dll
[2010/07/19 08:36:46 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schedsvc.dll
[2010/07/19 08:36:46 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup50.exe
[2010/07/19 08:36:46 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemig50.exe
[2010/07/19 08:36:46 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemiglib.dll
[2010/07/19 08:36:46 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2010/07/19 08:36:46 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstinit.exe
[2010/07/19 08:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010/07/19 08:36:45 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2010/07/19 08:36:45 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcfg.dll
[2010/07/19 08:36:45 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2010/07/19 08:36:45 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll
[2010/07/19 08:36:45 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2010/07/19 08:36:45 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdial.dll
[2010/07/19 08:36:45 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2010/07/19 08:36:45 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwphbk.dll
[2010/07/19 08:36:44 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdl.dll
[2010/07/19 08:36:43 | 000,554,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dao360.dll
[2010/07/19 08:36:43 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqlxmlx.dll
[2010/07/19 08:36:43 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn1.exe
[2010/07/19 08:36:43 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwhelp.dll
[2010/07/19 08:36:43 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn2.exe
[2010/07/19 08:36:43 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn.dll
[2010/07/19 08:36:43 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwutil.dll
[2010/07/19 08:36:43 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwrmind.exe
[2010/07/19 08:36:43 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetwiz.exe
[2010/07/19 08:36:42 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32.dll
[2010/07/19 08:36:42 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasql.dll
[2010/07/19 08:36:42 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaora.dll
[2010/07/19 08:36:42 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaps.dll
[2010/07/19 08:36:42 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll
[2010/07/19 08:36:42 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatl3.dll
[2010/07/19 08:36:42 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaosp.dll
[2010/07/19 08:36:42 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32r.dll
[2010/07/19 08:36:42 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxactps.dll
[2010/07/19 08:36:42 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatt.dll
[2010/07/19 08:36:42 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasqlr.dll
[2010/07/19 08:36:42 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaorar.dll
[2010/07/19 08:36:42 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaurl.dll
[2010/07/19 08:36:42 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasc.dll
[2010/07/19 08:36:42 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaer.dll
[2010/07/19 08:36:42 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaenum.dll
[2010/07/19 08:36:42 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdadc.dll
[2010/07/19 08:36:41 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2010/07/19 08:36:41 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprst.dll
[2010/07/19 08:36:41 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll
[2010/07/19 08:36:41 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll
[2010/07/19 08:36:41 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdarem.dll
[2010/07/19 08:36:41 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado27.tlb
[2010/07/19 08:36:41 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado26.tlb
[2010/07/19 08:36:41 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado25.tlb
[2010/07/19 08:36:41 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado21.tlb
[2010/07/19 08:36:41 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado20.tlb
[2010/07/19 08:36:41 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadrh15.dll
[2010/07/19 08:36:41 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msador15.dll
[2010/07/19 08:36:41 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdfmap.dll
[2010/07/19 08:36:41 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msader15.dll
[2010/07/19 08:36:41 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaddsr.dll
[2010/07/19 08:36:41 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaremr.dll
[2010/07/19 08:36:41 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprsr.dll
[2010/07/19 08:36:40 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2010/07/19 08:36:40 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadds.dll
[2010/07/19 08:36:40 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadco.dll
[2010/07/19 08:36:40 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcf.dll
[2010/07/19 08:36:40 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcs.dll
[2010/07/19 08:36:40 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcer.dll
[2010/07/19 08:36:40 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcor.dll
[2010/07/19 08:36:40 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcfr.dll
[2010/07/19 08:36:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/07/19 08:36:39 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2010/07/19 08:36:39 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hmmapi.dll
[2010/07/19 08:36:39 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedw.exe
[2010/07/19 08:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/07/19 08:36:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/07/19 08:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/07/19 08:35:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/07/19 08:35:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/07/19 08:35:40 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010/07/19 08:35:40 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/07/19 08:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/07/19 08:35:33 | 001,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2010/07/19 08:35:33 | 000,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2010/07/19 08:35:33 | 000,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2010/07/19 08:35:33 | 000,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2010/07/19 08:35:33 | 000,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2010/07/19 08:35:33 | 000,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2010/07/19 08:35:32 | 002,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2010/07/19 08:35:32 | 001,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2010/07/19 08:35:32 | 000,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2010/07/19 08:35:32 | 000,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2010/07/19 08:35:32 | 000,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2010/07/19 08:35:32 | 000,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2010/07/19 08:35:32 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2010/07/19 08:35:32 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2010/07/19 08:35:32 | 000,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2010/07/19 08:35:32 | 000,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2010/07/19 08:35:32 | 000,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2010/07/19 08:35:31 | 001,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2010/07/19 08:35:31 | 000,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2010/07/19 08:35:31 | 000,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2010/07/19 08:35:31 | 000,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2010/07/19 08:35:31 | 000,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2010/07/19 08:35:31 | 000,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2010/07/19 08:35:31 | 000,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2010/07/19 08:35:31 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2010/07/19 08:35:31 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2010/07/19 08:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2010/07/19 08:35:23 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2010/07/19 08:35:23 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2010/07/19 08:35:23 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2010/07/19 08:35:23 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2010/07/19 08:35:23 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2010/07/19 08:35:23 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2010/07/19 08:35:23 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2010/07/19 08:35:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2010/07/19 08:35:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2010/07/19 08:35:23 | 000,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll
[2010/07/19 08:35:22 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2010/07/19 08:35:22 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2010/07/19 08:35:15 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2010/07/19 08:35:15 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2010/07/19 08:35:15 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2010/07/19 08:35:15 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2010/07/19 08:35:15 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2010/07/19 08:35:15 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2010/07/19 08:35:15 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2010/07/19 08:35:15 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2010/07/19 08:35:15 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2010/07/19 08:35:15 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2010/07/19 08:35:14 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2010/07/19 08:35:14 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2010/07/19 08:35:14 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2010/07/19 08:35:14 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2010/07/19 08:35:14 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2010/07/19 08:35:14 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe
[2010/07/19 08:35:14 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2010/07/19 08:35:14 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qwinsta.exe
[2010/07/19 08:35:14 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2010/07/19 08:35:14 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe
[2010/07/19 08:35:14 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2010/07/19 08:35:14 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe
[2010/07/19 08:35:14 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2010/07/19 08:35:14 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe
[2010/07/19 08:35:14 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2010/07/19 08:35:14 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe
[2010/07/19 08:35:14 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2010/07/19 08:35:14 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe
[2010/07/19 08:35:14 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2010/07/19 08:35:14 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe
[2010/07/19 08:35:14 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2010/07/19 08:35:14 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe
[2010/07/19 08:35:14 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2010/07/19 08:35:14 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcfgex.dll
[2010/07/19 08:35:13 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2010/07/19 08:35:13 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msg.exe
[2010/07/19 08:35:13 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtsadmin.tlb
[2010/07/19 08:35:13 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2010/07/19 08:35:13 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qappsrv.exe
[2010/07/19 08:35:13 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdmodem.dll
[2010/07/19 08:35:13 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2010/07/19 08:35:13 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2010/07/19 08:35:13 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe
[2010/07/19 08:35:12 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmi2xml.dll
[2010/07/19 08:35:10 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipicmp.dll
[2010/07/19 08:35:10 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmimsg.dll
[2010/07/19 08:35:10 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmitimep.dll
[2010/07/19 08:35:10 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmtr.dll
[2010/07/19 08:35:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmt.exe
[2010/07/19 08:35:09 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll
[2010/07/19 08:35:09 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprov.dll
[2010/07/19 08:35:09 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\updprov.dll
[2010/07/19 08:35:09 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmplprov.dll
[2010/07/19 08:35:09 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.tlb
[2010/07/19 08:35:09 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trnsprov.dll
[2010/07/19 08:35:09 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fwdprov.dll
[2010/07/19 08:35:09 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpcons.dll
[2010/07/19 08:35:09 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.tlb
[2010/07/19 08:35:09 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unsecapp.exe
[2010/07/19 08:35:09 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.dll
[2010/07/19 08:35:00 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010/07/19 08:34:59 | 000,347,136 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2010/07/19 08:34:59 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2010/07/19 08:34:59 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\accwiz.exe
[2010/07/19 08:34:59 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2010/07/19 08:34:59 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2010/07/19 08:34:59 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndrec32.exe
[2010/07/19 08:34:59 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2010/07/19 08:34:59 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2010/07/19 08:34:59 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\access.cpl
[2010/07/19 08:34:59 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2010/07/19 08:34:58 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dialer.exe
[2010/07/19 08:34:58 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2010/07/19 08:34:58 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spider.exe
[2010/07/19 08:34:58 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2010/07/19 08:34:58 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2010/07/19 08:34:58 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clipbrd.exe
[2010/07/19 08:34:58 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2010/07/19 08:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2010/07/19 08:34:57 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2010/07/19 08:34:57 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rhttpaa.dll
[2010/07/19 08:34:57 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2010/07/19 08:34:57 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2010/07/19 08:34:57 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscfgwmi.dll
[2010/07/19 08:34:57 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2010/07/19 08:34:57 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsgqec.dll
[2010/07/19 08:34:57 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdtcp.sys
[2010/07/19 08:34:57 | 000,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdpipe.sys
[2010/07/19 08:34:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/07/19 08:34:56 | 002,061,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstscx.dll
[2010/07/19 08:34:56 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstsc.exe
[2010/07/19 08:34:56 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aaclient.dll
[2010/07/19 08:34:56 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2010/07/19 08:34:56 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\remotepg.dll
[2010/07/19 08:34:55 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\termsrv.dll
[2010/07/19 08:34:55 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2010/07/19 08:34:55 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdchost.dll
[2010/07/19 08:34:55 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sessmgr.exe
[2010/07/19 08:34:55 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2010/07/19 08:34:55 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwsx.dll
[2010/07/19 08:34:55 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2010/07/19 08:34:55 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdshost.exe
[2010/07/19 08:34:55 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2010/07/19 08:34:55 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpclip.exe
[2010/07/19 08:34:55 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgbkend.dll
[2010/07/19 08:34:55 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2010/07/19 08:34:55 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2010/07/19 08:34:55 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpsnd.dll
[2010/07/19 08:34:55 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2010/07/19 08:34:55 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qprocess.exe
[2010/07/19 08:34:55 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2010/07/19 08:34:55 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdsaddin.exe
[2010/07/19 08:34:55 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2010/07/19 08:34:55 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icaapi.dll
[2010/07/19 08:34:54 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2010/07/19 08:34:54 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtctm.dll
[2010/07/19 08:34:54 | 000,427,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2010/07/19 08:34:54 | 000,427,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcprx.dll
[2010/07/19 08:34:54 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2010/07/19 08:34:54 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcuiu.dll
[2010/07/19 08:34:54 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2010/07/19 08:34:54 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxoci.dll
[2010/07/19 08:34:54 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2010/07/19 08:34:54 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtclog.dll
[2010/07/19 08:34:54 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2010/07/19 08:34:54 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xolehlp.dll
[2010/07/19 08:34:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtc.exe
[2010/07/19 08:34:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010/07/19 08:34:53 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comadmin.dll
[2010/07/19 08:34:53 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.dll
[2010/07/19 08:34:53 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2010/07/19 08:34:53 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2010/07/19 08:34:53 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2010/07/19 08:34:53 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2010/07/19 08:34:53 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stclient.dll
[2010/07/19 08:34:53 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2010/07/19 08:34:53 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxlegih.dll
[2010/07/19 08:34:53 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2010/07/19 08:34:53 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxdm.dll
[2010/07/19 08:34:53 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comaddin.dll
[2010/07/19 08:34:53 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2010/07/19 08:34:53 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.exe
[2010/07/19 08:34:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcomcnfg.exe
[2010/07/19 08:34:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2010/07/19 08:34:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrereg.exe
[2010/07/19 08:34:53 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2010/07/19 08:34:53 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxex.dll
[2010/07/19 08:34:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010/07/19 08:34:52 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsvcs.dll
[2010/07/19 08:34:52 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2010/07/19 08:34:52 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrvut.dll
[2010/07/19 08:34:52 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2010/07/19 08:34:52 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrv.dll
[2010/07/19 08:34:52 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2010/07/19 08:34:52 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clbcatex.dll
[2010/07/19 08:34:52 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2010/07/19 08:34:52 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrvps.dll
[2010/07/19 08:34:52 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2010/07/19 08:34:51 | 000,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comuid.dll
[2010/07/19 08:34:51 | 000,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2010/07/19 08:34:51 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clbcatq.dll
[2010/07/19 08:34:51 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsnap.dll
[2010/07/19 08:34:51 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2010/07/19 08:34:50 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmisvc.dll
[2010/07/19 08:34:50 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprov.dll
[2010/07/19 08:34:50 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiutils.dll
[2010/07/19 08:34:50 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipjobj.dll
[2010/07/19 08:34:50 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipsess.dll
[2010/07/19 08:34:49 | 000,531,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcore.dll
[2010/07/19 08:34:49 | 000,358,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmic.exe
[2010/07/19 08:34:49 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemess.dll
[2010/07/19 08:34:49 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemupgd.dll
[2010/07/19 08:34:49 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiadap.exe
[2010/07/19 08:34:49 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.dll
[2010/07/19 08:34:49 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipcima.dll
[2010/07/19 08:34:49 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmidcprv.dll
[2010/07/19 08:34:49 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipdskq.dll
[2010/07/19 08:34:49 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiapsrv.exe
[2010/07/19 08:34:49 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemtest.exe
[2010/07/19 08:34:49 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiaprpl.dll
[2010/07/19 08:34:49 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcons.dll
[2010/07/19 08:34:49 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipiprt.dll
[2010/07/19 08:34:49 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmicookr.dll
[2010/07/19 08:34:49 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemsvc.dll
[2010/07/19 08:34:49 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemprox.dll
[2010/07/19 08:34:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiapres.dll
[2010/07/19 08:34:48 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\provthrd.dll
[2010/07/19 08:34:48 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcomn.dll
[2010/07/19 08:34:48 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntevt.dll
[2010/07/19 08:34:48 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcntl.dll
[2010/07/19 08:34:48 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\repdrvfs.dll
[2010/07/19 08:34:48 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viewprov.dll
[2010/07/19 08:34:48 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\policman.dll
[2010/07/19 08:34:48 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stdprov.dll
[2010/07/19 08:34:48 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ncprov.dll
[2010/07/19 08:34:48 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrcons.exe
[2010/07/19 08:34:47 | 001,358,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cimwin32.dll
[2010/07/19 08:34:47 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\esscli.dll
[2010/07/19 08:34:47 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\framedyn.dll
[2010/07/19 08:34:47 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofd.dll
[2010/07/19 08:34:47 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\krnlprov.dll
[2010/07/19 08:34:47 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofcomp.exe
[2010/07/19 08:34:46 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmprops.dll
[2010/07/19 08:34:46 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2010/07/19 08:34:46 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2010/07/19 08:34:46 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licwmi.dll
[2010/07/19 08:34:46 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2010/07/19 08:34:46 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\servdeps.dll
[2010/07/19 08:34:46 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2010/07/19 08:34:46 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mmfutil.dll
[2010/07/19 08:34:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/07/19 01:30:46 | 006,557,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2010/07/19 01:30:46 | 006,557,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
[2010/07/19 01:30:46 | 006,108,928 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2010/07/19 01:30:10 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2010/07/19 01:29:00 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/07/19 01:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/07/19 01:28:57 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll
[2010/07/19 01:28:57 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll
[2010/07/19 01:28:56 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spttseng.dll
[2010/07/19 01:28:56 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.cpl
[2010/07/19 01:28:56 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2010/07/19 01:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010/07/19 01:28:55 | 000,741,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.dll
[2010/07/19 01:28:55 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/07/19 01:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010/07/19 01:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2010/07/19 01:28:54 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0408.dll
[2010/07/19 01:28:54 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040e.dll
[2010/07/19 01:28:54 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt041f.dll
[2010/07/19 01:28:54 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0419.dll
[2010/07/19 01:28:54 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0415.dll
[2010/07/19 01:28:54 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0405.dll
[2010/07/19 01:28:53 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2010/07/19 01:28:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdazel.dll
[2010/07/19 01:28:52 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2010/07/19 01:28:52 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2010/07/19 01:28:52 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuq.dll
[2010/07/19 01:28:52 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuf.dll
[2010/07/19 01:28:51 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2010/07/19 01:28:51 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2010/07/19 01:28:51 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2010/07/19 01:28:51 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2010/07/19 01:28:51 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2010/07/19 01:28:51 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2010/07/19 01:28:51 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2010/07/19 01:28:51 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2010/07/19 01:28:51 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2010/07/19 01:28:51 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2010/07/19 01:28:51 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2010/07/19 01:28:51 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2010/07/19 01:28:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycc.dll
[2010/07/19 01:28:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbduzb.dll
[2010/07/19 01:28:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdur.dll
[2010/07/19 01:28:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtat.dll
[2010/07/19 01:28:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru1.dll
[2010/07/19 01:28:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru.dll
[2010/07/19 01:28:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmon.dll
[2010/07/19 01:28:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkyr.dll
[2010/07/19 01:28:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkaz.dll
[2010/07/19 01:28:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbu.dll
[2010/07/19 01:28:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdblr.dll
[2010/07/19 01:28:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdaze.dll
[2010/07/19 01:28:49 | 000,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2010/07/19 01:28:49 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhept.dll
[2010/07/19 01:28:49 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2010/07/19 01:28:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela3.dll
[2010/07/19 01:28:49 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2010/07/19 01:28:49 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2010/07/19 01:28:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela2.dll
[2010/07/19 01:28:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgkl.dll
[2010/07/19 01:28:49 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2010/07/19 01:28:49 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2010/07/19 01:28:49 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2010/07/19 01:28:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe319.dll
[2010/07/19 01:28:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe220.dll
[2010/07/19 01:28:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe.dll
[2010/07/19 01:28:48 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2010/07/19 01:28:48 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2010/07/19 01:28:48 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2010/07/19 01:28:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv1.dll
[2010/07/19 01:28:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv.dll
[2010/07/19 01:28:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdest.dll
[2010/07/19 01:28:48 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2010/07/19 01:28:48 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2010/07/19 01:28:48 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt1.dll
[2010/07/19 01:28:48 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt.dll
[2010/07/19 01:28:47 | 000,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2010/07/19 01:28:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz.dll
[2010/07/19 01:28:47 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2010/07/19 01:28:47 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2010/07/19 01:28:47 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2010/07/19 01:28:47 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2010/07/19 01:28:47 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2010/07/19 01:28:47 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2010/07/19 01:28:47 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2010/07/19 01:28:47 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2010/07/19 01:28:47 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2010/07/19 01:28:47 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycl.dll
[2010/07/19 01:28:47 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl1.dll
[2010/07/19 01:28:47 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl.dll
[2010/07/19 01:28:47 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl.dll
[2010/07/19 01:28:47 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu.dll
[2010/07/19 01:28:47 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz2.dll
[2010/07/19 01:28:47 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz1.dll
[2010/07/19 01:28:47 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcr.dll
[2010/07/19 01:28:47 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdal.dll
[2010/07/19 01:28:47 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2010/07/19 01:28:47 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2010/07/19 01:28:47 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2010/07/19 01:28:47 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdro.dll
[2010/07/19 01:28:47 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl1.dll
[2010/07/19 01:28:47 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu1.dll
[2010/07/19 01:28:42 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\dgrpsetu.dll
[2010/07/19 01:28:42 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll
[2010/07/19 01:28:42 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll
[2010/07/19 01:28:42 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnclass.dll
[2010/07/19 01:28:42 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgsetup.dll
[2010/07/19 01:28:42 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll
[2010/07/19 01:28:42 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010/07/19 01:28:42 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2010/07/19 01:28:42 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2010/07/19 01:28:42 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2010/07/19 01:28:42 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010/07/19 01:28:42 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2010/07/19 01:28:42 | 000,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2010/07/19 01:28:42 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2010/07/19 01:28:42 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2010/07/19 01:28:42 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2010/07/19 01:28:42 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2010/07/19 01:28:41 | 000,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2010/07/19 01:28:41 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2010/07/19 01:28:41 | 000,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2010/07/19 01:28:41 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2010/07/19 01:28:41 | 000,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2010/07/19 01:28:41 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2010/07/19 01:28:41 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2010/07/19 01:28:41 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2010/07/19 01:28:41 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2010/07/19 01:28:41 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2010/07/19 01:28:40 | 000,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2010/07/19 01:28:40 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2010/07/19 01:28:40 | 000,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2010/07/19 01:28:40 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2010/07/19 01:28:40 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskman.exe
[2010/07/19 01:28:40 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2010/07/19 01:28:39 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINSPOOL.DRV
[2010/07/19 01:28:39 | 000,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL
[2010/07/19 01:28:39 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irenum.sys
[2010/07/19 01:28:39 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\batt.dll
[2010/07/19 01:28:39 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2010/07/19 01:28:38 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2010/07/19 01:28:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/07/19 01:28:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/07/19 01:28:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2010/07/19 01:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2010/07/19 01:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2010/07/19 01:28:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/07/19 01:28:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010/07/19 01:28:11 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/07/19 01:28:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/07/19 01:27:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010/07/19 01:27:48 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/07/19 01:23:58 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010/07/19 01:23:58 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/07/19 01:23:58 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010/07/19 01:23:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010/07/19 01:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025

========== Files - Modified Within 30 Days ==========

[2010/08/05 16:05:51 | 000,000,199 | ---- | M] () -- C:\WINDOWS\wstdUPSWSHIP.INI
[2010/08/05 16:05:17 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/08/05 16:05:12 | 000,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/05 16:04:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/05 16:04:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/05 16:04:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/05 16:04:22 | 2146,504,704 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/05 16:03:10 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\dave\ntuser.ini
[2010/08/05 16:03:09 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\dave\NTUSER.DAT
[2010/08/05 16:02:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dave\Desktop\OTL.exe
[2010/08/05 03:00:05 | 000,000,542 | ---- | M] () -- C:\WINDOWS\tasks\b4a_Dave's PC Backup.job
[2010/08/04 16:17:10 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/04 16:17:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/29 11:51:57 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/27 13:40:36 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/27 11:08:20 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\dave\Start Menu\Programs\Startup\Rainlendar.lnk
[2010/07/26 16:46:44 | 000,000,300 | ---- | M] () -- C:\Documents and Settings\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to shared-data on 'westlife' (H).lnk
[2010/07/22 18:20:27 | 004,768,656 | -H-- | M] () -- C:\Documents and Settings\dave\Local Settings\Application Data\IconCache.db
[2010/07/22 12:31:19 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/07/22 12:21:15 | 000,002,496 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2010/07/22 12:21:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\rasacd.vir
[2010/07/22 12:02:24 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2010/07/22 11:28:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\vpc32.INI
[2010/07/22 11:19:45 | 001,497,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/22 10:38:07 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\dave\Desktop\EUR SP11 SAMPLES.xls
[2010/07/20 17:47:37 | 000,001,168 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/07/20 17:42:37 | 000,004,339 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/20 11:28:16 | 000,000,662 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/20 10:34:11 | 000,049,680 | ---- | M] () -- C:\Documents and Settings\dave\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/19 13:54:21 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/07/19 12:11:29 | 000,001,009 | ---- | M] () -- C:\Documents and Settings\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\FedEx Ship Manager.lnk
[2010/07/19 12:11:07 | 000,000,587 | ---- | M] () -- C:\Documents and Settings\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\UPS WorldShip.lnk
[2010/07/19 11:19:11 | 000,000,635 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk
[2010/07/19 11:19:11 | 000,000,581 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk
[2010/07/19 11:15:19 | 000,492,184 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/19 11:15:19 | 000,434,074 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/19 11:15:19 | 000,074,178 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/19 11:15:10 | 000,001,908 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
[2010/07/19 11:13:23 | 000,002,338 | ---- | M] () -- C:\WINDOWS\System32\msrCheckResult.xml
[2010/07/19 10:58:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/19 10:38:34 | 000,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
[2010/07/19 10:15:57 | 000,000,076 | ---- | M] () -- C:\WINDOWS\ricdb.ini
[2010/07/19 10:15:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\RPCS.ini
[2010/07/19 09:46:48 | 000,000,187 | ---- | M] () -- C:\Documents and Settings\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to WD USB 2 (D).lnk
[2010/07/19 09:18:55 | 000,001,703 | ---- | M] () -- C:\Documents and Settings\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Full CircleŽ.lnk
[2010/07/19 09:07:31 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Shipping.lnk
[2010/07/19 09:06:35 | 000,001,614 | ---- | M] () -- C:\Documents and Settings\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/19 09:04:47 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/07/19 09:03:36 | 000,002,412 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/07/19 09:00:16 | 000,000,008 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/07/19 08:53:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/07/19 08:43:06 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/07/19 08:42:04 | 000,000,780 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/07/19 08:39:25 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/19 08:39:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/07/19 08:39:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/19 08:39:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2010/07/19 08:39:25 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/07/19 08:39:25 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/19 08:39:17 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/07/19 08:39:16 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/07/19 08:39:16 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/19 08:38:12 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/07/19 08:38:12 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/07/19 08:38:05 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/07/19 08:38:05 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/07/19 08:38:05 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/07/19 08:38:05 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/07/19 08:38:05 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/07/19 08:38:05 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/07/19 08:36:05 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/19 08:35:53 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/07/19 08:35:53 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2010/07/19 08:33:51 | 000,000,211 | -HS- | M] () -- C:\BOOT.BAK
[2010/07/19 01:29:04 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF

========== Files Created - No Company Name ==========

[2010/08/02 15:56:04 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/02 15:56:03 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/02 15:56:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/02 15:56:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/02 15:56:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/27 13:40:36 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/27 11:08:20 | 000,001,592 | ---- | C] () -- C:\Documents and Settings\dave\Start Menu\Programs\Startup\Rainlendar.lnk
[2010/07/26 16:46:44 | 000,000,300 | ---- | C] () -- C:\Documents and Settings\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to shared-data on 'westlife' (H).lnk
[2010/07/22 18:21:23 | 2146,504,704 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/22 12:21:15 | 000,002,496 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2010/07/22 12:21:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\rasacd.vir
[2010/07/22 12:17:10 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/07/22 12:02:23 | 000,000,211 | -HS- | C] () -- C:\BOOT.BAK
[2010/07/22 12:02:17 | 000,260,288 | RHS- | C] () -- C:\cmldr
[2010/07/22 11:28:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010/07/20 17:42:36 | 000,037,062 | ---- | C] () -- C:\WINDOWS\System32\ODBCINST.HLP
[2010/07/20 17:42:36 | 000,016,119 | ---- | C] () -- C:\WINDOWS\System32\ODBCINST.CHM
[2010/07/20 11:28:33 | 000,008,284 | ---- | C] () -- C:\WINDOWS\System32\N5lpt.vxd
[2010/07/20 11:28:29 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\Scos4prx.dll
[2010/07/19 14:14:57 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/19 13:58:31 | 000,000,542 | ---- | C] () -- C:\WINDOWS\tasks\b4a_Dave's PC Backup.job
[2010/07/19 13:54:20 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/07/19 12:11:29 | 000,001,009 | ---- | C] () -- C:\Documents and Settings\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\FedEx Ship Manager.lnk
[2010/07/19 12:11:07 | 000,000,587 | ---- | C] () -- C:\Documents and Settings\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\UPS WorldShip.lnk
[2010/07/19 11:19:20 | 000,000,199 | ---- | C] () -- C:\WINDOWS\wstdUPSWSHIP.INI
[2010/07/19 11:19:11 | 000,000,635 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk
[2010/07/19 11:19:11 | 000,000,581 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk
[2010/07/19 11:15:10 | 000,001,908 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
[2010/07/19 11:14:37 | 000,001,168 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/07/19 11:13:22 | 000,002,338 | ---- | C] () -- C:\WINDOWS\System32\msrCheckResult.xml
[2010/07/19 10:38:34 | 000,002,337 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/07/19 10:38:34 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
[2010/07/19 10:35:02 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2010/07/19 10:15:56 | 000,000,076 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2010/07/19 10:15:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2010/07/19 10:03:41 | 000,017,653 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\WestlifeCategories.xlsx
[2010/07/19 10:03:40 | 003,888,255 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\WEDDING TIMELINE.jpg
[2010/07/19 10:03:40 | 000,995,328 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\warranty3.mdb
[2010/07/19 10:03:40 | 000,514,355 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\SLI.pdf
[2010/07/19 10:03:40 | 000,075,010 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\Westlife - Online Closeouts and Price Adjustments.xlsx
[2010/07/19 10:03:40 | 000,057,856 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\SP10 Products MASTER.xls
[2010/07/19 10:03:40 | 000,055,808 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\Suspense report Westlife May 2010.xls
[2010/07/19 10:03:39 | 000,779,922 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\hscsg.pdf
[2010/07/19 10:03:39 | 000,103,988 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\Home_Occ_Permit.pdf
[2010/07/19 10:03:39 | 000,041,862 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\Rhenus Freight Billing.pdf
[2010/07/19 10:03:39 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\PRE-SET COMM INV.xls
[2010/07/19 10:03:39 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\Guest_List_Spreadsheet.xls
[2010/07/19 10:03:39 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\fill issues NRI.xls
[2010/07/19 10:03:39 | 000,011,648 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\retailer registration list.xlsx
[2010/07/19 10:03:29 | 003,916,852 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\FAQ - NEW LOGO.jpg
[2010/07/19 10:03:29 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\EUR SP11 SAMPLES.xls
[2010/07/19 10:03:28 | 003,247,327 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\Collections - NEW LOGO.jpg
[2010/07/19 10:03:28 | 001,003,430 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\Dicks TMS_user_guide.pdf
[2010/07/19 10:03:28 | 000,933,868 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\AT&T Local.pdf
[2010/07/19 10:03:28 | 000,823,996 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\AT&T Summary.pdf
[2010/07/19 10:03:28 | 000,517,959 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\Dueler AT RH-S.pdf
[2010/07/19 10:03:28 | 000,233,501 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\confMarriageApp.pdf
[2010/07/19 10:03:28 | 000,120,329 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\bill of lading.pdf
[2010/07/19 10:03:28 | 000,024,683 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\Bridgestone Dueler AT RH-S.jpg
[2010/07/19 10:03:28 | 000,012,074 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\Dicks Guidelines.docx
[2010/07/19 10:03:27 | 003,702,843 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\A La Carte NEW LOGO.jpg
[2010/07/19 10:03:27 | 002,277,888 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\686SACK.com Instructions.doc
[2010/07/19 10:03:27 | 000,651,336 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\686SACK Terms & Conditions.xlsx
[2010/07/19 09:46:48 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to WD USB 2 (D).lnk
[2010/07/19 09:18:55 | 000,001,703 | ---- | C] () -- C:\Documents and Settings\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Full CircleŽ.lnk
[2010/07/19 09:07:31 | 000,000,372 | ---- | C] () -- C:\Documents and Settings\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Shipping.lnk
[2010/07/19 09:06:35 | 000,001,614 | ---- | C] () -- C:\Documents and Settings\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/19 09:04:47 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/07/19 09:04:39 | 002,097,152 | -H-- | C] () -- C:\Documents and Settings\dave\NTUSER.DAT
[2010/07/19 09:04:39 | 000,016,384 | -H-- | C] () -- C:\Documents and Settings\dave\ntuser.dat.LOG
[2010/07/19 09:04:39 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\dave\ntuser.ini
[2010/07/19 09:03:36 | 000,002,412 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/07/19 09:00:16 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/07/19 08:58:09 | 000,186,097 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/19 08:58:09 | 000,018,070 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010/07/19 08:53:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/19 08:51:04 | 000,233,525 | ---- | C] () -- C:\WINDOWS\System32\isutil.dll
[2010/07/19 08:51:02 | 000,115,061 | ---- | C] () -- C:\WINDOWS\System32\sihp1000.img
[2010/07/19 08:51:02 | 000,007,315 | ---- | C] () -- C:\WINDOWS\System32\ZShp1000.hlp
[2010/07/19 08:51:02 | 000,001,145 | ---- | C] () -- C:\WINDOWS\System32\SDhp1000.UNZ
[2010/07/19 08:51:02 | 000,000,271 | ---- | C] () -- C:\WINDOWS\apptune.ini
[2010/07/19 08:48:41 | 000,005,110 | R--- | C] () -- C:\WINDOWS\System32\e100b325.din
[2010/07/19 08:48:39 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2010/07/19 08:43:06 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/07/19 08:42:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/19 08:41:48 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/07/19 08:41:21 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/07/19 08:41:21 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/07/19 08:41:19 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/07/19 08:41:03 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/07/19 08:41:02 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/07/19 08:40:56 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/07/19 08:40:55 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/07/19 08:40:53 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/07/19 08:40:44 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/07/19 08:40:39 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/07/19 08:40:35 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/07/19 08:40:25 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/07/19 08:40:22 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/07/19 08:40:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/07/19 08:40:21 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/07/19 08:40:21 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/07/19 08:40:21 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/07/19 08:40:21 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/07/19 08:40:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/07/19 08:40:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/07/19 08:40:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/07/19 08:40:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/07/19 08:40:20 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/07/19 08:40:20 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/07/19 08:40:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/07/19 08:40:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/07/19 08:40:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/07/19 08:40:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/07/19 08:40:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/07/19 08:40:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/07/19 08:40:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/07/19 08:40:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/07/19 08:40:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/07/19 08:40:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/07/19 08:40:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/07/19 08:40:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/07/19 08:40:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/07/19 08:40:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/07/19 08:40:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/07/19 08:40:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/07/19 08:40:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/07/19 08:40:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/07/19 08:40:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/07/19 08:40:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/07/19 08:40:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/07/19 08:40:18 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/07/19 08:40:18 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/07/19 08:40:18 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/07/19 08:40:18 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/07/19 08:40:18 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/07/19 08:40:18 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/07/19 08:40:18 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/07/19 08:40:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/07/19 08:40:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/07/19 08:40:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/07/19 08:40:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/07/19 08:40:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/07/19 08:40:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/07/19 08:40:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/07/19 08:40:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/07/19 08:40:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/07/19 08:40:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/07/19 08:40:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/07/19 08:40:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/07/19 08:40:16 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/07/19 08:40:16 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/07/19 08:40:16 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/07/19 08:40:16 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/07/19 08:40:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/07/19 08:40:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/07/19 08:40:15 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/07/19 08:40:15 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/07/19 08:39:25 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/19 08:39:25 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/07/19 08:39:25 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/07/19 08:39:25 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010/07/19 08:39:25 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010/07/19 08:39:16 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/07/19 08:39:16 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/19 08:39:15 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/07/19 08:38:12 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/07/19 08:38:12 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/07/19 08:38:05 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/07/19 08:38:05 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/07/19 08:38:05 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/07/19 08:38:05 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/07/19 08:38:05 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/07/19 08:38:05 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/07/19 08:37:48 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2010/07/19 08:37:34 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010/07/19 08:37:34 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010/07/19 08:37:28 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2010/07/19 08:36:53 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2010/07/19 08:36:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/19 08:35:17 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/07/19 08:35:17 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/07/19 08:35:17 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/07/19 08:35:17 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/07/19 08:35:17 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/07/19 08:35:17 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/07/19 08:35:16 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2010/07/19 08:35:16 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/07/19 08:35:16 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2010/07/19 08:35:16 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/07/19 08:35:16 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/07/19 08:35:16 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2010/07/19 08:35:16 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/07/19 08:35:16 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2010/07/19 08:35:16 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2010/07/19 08:35:16 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2010/07/19 08:35:16 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/07/19 08:35:15 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2010/07/19 08:35:15 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2010/07/19 08:35:14 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010/07/19 08:35:14 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010/07/19 08:35:13 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010/07/19 08:35:08 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2010/07/19 01:29:04 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2010/07/19 01:29:03 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/07/19 01:28:57 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2010/07/19 01:28:57 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2010/07/19 01:28:56 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2010/07/19 01:28:56 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2010/07/19 01:28:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
[2010/07/19 01:28:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2010/07/19 01:28:52 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls
[2010/07/19 01:28:52 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2010/07/19 01:28:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
[2010/07/19 01:28:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2010/07/19 01:28:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls
[2010/07/19 01:28:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2010/07/19 01:28:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
[2010/07/19 01:28:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2010/07/19 01:28:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls
[2010/07/19 01:28:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2010/07/19 01:28:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls
[2010/07/19 01:28:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2010/07/19 01:28:49 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls
[2010/07/19 01:28:49 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2010/07/19 01:28:49 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls
[2010/07/19 01:28:49 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2010/07/19 01:28:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls
[2010/07/19 01:28:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2010/07/19 01:28:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
[2010/07/19 01:28:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2010/07/19 01:28:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls
[2010/07/19 01:28:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2010/07/19 01:28:48 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls
[2010/07/19 01:28:48 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2010/07/19 01:28:48 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls
[2010/07/19 01:28:48 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2010/07/19 01:28:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
[2010/07/19 01:28:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2010/07/19 01:28:47 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls
[2010/07/19 01:28:47 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2010/07/19 01:28:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls
[2010/07/19 01:28:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2010/07/19 01:28:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls
[2010/07/19 01:28:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2010/07/19 01:28:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls
[2010/07/19 01:28:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2010/07/19 01:28:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
[2010/07/19 01:28:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2010/07/19 01:28:40 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/07/19 01:28:29 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/07/19 01:28:29 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/07/19 01:28:29 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/07/19 01:28:29 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/07/19 01:28:29 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/07/19 01:28:29 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/07/19 01:28:29 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/07/19 01:28:29 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/07/19 01:28:29 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/07/19 01:28:29 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/07/19 01:28:29 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/07/19 01:28:29 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/07/19 01:28:29 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/07/19 01:28:29 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/07/19 01:28:28 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/07/19 01:28:28 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2010/07/19 01:28:28 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/07/19 01:28:28 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/07/19 01:28:27 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/07/19 01:27:47 | 001,497,184 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/19 01:27:15 | 000,000,282 | RHS- | C] () -- C:\boot.ini
[2010/07/19 01:27:11 | 000,000,780 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2008/05/16 14:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 14:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/16 14:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 14:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/16 14:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/02/02 09:26:46 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\eltnlpt.sys
[2003/04/08 13:41:20 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\nssckbi.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:21654C57
< End of report >

#10 dave richards

dave richards
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 09 August 2010 - 12:20 PM

MBR Log:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000a1bd

Kernel Drivers (total 125):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF74E3000 spmh.sys
0xF7989000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF74CB000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF749D000 ACPI.sys
0xF748C000 pci.sys
0xF75F7000 isapnp.sys
0xF7A4F000 PCIIde.sys
0xF7707000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xF798B000 intelide.sys
0xF7607000 MountMgr.sys
0xF7858000 ftdisk.sys
0xF798D000 dmload.sys
0xF7832000 dmio.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF796F000 atapi.sys
0xF7627000 disk.sys
0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF794F000 fltMgr.sys
0xF7A3D000 sr.sys
0xF7A26000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF7B25000 NDIS.sys
0xF7A0C000 Mup.sys
0xF7647000 agp440.sys
0xF746C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9712000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB96FE000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7757000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB96DA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF775F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB96B6000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF7767000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF742C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF776F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7777000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF741C000 \SystemRoot\system32\DRIVERS\serial.sys
0xF793F000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB96A2000 \SystemRoot\system32\DRIVERS\parport.sys
0xF740C000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7887000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7877000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB967F000 \SystemRoot\system32\DRIVERS\ks.sys
0xB9617000 \SystemRoot\system32\drivers\smwdm.sys
0xB95F3000 \SystemRoot\system32\drivers\portcls.sys
0xBA785000 \SystemRoot\system32\drivers\drmk.sys
0xB9540000 \SystemRoot\system32\drivers\senfilt.sys
0xBA2C1000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA775000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF794B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9529000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA765000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA755000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF777F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9478000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA745000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF778F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7797000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB9408000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA705000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF799B000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB93AA000 \SystemRoot\system32\DRIVERS\update.sys
0xBA7E0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7697000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF76C7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF799F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF77A7000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF79A1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7A62000 \SystemRoot\System32\Drivers\Null.SYS
0xF79A3000 \SystemRoot\System32\Drivers\Beep.SYS
0xF77B7000 \SystemRoot\System32\drivers\vga.sys
0xF79A5000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79A7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF77BF000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77C7000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF792B000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB815F000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB8106000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB80DE000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB80BC000 \SystemRoot\System32\drivers\afd.sys
0xF747C000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF77CF000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB8041000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB7FD1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF745C000 \SystemRoot\System32\Drivers\Fips.SYS
0xB7FAB000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF744C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF77D7000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF77DF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB7F89000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF79AB000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xF77EF000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB966B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB9519000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF77F7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB7F65000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB7F25000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79E5000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB81B4000 \SystemRoot\System32\drivers\Dxapi.sys
0xF781F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7A8E000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB79F5000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB7A1A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB7770000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF79D3000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB77A5000 \??\C:\WINDOWS\system32\drivers\eltnlpt.sys
0xB75DE000 \SystemRoot\system32\DRIVERS\srv.sys
0xB7724000 \??\C:\WINDOWS\system32\Drivers\n5lpt.sys
0xB76E8000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xB76F8000 \SystemRoot\System32\Drivers\Stld.SYS
0xF780F000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xB733B000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xB7196000 \SystemRoot\system32\drivers\wdmaud.sys
0xB7698000 \SystemRoot\system32\drivers\sysaudio.sys
0xB6F24000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB6DFB000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 41):
0 System Idle Process
4 System
580 C:\WINDOWS\system32\smss.exe
644 csrss.exe
672 C:\WINDOWS\system32\winlogon.exe
716 C:\WINDOWS\system32\services.exe
728 C:\WINDOWS\system32\lsass.exe
904 C:\WINDOWS\system32\svchost.exe
980 svchost.exe
1076 C:\WINDOWS\system32\svchost.exe
1128 svchost.exe
1204 svchost.exe
1424 C:\WINDOWS\system32\spoolsv.exe
1468 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1608 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1636 C:\Program Files\Bonjour\mDNSResponder.exe
1700 C:\Program Files\FedEx\ShipManager\BIN\FedEx.Gsm.Common.LoggingService.exe
1784 C:\Program Files\FedEx\ShipManager\SQLAnywhere\Bin32\dbsrv11.exe
1832 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1956 C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe
140 C:\WINDOWS\system32\nvsvc32.exe
244 C:\WINDOWS\system32\svchost.exe
400 C:\Program Files\FedEx\ShipManager\BIN\AdminService.exe
596 C:\WINDOWS\system32\searchindexer.exe
1824 alg.exe
2324 C:\WINDOWS\explorer.exe
2700 C:\Program Files\Analog Devices\Core\smax4pnp.exe
2740 C:\WINDOWS\system32\rundll32.exe
2748 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
2812 C:\UPS\WSTD\UPSNA1Msgr.exe
2868 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3120 C:\Program Files\MICROSOFT SQL SERVER\80\TOOLS\BINN\sqlmangr.exe
3140 C:\UPS\WSTD\WSTDMessaging.exe
3232 C:\Program Files\Rainlendar\Rainlendar.exe
3400 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
3640 C:\Program Files\Mozilla Firefox\firefox.exe
3652 C:\WINDOWS\system32\zstatus.exe
4056 C:\Program Files\Avira\AntiVir Desktop\avnotify.exe
3388 C:\WINDOWS\system32\searchprotocolhost.exe
1272 searchfilterhost.exe
2916 C:\Documents and Settings\dave\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: WDCWD600BB-75CAA0, Rev: 16.06V16
PhysicalDrive1 Model Number: WD1200BB External, Rev: 0602

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
111 GB \\.\PhysicalDrive1 RE: Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: AE8A2D972741A4CF0A40B2C5E6A6A17665C62B80


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!


HAMeb Log:

C:\Documents and Settings\dave\Desktop\HAMeb_check.exe
Thu 08/05/2010 at 16:20:27.92

Account active No
Local Group Memberships

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys spmh.sys hal.dll >>UNKNOWN [0x89BC6938]<<
kernel: MBR read successfully
user & kernel MBR OK

~~ Checking for termsrv32.dll ~~

termsrv32.dll was not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~


There were no infected files found on the ESET online scan, therefore no report to output.

Thanks,
Dave

#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:01 PM

Posted 09 August 2010 - 06:23 PM


OK, almost done, except you appear to have an newer MBR rootkit infection on your D drive.

QUOTE
111 GB \\.\PhysicalDrive1 RE: Known-bad MBR code detected (Whistler / Black Internet)!


Question before we fix...what's on your D: drive? Is it a Windows XP partition you access when you boot up in C:? Is it another installation e.g. Linux, Windows 7, etc?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 dave richards

dave richards
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 09 August 2010 - 06:26 PM

My D drive is just an external hard drive. I use it as a backup for important files/pictures etc. There is no OS installations on it at all. Thanks for all your help so far!

#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:01 PM

Posted 11 August 2010 - 05:43 PM

OK, we should fix that regardless as it is carrying an infection. Do you have a backup of those files? (e.g. the originals!)


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 dave richards

dave richards
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 11 August 2010 - 05:47 PM

I do have backups of most of the files, but I do have some other stuff on there that I do not have backed up elsewhere. I can back it all up if need be. thanks

#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:01 PM

Posted 11 August 2010 - 06:23 PM

It's up to you. Occasionally rewriting the MBR can go bad. When you're ready and/or backed up:

Make sure that drive is plugged in again.
Run MBR Check.
Type Y for more options.
Type 2 to rewrite the MBR.
Type 1 for Physical Drive 1 (confirm...that should say known-bad code detected Whistler/Black Internet) and press enter.
Type 1 to select Windows XP and press enter.
Type YES and press enter.
It should say successful. Please rerun MBRCheck and post the resulting log here.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users