Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hit by a virus (Maybe Win32 Virut?)


  • This topic is locked This topic is locked
31 replies to this topic

#1 Nate555

Nate555

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 15 August 2010 - 01:05 PM

Hey all,
I finally decided to bite the bullet and post here about my most recent computer problems.

Last week, I came back from a college visit to find that my computer (Dell Dimension B110 CeleronD with WinXP Home 32bit, pretty old) had apparently been slammed by a virus. How did I know? Not only did I get the normal page redirections in Firefox and an unusually but painfully slow computer, but something was spamming my computer with HUNDREDS of processes, like drm.exe and, what I believe was drwtsn32.exe. At one point, I would turn on my computer, and 45 seconds after seeing the Welcome splash screen, there would be around 400 processes, most were those self-replicating processes.

Thinking I had this under control, I tried running various virus scanners like SuperAntiSpyware, Ad-Aware, Trend Micro's House Call, and Spybot Search and Destroy. Normally, I have the firewall disabled and I suppose I don't have an actual anti-virus software to rely on. I know, shame on me, I learned my lesson the hard way. Anyway, upon running those scans, I found that Spybot found little to nothing, SAS found a couple more, and House Call found a great deal. However, the most was Ad-Aware, which found, at one point, 6440 infections. That was also running for around 12 hours, and upon stopping the scan, would cause just that program to freeze. Among the culprits in all of those, along with some minor cookies, was something called Win32 Virut. I believe those .exe's are all still infected, as each scan from Ad-Aware freezes nowadays.

Anyway, I decided to let it go and kept my machine off for around a week until I could have more time to deal with it. It is now later, and I still can't trust it. I'm glad I still have other machines to work from, so this isn't that imperative to save, but it would be great if it could live.

After doing that work, it seems that I don't have the spamming processes any more, but my computer still crashes (like it did twice when I just tried to open a virus scan log as I am now typing this...grr), and I can't seem to activate my firewall or Task manager.

I did everything else (almost, GMER seems to keep crashing my computer?) so please let me know if there is anything else I can provide information-wise. I'm trying to consolidate the logs from my virus scans now, but they seem to like to completely crash my system when I try to open them now... tongue.gif

I severely hope I didn't screw myself over in this process of trying to do it myself, I've learned my lesson there. I apologize for the mess...

THANK YOU in advance!
-Nate

------------------------------------------------


CONTENTS OF DDS.TXT LOG


DDS (Ver_10-03-17.01) - NTFSx86
Run by NateTheGreat555 at 13:39:56.70 on Sun 08/15/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {A057A204-BACC-4D26-B2FC-48F8CCAB3ED4} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mExplorerRun: [jgyo0w] c:\docume~1\nateth~1\locals~1\temp\19aqp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ultramon.lnk - c:\found.002\dir0003.chk\{1c94c999-15d2-4c75-9a73-bcc8a677d42e}\IcoUltraMon.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\youtub~1.lnk - c:\program files\casio\youtube uploader for casio\YStart.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
TCP: {0A7F86F1-8AB6-4599-963C-5DBDE4B9164C} = 68.87.64.146
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nateth~1\applic~1\mozilla\firefox\profiles\snc4ajcv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com|youtube.com|twitter.com|youtube.com/my_videos
FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101048100&s=
FF - component: c:\documents and settings\natethegreat555\application data\mozilla\firefox\profiles\snc4ajcv.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\natethegreat555\application data\mozilla\firefox\profiles\snc4ajcv.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\natethegreat555\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\skyhook wireless\loki browser plugin\versions\3.1.0.05\nploki.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-star.net/?sid=10101048100&s=c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2010-08-15 17:31:06 0 d-----w- c:\program files\Trend Micro
2010-08-06 22:47:48 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-06 05:26:11 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-06 05:25:57 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-06 05:01:25 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-06 04:59:44 0 d-----w- c:\program files\Lavasoft
2010-08-06 04:56:38 0 d-----w- c:\docume~1\nateth~1\applic~1\SUPERAntiSpyware.com
2010-08-06 04:56:38 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-08-06 04:54:37 0 d-----w- c:\program files\SUPERAntiSpyware
2010-08-05 17:51:36 10948 ----a-w- c:\windows\system32\msrun.exe
2010-08-05 17:50:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Update
2010-08-05 17:50:37 77824 ----a-w- c:\windows\system32\drvsign.exe
2010-08-05 17:50:37 3387 ----a-w- c:\windows\system32\ndisrd.inf
2010-08-05 17:50:37 20480 ----a-w- c:\windows\system32\ndisrd.sys
2010-08-05 17:50:37 1400 ----a-w- c:\windows\system32\ndisrd_m.inf
2010-08-05 17:50:37 13824 ----a-w- c:\windows\system32\snetcfg.exe
2010-08-03 16:42:18 247296 ----a-w- c:\windows\system32\ddrkp.dll
2010-08-03 16:41:58 294912 ----a-w- c:\windows\system32\hdrkp.dll

==================== Find3M ====================

2010-08-09 02:44:59 93184 -c--a-w- c:\windows\system32\netsh.exe
2010-08-09 02:43:56 85504 -c--a-w- c:\windows\system32\diantz.exe
2010-08-09 02:42:59 66560 -c--a-w- c:\windows\amcap5a.exe
2010-08-09 02:42:59 44032 -c--a-w- c:\windows\devconex.exe
2010-08-09 02:42:59 40960 -c--a-r- c:\windows\CleanDev.exe
2010-08-09 02:42:59 32256 -c--a-r- c:\windows\amcap.exe
2010-08-09 02:42:59 17920 -c--a-w- c:\windows\hh.exe
2010-08-09 02:42:45 700416 ----a-w- C:\TkFileExplorer_2.2.exe
2010-08-09 02:42:33 868864 ----a-w- C:\PSX2PSP.exe
2010-08-09 02:37:02 864256 ----a-w- C:\gpsVPxp.exe
2010-08-08 20:14:55 233472 ----a-w- c:\windows\system32\FsUsbExService.Exe
2010-08-08 20:14:04 94208 ----a-w- c:\windows\system32\igfxtray.exe
2010-08-08 20:13:47 114688 ----a-w- c:\windows\system32\igfxpers.exe
2010-08-08 20:13:30 77824 ----a-w- c:\windows\system32\hkcmd.exe
2010-08-02 16:55:02 1524 ----a-w- c:\windows\system32\d3d8caps.dat
2010-06-02 20:06:44 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-06-02 20:06:30 29568 -c--a-w- c:\windows\system32\LMIport.dll
2010-06-02 20:06:28 87424 ----a-w- c:\windows\system32\LMIinit.dll

============= FINISH: 13:41:51.93 ===============


Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:02 PM

Posted 22 August 2010 - 04:27 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Nate555

Nate555
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 22 August 2010 - 12:35 PM

Hello there,

Don't worry about the delay, I'm simply glad that this site exists!

My computer has been off for the last week (didn't want to screw it up even more), so nothing has changed. I seem unable to open up task manager as well, and certain other parts of the control panel are unable to be opened. Oh yes, and my computer randomly crashes. That could just be because of GMER, but it shouldn't be doing that, to my knowledge...


Here is the OTL.txt log:


OTL logfile created on: 8/22/2010 1:05:55 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = I:\Bleeping Computer Help
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.00 Mb Total Physical Memory | 421.00 Mb Available Physical Memory | 55.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 8.83 Gb Free Space | 11.86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 55.87 Gb Total Space | 20.10 Gb Free Space | 35.98% Space Free | Partition Type: NTFS
Drive F: | 177.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 121.00 Mb Total Space | 33.04 Mb Free Space | 27.31% Space Free | Partition Type: FAT32

Computer Name: NATEUPSTAIRS
Current User Name: NateTheGreat555
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/22 13:00:40 | 000,583,168 | ---- | M] (OldTimer Tools) -- I:\Bleeping Computer Help\OTL.exe
PRC - [2010/06/02 16:06:20 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/06/02 16:06:16 | 000,378,248 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2010/01/27 12:22:02 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/01/27 12:22:02 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2009/10/20 01:11:52 | 000,616,712 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2009/02/16 00:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2008/08/30 19:10:42 | 001,562,381 | ---- | M] () -- C:\Program Files\iPod Access for Windows\iPAHelper.exe
PRC - [2007/06/13 06:23:07 | 001,040,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/13 14:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 14:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe


========== Modules (SafeList) ==========

MOD - [2010/08/22 13:00:40 | 000,583,168 | ---- | M] (OldTimer Tools) -- I:\Bleeping Computer Help\OTL.exe
MOD - [2004/08/04 08:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\locator.exe -- (RpcLocator) Remote Procedure Call (RPC)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - File not found [Unknown | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/12 04:55:38 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/06/02 16:06:20 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/01/27 12:22:02 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2009/06/04 18:41:22 | 000,451,904 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/04/17 17:11:00 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/02/16 00:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008/08/30 19:10:42 | 001,562,381 | ---- | M] () [Auto | Running] -- C:\Program Files\iPod Access for Windows\iPAHelper.exe -- (iPAHelper.exe)
SRV - [2007/02/05 10:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 10:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\srenum.sys -- (srenum)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ndisrd.sys -- (ndisrd)
DRV - [2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/02 16:06:44 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/27 12:22:02 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/01/27 12:22:02 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2009/08/03 10:22:58 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/07/13 17:51:12 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/05/13 12:41:02 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdm.sys -- (sscemdm)
DRV - [2009/05/13 12:41:02 | 000,090,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV - [2009/05/13 12:41:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdfl.sys -- (sscemdfl)
DRV - [2009/03/15 06:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/16 00:10:26 | 000,353,672 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/02/10 17:23:02 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2008/11/17 02:24:00 | 000,051,688 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2008/11/14 02:11:30 | 000,017,184 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2007/09/25 10:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/09/17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/06/18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/03/20 06:33:28 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/04 08:00:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004/08/04 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2003/11/30 22:54:20 | 000,043,136 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/11/17 18:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 18:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/10/15 18:52:50 | 000,174,530 | R--- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov519vid.sys -- (ovt519)
DRV - [2002/09/30 19:32:32 | 000,014,604 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/17 16:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 12:49:00 | 000,075,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atimpae.sys -- (atirage3)
DRV - [2001/08/09 22:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS -- (Eplpdx02)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1343024091-57989841-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-1343024091-57989841-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1343024091-57989841-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com|youtube.com|twitter.com|youtube.com/my_videos"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: extension@openitonline.com:2.7
FF - prefs.js..extensions.enabledItems: {2f17f610-5e97-4fed-828f-9940b7b577a4}:1.5.1
FF - prefs.js..extensions.enabledItems: {2832ABCD-4444-1012-2D45-132D5447C445}:1.0.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..keyword.URL: "http://search.search-star.net/?sid=10101048100&s="

FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - user.js..keyword.URL: "http://search.search-star.net/?sid=10101048100&s="

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/06/28 17:25:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/02 12:51:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/02 13:01:05 | 000,000,000 | ---D | M]

[2009/04/16 18:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NateTheGreat555\Application Data\Mozilla\Extensions
[2010/08/08 16:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NateTheGreat555\Application Data\Mozilla\Firefox\Profiles\snc4ajcv.default\extensions
[2010/03/21 13:10:14 | 000,000,000 | ---D | M] (Beemp3 Search ToolBar) -- C:\Documents and Settings\NateTheGreat555\Application Data\Mozilla\Firefox\Profiles\snc4ajcv.default\extensions\{2832ABCD-4444-1012-2D45-132D5447C445}
[2010/05/27 16:01:48 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Documents and Settings\NateTheGreat555\Application Data\Mozilla\Firefox\Profiles\snc4ajcv.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
[2010/06/03 16:46:22 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\NateTheGreat555\Application Data\Mozilla\Firefox\Profiles\snc4ajcv.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/05/27 16:01:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\NateTheGreat555\Application Data\Mozilla\Firefox\Profiles\snc4ajcv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/05/27 16:01:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\NateTheGreat555\Application Data\Mozilla\Firefox\Profiles\snc4ajcv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/31 21:20:43 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\NateTheGreat555\Application Data\Mozilla\Firefox\Profiles\snc4ajcv.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/03/15 17:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NateTheGreat555\Application Data\Mozilla\Firefox\Profiles\snc4ajcv.default\extensions\extension@openitonline.com
[2010/06/13 20:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NateTheGreat555\Application Data\Mozilla\Firefox\Profiles\snc4ajcv.default\extensions\LogMeInClient@logmein.com
[2010/02/26 01:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NateTheGreat555\Application Data\Mozilla\Firefox\Profiles\snc4ajcv.default\extensions\notooltiptimeout@extensions.geckozone.org
[2010/03/15 17:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NateTheGreat555\Application Data\Mozilla\Firefox\Profiles\snc4ajcv.default\extensions\extension@openitonline.com\chrome
[2010/03/15 17:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NateTheGreat555\Application Data\Mozilla\Firefox\Profiles\snc4ajcv.default\extensions\extension@openitonline.com\components
[2010/03/15 17:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NateTheGreat555\Application Data\Mozilla\Firefox\Profiles\snc4ajcv.default\extensions\extension@openitonline.com\defaults
[2010/02/26 01:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NateTheGreat555\Application Data\Mozilla\Firefox\Profiles\snc4ajcv.default\extensions\notooltiptimeout@extensions.geckozone.org\chrome
[2009/10/19 21:12:58 | 000,004,554 | ---- | M] () -- C:\Documents and Settings\NateTheGreat555\Application Data\Mozilla\Firefox\Profiles\snc4ajcv.default\searchplugins\aim-search.xml
[2010/07/31 17:47:13 | 000,001,540 | ---- | M] () -- C:\Documents and Settings\NateTheGreat555\Application Data\Mozilla\Firefox\Profiles\snc4ajcv.default\searchplugins\swagbuckscom.xml
[2010/08/08 16:28:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/06 22:01:56 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/09/20 19:44:10 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll
[2009/10/13 18:26:02 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2010/08/05 19:06:23 | 000,416,366 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 NtKrnlpa.info
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 14377 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKU\S-1-5-21-1343024091-57989841-839522115-1004\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-B2FC-48F8CCAB3ED4} - No CLSID value found.
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1343024091-57989841-839522115-1004..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe File not found
O4 - HKU\S-1-5-21-1343024091-57989841-839522115-1004..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UltraMon.lnk = C:\found.002\dir0003.chk\{1C94C999-15D2-4C75-9A73-BCC8A677D42E}\IcoUltraMon.ico File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: jgyo0w = C:\DOCUME~1\NATETH~1\LOCALS~1\Temp\19aqp.exe File not found
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343024091-57989841-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\NateTheGreat555\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\NateTheGreat555\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/16 01:57:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [1999/05/29 04:08:54 | 000,000,061 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\##DELLD505#C\Shell - "" = Autorun
O33 - MountPoints2\##DELLD505#C\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##DELLD505#C\Shell\Open\command - "" = RECYCLER\S-8-6-72-100002732-100012942-100007137-2656.com c:\
O33 - MountPoints2\{1fea3444-547d-11de-b24a-0016761bc1ff}\Shell - "" = Autorun
O33 - MountPoints2\{1fea3444-547d-11de-b24a-0016761bc1ff}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1fea3444-547d-11de-b24a-0016761bc1ff}\Shell\Open\command - "" = RECYCLER\S-8-6-72-100002732-100012942-100007137-2656.com e:\
O33 - MountPoints2\{295742b0-f274-11de-8cf7-0016761bc1ff}\Shell\AutoRun\command - "" = E:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{295742b0-f274-11de-8cf7-0016761bc1ff}\Shell\Setup FlipShare\command - "" = E:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{389f048e-1cd0-11df-bd9d-0016761bc1ff}\Shell - "" = AutoRun
O33 - MountPoints2\{389f048e-1cd0-11df-bd9d-0016761bc1ff}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{406de14c-bb96-11de-b2d6-0016761bc1ff}\Shell - "" = AutoRun
O33 - MountPoints2\{406de14c-bb96-11de-b2d6-0016761bc1ff}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{406de14c-bb96-11de-b2d6-0016761bc1ff}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- [1999/05/29 04:08:54 | 000,082,432 | R--- | M] ()
O33 - MountPoints2\{615d3ecd-2f74-11de-bf82-0016761bc1ff}\Shell - "" = Autorun
O33 - MountPoints2\{615d3ecd-2f74-11de-bf82-0016761bc1ff}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{615d3ecd-2f74-11de-bf82-0016761bc1ff}\Shell\Open\command - "" = RECYCLER\S-8-6-72-100002732-100012942-100007137-2656.com e:\
O33 - MountPoints2\{9127c658-2dea-11de-bf80-0016761bc1ff}\Shell - "" = Autorun
O33 - MountPoints2\{9127c658-2dea-11de-bf80-0016761bc1ff}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9127c658-2dea-11de-bf80-0016761bc1ff}\Shell\Open\command - "" = RECYCLER\S-8-6-72-100002732-100012942-100007137-2656.com e:\
O33 - MountPoints2\{b23489bc-1037-11df-8155-0016761bc1ff}\Shell\AutoRun\command - "" = RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
O33 - MountPoints2\{b23489bc-1037-11df-8155-0016761bc1ff}\Shell\open\command - "" = RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/15 13:42:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NateTheGreat555\My Documents\SCAN LOGS--8-15-10
[2010/08/15 13:31:06 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/08 16:47:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ICS
[2010/08/06 08:51:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/08/06 08:51:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/08/06 01:26:11 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/08/06 01:25:57 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/08/06 01:20:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NateTheGreat555\Local Settings\Application Data\Sunbelt Software
[2010/08/06 01:01:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/08/06 00:59:44 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/08/06 00:59:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/08/06 00:56:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NateTheGreat555\Application Data\SUPERAntiSpyware.com
[2010/08/06 00:56:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/08/06 00:54:37 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/08/06 00:53:40 | 009,221,848 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\NateTheGreat555\My Documents\SUPERAntiSpyware.exe
[2010/08/06 00:52:33 | 128,750,008 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\NateTheGreat555\My Documents\Ad-AwareInstall.exe
[2010/08/05 23:31:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/08/05 23:31:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/08/05 23:31:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/05 23:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/05 23:21:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/05 13:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NateTheGreat555\Local Settings\Application Data\rthumslwr
[2010/08/05 13:52:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NateTheGreat555\Local Settings\Application Data\rgjvlhxlv
[2010/08/05 13:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NateTheGreat555\Local Settings\Application Data\xymejaobu
[2010/08/05 13:50:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/08/05 13:50:37 | 000,020,992 | ---- | C] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\snetcfg.exe
[2010/08/05 13:50:37 | 000,020,480 | ---- | C] (NT Kernel Resources) -- C:\WINDOWS\System32\ndisrd.sys
[2010/08/02 12:35:46 | 033,850,672 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\NateTheGreat555\My Documents\QuickTimeInstaller.exe
[2009/08/06 23:42:59 | 007,662,866 | ---- | C] (EffectMatrix Inc. ) -- C:\Documents and Settings\NateTheGreat555\Application Data\tvcnew.exe
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[66 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/22 13:05:24 | 000,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/08/22 13:03:32 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/08/22 13:03:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/22 13:03:12 | 000,013,724 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/22 13:03:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/22 13:03:08 | 803,262,464 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/16 00:06:19 | 011,534,336 | ---- | M] () -- C:\Documents and Settings\NateTheGreat555\ntuser.dat
[2010/08/15 23:23:00 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-57989841-839522115-1004UA.job
[2010/08/15 21:57:44 | 000,001,220 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/15 21:57:44 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/15 21:57:44 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/08/15 13:38:50 | 000,535,552 | ---- | M] () -- C:\Documents and Settings\NateTheGreat555\Desktop\dds.scr
[2010/08/15 13:31:06 | 000,002,004 | ---- | M] () -- C:\Documents and Settings\NateTheGreat555\Desktop\HiJackThis.lnk
[2010/08/10 01:21:18 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\NateTheGreat555\ntuser.ini
[2010/08/10 00:23:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-57989841-839522115-1004Core.job
[2010/08/09 10:56:55 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/08 22:45:24 | 000,306,688 | ---- | M] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2010/08/08 22:45:24 | 000,290,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winhlp32.exe
[2010/08/08 22:45:24 | 000,285,184 | ---- | M] (Hasbro Interactive) -- C:\WINDOWS\VideoSetup.exe
[2010/08/08 22:45:24 | 000,245,248 | ---- | M] (Realtime Soft Ltd) -- C:\WINDOWS\UltraMon.scr
[2010/08/08 22:45:24 | 000,052,736 | ---- | M] () -- C:\WINDOWS\UniFish3.exe
[2010/08/08 22:45:23 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2010/08/08 22:45:23 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wupdmgr.exe
[2010/08/08 22:45:23 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wpnpinst.exe
[2010/08/08 22:45:23 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xcopy.exe
[2010/08/08 22:45:23 | 000,032,768 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twunk_32.exe
[2010/08/08 22:45:23 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp1hfm.exe
[2010/08/08 22:45:23 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wpdshextautoplay.exe
[2010/08/08 22:45:23 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\taskman.exe
[2010/08/08 22:45:23 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2010/08/08 22:45:22 | 000,300,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WISPTIS.EXE
[2010/08/08 22:45:22 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WinFXDocObj.exe
[2010/08/08 22:45:22 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wjview.exe
[2010/08/08 22:45:22 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2010/08/08 22:45:22 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpstub.exe
[2010/08/08 22:45:22 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wpabaln.exe
[2010/08/08 22:45:22 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winmsd.exe
[2010/08/08 22:45:22 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winver.exe
[2010/08/08 22:45:21 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wiaacmgr.exe
[2010/08/08 22:45:21 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wextract.exe
[2010/08/08 22:45:20 | 000,105,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\verifier.exe
[2010/08/08 22:45:20 | 000,077,824 | ---- | M] ( U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrshuta.exe
[2010/08/08 22:45:20 | 000,069,632 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrprbda.exe
[2010/08/08 22:45:20 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\utilman.exe
[2010/08/08 22:45:20 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\w32tm.exe
[2010/08/08 22:45:20 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vssadmin.exe
[2010/08/08 22:45:20 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2010/08/08 22:45:20 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uwdf.exe
[2010/08/08 22:45:19 | 000,086,016 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrmlnka.exe
[2010/08/08 22:45:19 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\upnpcont.exe
[2010/08/08 22:45:19 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\unlodctr.exe
[2010/08/08 22:45:18 | 000,225,280 | ---- | M] (Realtime Soft Ltd) -- C:\WINDOWS\System32\UltraMonIndDisp.exe
[2010/08/08 22:45:18 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2010/08/08 22:45:18 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2010/08/08 22:45:18 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2010/08/08 22:45:17 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tourstart.exe
[2010/08/08 22:45:17 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\telnet.exe
[2010/08/08 22:45:17 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2010/08/08 22:45:17 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tracert6.exe
[2010/08/08 22:45:17 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe
[2010/08/08 22:45:17 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tftp.exe
[2010/08/08 22:45:17 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskman.exe
[2010/08/08 22:45:17 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2010/08/08 22:45:17 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tracert.exe
[2010/08/08 22:45:17 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcmsetup.exe
[2010/08/08 22:45:17 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\systray.exe
[2010/08/08 22:45:16 | 000,113,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sysocmgr.exe
[2010/08/08 22:45:16 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\syncapp.exe
[2010/08/08 22:45:16 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\syskey.exe
[2010/08/08 22:45:16 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\stimon.exe
[2010/08/08 22:45:16 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\subst.exe
[2010/08/08 22:45:15 | 000,688,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sstext3d.scr
[2010/08/08 22:45:15 | 000,618,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sspipes.scr
[2010/08/08 22:45:15 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ssmypics.scr
[2010/08/08 22:45:15 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ssmarque.scr
[2010/08/08 22:45:15 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ssmyst.scr
[2010/08/08 22:45:15 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ssstars.scr
[2010/08/08 22:45:14 | 000,712,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ss3dfo.scr
[2010/08/08 22:45:14 | 000,401,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ssflwbox.scr
[2010/08/08 22:45:14 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2010/08/08 22:45:14 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ssbezier.scr
[2010/08/08 22:45:10 | 000,545,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2010/08/08 22:45:10 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spnpinst.exe
[2010/08/08 22:45:09 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2010/08/08 22:45:09 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2010/08/08 22:45:09 | 000,081,920 | ---- | M] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2010/08/08 22:45:09 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2010/08/08 22:45:09 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sort.exe
[2010/08/08 22:45:09 | 000,020,992 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\snetcfg.exe
[2010/08/08 22:45:09 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\smbinst.exe
[2010/08/08 22:45:09 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2010/08/08 22:45:08 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shrpubw.exe
[2010/08/08 22:45:08 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sigverif.exe
[2010/08/08 22:45:08 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shmgrate.exe
[2010/08/08 22:45:08 | 000,040,960 | ---- | M] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2010/08/08 22:45:08 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2010/08/08 22:45:08 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\skeys.exe
[2010/08/08 22:45:08 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shutdown.exe
[2010/08/08 22:45:08 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2010/08/08 22:45:08 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sfc.exe
[2010/08/08 22:45:07 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sdbinst.exe
[2010/08/08 22:45:07 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sethc.exe
[2010/08/08 22:45:07 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sc.exe
[2010/08/08 22:45:07 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\setup.exe
[2010/08/08 22:45:07 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\savedump.exe
[2010/08/08 22:45:07 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\scrnsave.scr
[2010/08/08 22:45:06 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2010/08/08 22:45:05 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rtcshare.exe
[2010/08/08 22:45:05 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rsmui.exe
[2010/08/08 22:45:05 | 000,056,320 | ---- | M] (Microsoft Corp) -- C:\WINDOWS\System32\rsm.exe
[2010/08/08 22:45:05 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rsmsink.exe
[2010/08/08 22:45:05 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\runas.exe
[2010/08/08 22:45:05 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rsh.exe
[2010/08/08 22:45:05 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\runonce.exe
[2010/08/08 22:45:04 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\routemon.exe
[2010/08/08 22:45:04 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\route.exe
[2010/08/08 22:45:04 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rexec.exe
[2010/08/08 22:45:03 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2010/08/08 22:45:03 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\replace.exe
[2010/08/08 22:45:03 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\regsvr32.exe
[2010/08/08 22:45:03 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2010/08/08 22:45:03 | 000,011,776 | ---- | M] (Microsoft) -- C:\WINDOWS\System32\regwiz.exe
[2010/08/08 22:45:03 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\regedt32.exe
[2010/08/08 22:45:02 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2010/08/08 22:45:02 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2010/08/08 22:45:02 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rasphone.exe
[2010/08/08 22:45:02 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\reg.exe
[2010/08/08 22:45:02 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rcimlby.exe
[2010/08/08 22:45:02 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rcp.exe
[2010/08/08 22:45:02 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2010/08/08 22:45:02 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rasautou.exe
[2010/08/08 22:45:02 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rasdial.exe
[2010/08/08 22:45:02 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\recover.exe
[2010/08/08 22:45:01 | 000,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\Prounstl.exe
[2010/08/08 22:45:01 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\progman.exe
[2010/08/08 22:45:01 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2010/08/08 22:45:01 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\powercfg.exe
[2010/08/08 22:45:01 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ping6.exe
[2010/08/08 22:45:01 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2010/08/08 22:45:01 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2010/08/08 22:45:01 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ping.exe
[2010/08/08 22:45:01 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2010/08/08 22:45:01 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\proxycfg.exe
[2010/08/08 22:45:01 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\print.exe
[2010/08/08 22:45:00 | 000,427,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntvdm.exe
[2010/08/08 22:45:00 | 000,222,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\osk.exe
[2010/08/08 22:45:00 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\odbcconf.exe
[2010/08/08 22:45:00 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\packager.exe
[2010/08/08 22:45:00 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\osuninst.exe
[2010/08/08 22:45:00 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\odbcad32.exe
[2010/08/08 22:45:00 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pathping.exe
[2010/08/08 22:45:00 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\perfmon.exe
[2010/08/08 22:45:00 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pentnt.exe
[2010/08/08 22:44:59 | 000,338,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netsetup.exe
[2010/08/08 22:44:59 | 000,093,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netsh.exe
[2010/08/08 22:44:59 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nslookup.exe
[2010/08/08 22:44:59 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netstat.exe
[2010/08/08 22:44:58 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2010/08/08 22:44:58 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2010/08/08 22:44:58 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\net1.exe
[2010/08/08 22:44:58 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\narrator.exe
[2010/08/08 22:44:58 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\net.exe
[2010/08/08 22:44:58 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nbtstat.exe
[2010/08/08 22:44:58 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2010/08/08 22:44:58 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msswchx.exe
[2010/08/08 22:44:58 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nddeapir.exe
[2010/08/08 22:44:58 | 000,010,948 | ---- | M] () -- C:\WINDOWS\System32\msrun.exe
[2010/08/08 22:44:57 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2010/08/08 22:44:57 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2010/08/08 22:44:57 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msiregmv.exe
[2010/08/08 22:44:57 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mpnotify.exe
[2010/08/08 22:44:57 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2010/08/08 22:44:57 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedssync.exe
[2010/08/08 22:44:57 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mrinfo.exe
[2010/08/08 22:44:57 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mountvol.exe
[2010/08/08 22:44:56 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mmc.exe
[2010/08/08 22:44:56 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\makecab.exe
[2010/08/08 22:44:56 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\magnify.exe
[2010/08/08 22:44:56 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\migpwd.exe
[2010/08/08 22:44:56 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2010/08/08 22:44:55 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logon.scr
[2010/08/08 22:44:55 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2010/08/08 22:44:55 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lpr.exe
[2010/08/08 22:44:55 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lpq.exe
[2010/08/08 22:44:54 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jview.exe
[2010/08/08 22:44:54 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logagent.exe
[2010/08/08 22:44:54 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logman.exe
[2010/08/08 22:44:54 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipv6.exe
[2010/08/08 22:44:54 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsec6.exe
[2010/08/08 22:44:54 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lights.exe
[2010/08/08 22:44:54 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lnkstub.exe
[2010/08/08 22:44:54 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipxroute.exe
[2010/08/08 22:44:54 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jdbgmgr.exe
[2010/08/08 22:44:54 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\label.exe
[2010/08/08 22:44:54 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lodctr.exe
[2010/08/08 22:44:53 | 000,167,936 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc(6).exe
[2010/08/08 22:44:53 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxzoom.exe
[2010/08/08 22:44:53 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipconfig.exe
[2010/08/08 22:44:52 | 000,167,936 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc(5).exe
[2010/08/08 22:44:52 | 000,167,936 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc(4).exe
[2010/08/08 22:44:52 | 000,167,936 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc(3).exe
[2010/08/08 22:44:52 | 000,167,936 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc(2).exe
[2010/08/08 22:44:52 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers(6).exe
[2010/08/08 22:44:52 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers(5).exe
[2010/08/08 22:44:51 | 000,446,464 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxcfg.exe
[2010/08/08 22:44:51 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers(4).exe
[2010/08/08 22:44:51 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers(3).exe
[2010/08/08 22:44:51 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers(2).exe
[2010/08/08 22:44:51 | 000,106,496 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxext.exe
[2010/08/08 22:44:50 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2010/08/08 22:44:50 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iexpress.exe
[2010/08/08 22:44:50 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2010/08/08 22:44:49 | 000,122,880 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmudlg.exe
[2010/08/08 22:44:49 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd(6).exe
[2010/08/08 22:44:49 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd(5).exe
[2010/08/08 22:44:49 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd(4).exe
[2010/08/08 22:44:49 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd(3).exe
[2010/08/08 22:44:49 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd(2).exe
[2010/08/08 22:44:49 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\grpconv.exe
[2010/08/08 22:44:49 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\help.exe
[2010/08/08 22:44:49 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\hostname.exe
[2010/08/08 22:44:48 | 000,200,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fsquirt.exe
[2010/08/08 22:44:48 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fsutil.exe
[2010/08/08 22:44:48 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2010/08/08 22:44:48 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ftp.exe
[2010/08/08 22:44:48 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\findstr.exe
[2010/08/08 22:44:48 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fltmc.exe
[2010/08/08 22:44:48 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fontview.exe
[2010/08/08 22:44:48 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fc.exe
[2010/08/08 22:44:48 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\finger.exe
[2010/08/08 22:44:48 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\find.exe
[2010/08/08 22:44:48 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\forcedos.exe
[2010/08/08 22:44:48 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fixmapi.exe
[2010/08/08 22:44:47 | 000,200,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\eudcedit.exe
[2010/08/08 22:44:47 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\extrac32.exe
[2010/08/08 22:44:47 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\esentutl.exe
[2010/08/08 22:44:47 | 000,045,056 | ---- | M] (MK Systems CO.,LTD.) -- C:\WINDOWS\System32\EPLPUX02.EXE
[2010/08/08 22:44:47 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2010/08/08 22:44:47 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\expand.exe
[2010/08/08 22:44:47 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\eventvwr.exe
[2010/08/08 22:44:46 | 001,306,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdiag.exe
[2010/08/08 22:44:46 | 000,188,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dwwin.exe
[2010/08/08 22:44:46 | 000,086,016 | ---- | M] () -- C:\WINDOWS\System32\drvsign.exe
[2010/08/08 22:44:46 | 000,062,464 | ---- | M] () -- C:\WINDOWS\System32\dvdplay.exe
[2010/08/08 22:44:46 | 000,057,344 | ---- | M] (Analog Devices Inc.) -- C:\WINDOWS\System32\DSndUp.exe
[2010/08/08 22:44:46 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drwtsn32.exe
[2010/08/08 22:44:46 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dvdupgrd.exe
[2010/08/08 22:44:45 | 000,257,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drmupgds.exe
[2010/08/08 22:44:45 | 000,090,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dpvsetup.exe
[2010/08/08 22:44:45 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2010/08/08 22:44:45 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dplaysvr.exe
[2010/08/08 22:44:45 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnsvr.exe
[2010/08/08 22:44:45 | 000,023,040 | ---- | M] (Microsoft Corp.) -- C:\WINDOWS\System32\dmremote.exe
[2010/08/08 22:44:45 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\doskey.exe
[2010/08/08 22:44:45 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllhst3g.exe
[2010/08/08 22:44:44 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt1.exe
[2010/08/08 22:44:44 | 000,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wscript.exe
[2010/08/08 22:44:44 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2010/08/08 22:44:44 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wupdmgr.exe
[2010/08/08 22:44:44 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wpnpinst.exe
[2010/08/08 22:44:44 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wpabaln.exe
[2010/08/08 22:44:44 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xcopy.exe
[2010/08/08 22:44:44 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wscntfy.exe
[2010/08/08 22:44:44 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2010/08/08 22:44:43 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiapsrv.exe
[2010/08/08 22:44:43 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2010/08/08 22:44:43 | 000,071,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2010/08/08 22:44:43 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmt.exe
[2010/08/08 22:44:43 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmsd.exe
[2010/08/08 22:44:43 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winver.exe
[2010/08/08 22:44:42 | 000,509,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winlogon.exe
[2010/08/08 22:44:42 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiaacmgr.exe
[2010/08/08 22:44:42 | 000,290,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winhlp32.exe
[2010/08/08 22:44:42 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemtest.exe
[2010/08/08 22:44:42 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wextract.exe
[2010/08/08 22:44:42 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winhstb.exe
[2010/08/08 22:44:41 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vssvc.exe
[2010/08/08 22:44:41 | 000,105,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\verifier.exe
[2010/08/08 22:44:41 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\utilman.exe
[2010/08/08 22:44:41 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32tm.exe
[2010/08/08 22:44:41 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/08/08 22:44:41 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vssadmin.exe
[2010/08/08 22:44:41 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabmig.exe
[2010/08/08 22:44:41 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ups.exe
[2010/08/08 22:44:41 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\upnpcont.exe
[2010/08/08 22:44:41 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wb32.exe
[2010/08/08 22:44:40 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uploadm.exe
[2010/08/08 22:44:40 | 000,032,768 | ---- | M] (Twain Working Group) -- C:\WINDOWS\System32\dllcache\twunk_32.exe
[2010/08/08 22:44:40 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unsecapp.exe
[2010/08/08 22:44:40 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe
[2010/08/08 22:44:40 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2010/08/08 22:44:40 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unlodctr.exe
[2010/08/08 22:44:39 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscupgrd.exe
[2010/08/08 22:44:39 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tracert6.exe
[2010/08/08 22:44:39 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe
[2010/08/08 22:44:39 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe
[2010/08/08 22:44:39 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe
[2010/08/08 22:44:39 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tracert.exe
[2010/08/08 22:44:38 | 000,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2010/08/08 22:44:38 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tourstrt.exe
[2010/08/08 22:44:38 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskmgr.exe
[2010/08/08 22:44:38 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\telnet.exe
[2010/08/08 22:44:38 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2010/08/08 22:44:38 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2010/08/08 22:44:38 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpsvcs.exe
[2010/08/08 22:44:38 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tftp.exe
[2010/08/08 22:44:38 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskman.exe
[2010/08/08 22:44:38 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcmsetup.exe
[2010/08/08 22:44:38 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\systray.exe
[2010/08/08 22:44:37 | 000,113,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysocmgr.exe
[2010/08/08 22:44:37 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\syncapp.exe
[2010/08/08 22:44:37 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\syskey.exe
[2010/08/08 22:44:36 | 000,688,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sstext3d.scr
[2010/08/08 22:44:36 | 000,618,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspipes.scr
[2010/08/08 22:44:36 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssmypics.scr
[2010/08/08 22:44:36 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssmyst.scr
[2010/08/08 22:44:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stimon.exe
[2010/08/08 22:44:36 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svchost.exe
[2010/08/08 22:44:36 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssstars.scr
[2010/08/08 22:44:36 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\subst.exe
[2010/08/08 22:44:35 | 000,712,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ss3dfo.scr
[2010/08/08 22:44:35 | 000,545,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spider.exe
[2010/08/08 22:44:35 | 000,401,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssflwbox.scr
[2010/08/08 22:44:35 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe
[2010/08/08 22:44:35 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssmarque.scr
[2010/08/08 22:44:35 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssbezier.scr
[2010/08/08 22:44:35 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spnpinst.exe
[2010/08/08 22:44:34 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2010/08/08 22:44:34 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2010/08/08 22:44:34 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndrec32.exe
[2010/08/08 22:44:34 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smlogsvc.exe
[2010/08/08 22:44:34 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2010/08/08 22:44:34 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2010/08/08 22:44:34 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\skeys.exe
[2010/08/08 22:44:34 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sort.exe
[2010/08/08 22:44:34 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2010/08/08 22:44:34 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbinst.exe
[2010/08/08 22:44:33 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shrpubw.exe
[2010/08/08 22:44:33 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sigverif.exe
[2010/08/08 22:44:33 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2010/08/08 22:44:33 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shmgrate.exe
[2010/08/08 22:44:33 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shutdown.exe
[2010/08/08 22:44:33 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2010/08/08 22:44:33 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe
[2010/08/08 22:44:33 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sfc.exe
[2010/08/08 22:44:32 | 001,676,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe
[2010/08/08 22:44:32 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sessmgr.exe
[2010/08/08 22:44:32 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup50.exe
[2010/08/08 22:44:32 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sethc.exe
[2010/08/08 22:44:32 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup.exe
[2010/08/08 22:44:31 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scardsvr.exe
[2010/08/08 22:44:31 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sdbinst.exe
[2010/08/08 22:44:31 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrcons.exe
[2010/08/08 22:44:31 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\savedump.exe
[2010/08/08 22:44:31 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrnsave.scr
[2010/08/08 22:44:30 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rsvp.exe
[2010/08/08 22:44:30 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rtcshare.exe
[2010/08/08 22:44:30 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2010/08/08 22:44:30 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2010/08/08 22:44:30 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\runas.exe
[2010/08/08 22:44:30 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe
[2010/08/08 22:44:30 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\runonce.exe
[2010/08/08 22:44:29 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rstrui.exe
[2010/08/08 22:44:29 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rsmui.exe
[2010/08/08 22:44:29 | 000,056,320 | ---- | M] (Microsoft Corp) -- C:\WINDOWS\System32\dllcache\rsm.exe
[2010/08/08 22:44:29 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rsmsink.exe
[2010/08/08 22:44:29 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rsh.exe
[2010/08/08 22:44:28 | 000,153,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regedit.exe
[2010/08/08 22:44:28 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe
[2010/08/08 22:44:28 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\routemon.exe
[2010/08/08 22:44:28 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\route.exe
[2010/08/08 22:44:28 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2010/08/08 22:44:28 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rexec.exe
[2010/08/08 22:44:28 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\replace.exe
[2010/08/08 22:44:28 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regsvr32.exe
[2010/08/08 22:44:28 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe
[2010/08/08 22:44:28 | 000,011,776 | ---- | M] (Microsoft) -- C:\WINDOWS\System32\dllcache\regwiz.exe
[2010/08/08 22:44:28 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regedt32.exe
[2010/08/08 22:44:27 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdshost.exe
[2010/08/08 22:44:27 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpclip.exe
[2010/08/08 22:44:27 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasphone.exe
[2010/08/08 22:44:27 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reg.exe
[2010/08/08 22:44:27 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rcimlby.exe
[2010/08/08 22:44:27 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rcp.exe
[2010/08/08 22:44:27 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdsaddin.exe
[2010/08/08 22:44:27 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasautou.exe
[2010/08/08 22:44:27 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasdial.exe
[2010/08/08 22:44:27 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\recover.exe
[2010/08/08 22:44:26 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\progman.exe
[2010/08/08 22:44:26 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe
[2010/08/08 22:44:26 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powercfg.exe
[2010/08/08 22:44:26 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qwinsta.exe
[2010/08/08 22:44:26 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qprocess.exe
[2010/08/08 22:44:26 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qappsrv.exe
[2010/08/08 22:44:26 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2010/08/08 22:44:26 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2010/08/08 22:44:26 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proxycfg.exe
[2010/08/08 22:44:26 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\print.exe
[2010/08/08 22:44:25 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2010/08/08 22:44:24 | 000,288,256 | ---- | M] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2010/08/08 22:44:24 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\packager.exe
[2010/08/08 22:44:24 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\osuninst.exe
[2010/08/08 22:44:24 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ping6.exe
[2010/08/08 22:44:24 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pathping.exe
[2010/08/08 22:44:24 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ping.exe
[2010/08/08 22:44:24 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perfmon.exe
[2010/08/08 22:44:24 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pentnt.exe
[2010/08/08 22:44:23 | 000,427,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntvdm.exe
[2010/08/08 22:44:23 | 000,222,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\osk.exe
[2010/08/08 22:44:23 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\odbcconf.exe
[2010/08/08 22:44:23 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemig50.exe
[2010/08/08 22:44:23 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oobebaln.exe
[2010/08/08 22:44:23 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\odbcad32.exe
[2010/08/08 22:44:23 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntsd.exe
[2010/08/08 22:44:22 | 000,338,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netsetup.exe
[2010/08/08 22:44:22 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netdde.exe
[2010/08/08 22:44:22 | 000,093,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netsh.exe
[2010/08/08 22:44:22 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nslookup.exe
[2010/08/08 22:44:22 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notepad.exe
[2010/08/08 22:44:22 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netstat.exe
[2010/08/08 22:44:22 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notiflag.exe
[2010/08/08 22:44:22 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nppagent.exe
[2010/08/08 22:44:21 | 000,414,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstsc.exe
[2010/08/08 22:44:21 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\net1.exe
[2010/08/08 22:44:21 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2010/08/08 22:44:21 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\narrator.exe
[2010/08/08 22:44:21 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\net.exe
[2010/08/08 22:44:21 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nbtstat.exe
[2010/08/08 22:44:21 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstinit.exe
[2010/08/08 22:44:21 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msswchx.exe
[2010/08/08 22:44:21 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nddeapir.exe
[2010/08/08 22:44:20 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2010/08/08 22:44:20 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2010/08/08 22:44:20 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiexec.exe
[2010/08/08 22:44:20 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msimn.exe
[2010/08/08 22:44:20 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshta.exe
[2010/08/08 22:44:20 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiregmv.exe
[2010/08/08 22:44:20 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe
[2010/08/08 22:44:20 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoobe.exe
[2010/08/08 22:44:20 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msg.exe
[2010/08/08 22:44:19 | 003,562,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/08/08 22:44:19 | 000,165,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconfig.exe
[2010/08/08 22:44:19 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2010/08/08 22:44:19 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpnotify.exe
[2010/08/08 22:44:19 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrinfo.exe
[2010/08/08 22:44:19 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtc.exe
[2010/08/08 22:44:19 | 000,011,776 | ---- | M] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2010/08/08 22:44:18 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mmc.exe
[2010/08/08 22:44:18 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migwiz_a.exe
[2010/08/08 22:44:18 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mobsync.exe
[2010/08/08 22:44:18 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmsrvc.exe
[2010/08/08 22:44:18 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofcomp.exe
[2010/08/08 22:44:18 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mountvol.exe
[2010/08/08 22:44:17 | 000,794,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migrate.exe
[2010/08/08 22:44:17 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migwiz.exe
[2010/08/08 22:44:17 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migload.exe
[2010/08/08 22:44:17 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migisol.exe
[2010/08/08 22:44:17 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2010/08/08 22:44:16 | 000,521,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logonui.exe
[2010/08/08 22:44:16 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logon.scr
[2010/08/08 22:44:16 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\makecab.exe
[2010/08/08 22:44:16 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\magnify.exe
[2010/08/08 22:44:16 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe
[2010/08/08 22:44:16 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsass.exe
[2010/08/08 22:44:16 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpr.exe
[2010/08/08 22:44:16 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpq.exe
[2010/08/08 22:44:15 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logagent.exe
[2010/08/08 22:44:15 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\locator.exe
[2010/08/08 22:44:15 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logman.exe
[2010/08/08 22:44:15 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipconfig.exe
[2010/08/08 22:44:15 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipv6.exe
[2010/08/08 22:44:15 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsec6.exe
[2010/08/08 22:44:15 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lights.exe
[2010/08/08 22:44:15 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lnkstub.exe
[2010/08/08 22:44:15 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipxroute.exe
[2010/08/08 22:44:15 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2010/08/08 22:44:15 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\label.exe
[2010/08/08 22:44:15 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lodctr.exe
[2010/08/08 22:44:14 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2010/08/08 22:44:14 | 000,241,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2010/08/08 22:44:14 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2010/08/08 22:44:14 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2010/08/08 22:44:14 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2010/08/08 22:44:14 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetwiz.exe
[2010/08/08 22:44:13 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2010/08/08 22:44:13 | 000,315,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2010/08/08 22:44:13 | 000,213,324 | ---- | M] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/08/08 22:44:13 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2010/08/08 22:44:13 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2010/08/08 22:44:13 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2010/08/08 22:44:12 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi.exe
[2010/08/08 22:44:11 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2010/08/08 22:44:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexpress.exe
[2010/08/08 22:44:11 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedw.exe
[2010/08/08 22:44:11 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2010/08/08 22:44:10 | 000,221,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn1.exe
[2010/08/08 22:44:10 | 000,094,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn2.exe
[2010/08/08 22:44:10 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2010/08/08 22:44:10 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2010/08/08 22:44:10 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwrmind.exe
[2010/08/08 22:44:10 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hscupd.exe
[2010/08/08 22:44:10 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostname.exe
[2010/08/08 22:44:09 | 000,775,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpctr.exe
[2010/08/08 22:44:09 | 000,751,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/08/08 22:44:09 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2010/08/08 22:44:09 | 000,107,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe
[2010/08/08 22:44:09 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\grpconv.exe
[2010/08/08 22:44:09 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\help.exe
[2010/08/08 22:44:08 | 000,236,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2010/08/08 22:44:08 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2010/08/08 22:44:08 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fsutil.exe
[2010/08/08 22:44:08 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2010/08/08 22:44:08 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftp.exe
[2010/08/08 22:44:08 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2010/08/08 22:44:08 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2010/08/08 22:44:07 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2010/08/08 22:44:07 | 000,116,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2010/08/08 22:44:07 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\findstr.exe
[2010/08/08 22:44:07 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2010/08/08 22:44:07 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmc.exe
[2010/08/08 22:44:07 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontview.exe
[2010/08/08 22:44:07 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2010/08/08 22:44:07 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2010/08/08 22:44:07 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\finger.exe
[2010/08/08 22:44:07 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\find.exe
[2010/08/08 22:44:07 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\forcedos.exe
[2010/08/08 22:44:07 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fixmapi.exe
[2010/08/08 22:44:06 | 001,040,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\explorer.exe
[2010/08/08 22:44:06 | 000,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2010/08/08 22:44:06 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extrac32.exe
[2010/08/08 22:44:06 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2010/08/08 22:44:06 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2010/08/08 22:44:06 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\expand.exe
[2010/08/08 22:44:06 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fc.exe
[2010/08/08 22:44:06 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\eventvwr.exe
[2010/08/08 22:44:05 | 001,306,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxdiag.exe
[2010/08/08 22:44:05 | 000,200,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\eudcedit.exe
[2010/08/08 22:44:05 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\esentutl.exe
[2010/08/08 22:44:04 | 000,231,936 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\dllcache\dmadmin.exe
[2010/08/08 22:44:04 | 000,188,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dwwin.exe
[2010/08/08 22:44:04 | 000,090,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvsetup.exe
[2010/08/08 22:44:04 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drwtsn32.exe
[2010/08/08 22:44:04 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplaysvr.exe
[2010/08/08 22:44:04 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnsvr.exe
[2010/08/08 22:44:04 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dvdupgrd.exe
[2010/08/08 22:44:04 | 000,023,040 | ---- | M] (Microsoft Corp.) -- C:\WINDOWS\System32\dllcache\dmremote.exe
[2010/08/08 22:44:04 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dumprep.exe
[2010/08/08 22:44:04 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\doskey.exe
[2010/08/08 22:44:04 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dllhost.exe
[2010/08/08 22:44:04 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dllhst3g.exe
[2010/08/08 22:44:03 | 000,546,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dialer.exe
[2010/08/08 22:44:03 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\diskpart.exe
[2010/08/08 22:44:03 | 000,112,128 | ---- | M] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\dllcache\dfrgntfs.exe
[2010/08/08 22:44:03 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\diantz.exe
[2010/08/08 22:44:03 | 000,089,600 | ---- | M] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\dllcache\dfrgfat.exe
[2010/08/08 22:44:03 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddeshare.exe
[2010/08/08 22:44:03 | 000,032,256 | ---- | M] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\dllcache\defrag.exe
[2010/08/08 22:44:03 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\diskperf.exe
[2010/08/08 22:44:02 | 001,040,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\conf.exe
[2010/08/08 22:44:02 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cscript.exe
[2010/08/08 22:44:02 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2010/08/08 22:44:02 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\conime.exe
[2010/08/08 22:44:02 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2010/08/08 22:44:02 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ctfmon.exe
[2010/08/08 22:44:02 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convert.exe
[2010/08/08 22:44:02 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\control.exe
[2010/08/08 22:44:02 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcomcnfg.exe
[2010/08/08 22:44:01 | 000,395,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmd.exe
[2010/08/08 22:44:01 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmstp.exe
[2010/08/08 22:44:01 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmdl32.exe
[2010/08/08 22:44:01 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmmon32.exe
[2010/08/08 22:44:01 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clipsrv.exe
[2010/08/08 22:44:01 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compact.exe
[2010/08/08 22:44:01 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comp.exe
[2010/08/08 22:44:01 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.exe
[2010/08/08 22:44:01 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrereg.exe
[2010/08/08 22:44:00 | 000,487,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2010/08/08 22:44:00 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clipbrd.exe
[2010/08/08 22:44:00 | 000,071,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cleanmgr.exe
[2010/08/08 22:44:00 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2010/08/08 22:44:00 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2010/08/08 22:44:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkdsk.exe
[2010/08/08 22:44:00 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkntfs.exe
[2010/08/08 22:44:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cidaemon.exe
[2010/08/08 22:44:00 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ckcnv.exe
[2010/08/08 22:44:00 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cisvc.exe
[2010/08/08 22:43:59 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2010/08/08 22:43:59 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2010/08/08 22:43:59 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2010/08/08 22:43:59 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cacls.exe
[2010/08/08 22:43:59 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2010/08/08 22:43:59 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2010/08/08 22:43:59 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cb32.exe
[2010/08/08 22:43:59 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2010/08/08 22:43:59 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bootvrfy.exe
[2010/08/08 22:43:59 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bootok.exe
[2010/08/08 22:43:58 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\blastcln.exe
[2010/08/08 22:43:58 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2010/08/08 22:43:58 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2010/08/08 22:43:58 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\auditusr.exe
[2010/08/08 22:43:57 | 000,263,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentsvr.exe
[2010/08/08 22:43:57 | 000,190,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\accwiz.exe
[2010/08/08 22:43:57 | 000,105,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ahui.exe
[2010/08/08 22:43:57 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\alg.exe
[2010/08/08 22:43:57 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\at.exe
[2010/08/08 22:43:57 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\arp.exe
[2010/08/08 22:43:57 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2010/08/08 22:43:57 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\attrib.exe
[2010/08/08 22:43:57 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atmadm.exe
[2010/08/08 22:43:57 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\actmovie.exe
[2010/08/08 22:43:56 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\diskpart.exe
[2010/08/08 22:43:56 | 000,112,128 | ---- | M] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\dfrgntfs.exe
[2010/08/08 22:43:56 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cscript.exe
[2010/08/08 22:43:56 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\diantz.exe
[2010/08/08 22:43:56 | 000,089,600 | ---- | M] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\dfrgfat.exe
[2010/08/08 22:43:56 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ddeshare.exe
[2010/08/08 22:43:56 | 000,032,256 | ---- | M] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\defrag.exe
[2010/08/08 22:43:56 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\diskperf.exe
[2010/08/08 22:43:56 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\convert.exe
[2010/08/08 22:43:56 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2010/08/08 22:43:55 | 000,395,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
[2010/08/08 22:43:55 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmstp.exe
[2010/08/08 22:43:55 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\clspack.exe
[2010/08/08 22:43:55 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmdl32.exe
[2010/08/08 22:43:55 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmmon32.exe
[2010/08/08 22:43:55 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\conime.exe
[2010/08/08 22:43:55 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\compact.exe
[2010/08/08 22:43:55 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\comp.exe
[2010/08/08 22:43:55 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\control.exe
[2010/08/08 22:43:54 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2010/08/08 22:43:54 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2010/08/08 22:43:54 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2010/08/08 22:43:54 | 000,071,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cleanmgr.exe
[2010/08/08 22:43:54 | 000,053,248 | ---- | M] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2010/08/08 22:43:54 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cliconfg.exe
[2010/08/08 22:43:54 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cacls.exe
[2010/08/08 22:43:54 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\chkdsk.exe
[2010/08/08 22:43:54 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\chkntfs.exe
[2010/08/08 22:43:54 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ckcnv.exe
[2010/08/08 22:43:54 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\bootvrfy.exe
[2010/08/08 22:43:54 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\bootok.exe
[2010/08/08 22:43:53 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\blastcln.exe
[2010/08/08 22:43:53 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\at.exe
[2010/08/08 22:43:53 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\auditusr.exe
[2010/08/08 22:43:53 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\attrib.exe
[2010/08/08 22:43:53 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\atmadm.exe
[2010/08/08 22:43:52 | 000,190,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2010/08/08 22:43:52 | 000,105,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ahui.exe
[2010/08/08 22:43:52 | 000,082,432 | ---- | M] (Willow Software) -- C:\WINDOWS\System32\AsUninst.exe
[2010/08/08 22:43:52 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ST5UNST.EXE
[2010/08/08 22:43:52 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\arp.exe
[2010/08/08 22:43:52 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\actmovie.exe
[2010/08/08 22:43:11 | 000,040,960 | ---- | M] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2010/08/08 22:43:10 | 000,232,960 | ---- | M] (Hasbro Interactive) -- C:\WINDOWS\SCEEunin.exe
[2010/08/08 22:43:10 | 000,208,896 | R--- | M] () -- C:\WINDOWS\sel3110.exe
[2010/08/08 22:43:06 | 000,143,360 | R--- | M] (OmniVision Technologies, Inc.) -- C:\WINDOWS\ov519cap.exe
[2010/08/08 22:43:04 | 000,313,856 | ---- | M] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2010/08/08 22:43:04 | 000,126,976 | ---- | M] () -- C:\WINDOWS\lsb_un20.exe
[2010/08/08 22:42:59 | 000,073,728 | ---- | M] () -- C:\WINDOWS\amcap5a.exe
[2010/08/08 22:42:59 | 000,051,200 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\devconex.exe
[2010/08/08 22:42:59 | 000,049,152 | R--- | M] () -- C:\WINDOWS\CleanDev.exe
[2010/08/08 22:42:59 | 000,039,424 | R--- | M] () -- C:\WINDOWS\amcap.exe
[2010/08/08 22:42:45 | 000,708,608 | ---- | M] () -- C:\TkFileExplorer_2.2.exe
[2010/08/08 22:42:33 | 000,876,032 | ---- | M] () -- C:\PSX2PSP.exe
[2010/08/08 22:37:02 | 000,872,448 | ---- | M] () -- C:\gpsVPxp.exe
[2010/08/08 22:35:17 | 000,076,288 | ---- | M] (GameZelda) -- C:\Documents and Settings\NateTheGreat555\Desktop\DTBTool.exe
[2010/08/08 22:35:16 | 001,093,632 | ---- | M] () -- C:\Documents and Settings\NateTheGreat555\Desktop\CubeMedia2.exe
[2010/08/08 22:35:16 | 000,297,472 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\NateTheGreat555\Desktop\cleanup_tool.exe
[2010/08/08 22:35:16 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\NateTheGreat555\Desktop\cmp_keygen.exe
[2010/08/08 22:35:12 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\NateTheGreat555\Desktop\Blackra1n RC2.exe
[2010/08/08 16:39:19 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\NateTheGreat555\Local Settings\Application Data\housecall.guid.cache
[2010/08/08 16:14:55 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe
[2010/08/06 01:25:57 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/08/06 01:01:22 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\NateTheGreat555\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/06 01:01:22 | 000,000,907 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/08/06 00:55:23 | 000,001,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/06 00:54:32 | 128,750,008 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\NateTheGreat555\My Documents\Ad-AwareInstall.exe
[2010/08/06 00:54:06 | 009,221,848 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\NateTheGreat555\My Documents\SUPERAntiSpyware.exe
[2010/08/05 19:06:23 | 000,416,366 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/05 13:51:36 | 000,020,480 | ---- | M] (NT Kernel Resources) -- C:\WINDOWS\System32\ndisrd.sys
[2010/08/05 13:51:36 | 000,003,387 | ---- | M] () -- C:\WINDOWS\System32\ndisrd.inf
[2010/08/05 13:51:36 | 000,001,400 | ---- | M] () -- C:\WINDOWS\System32\ndisrd_m.inf
[2010/08/05 13:35:21 | 000,002,296 | ---- | M] () -- C:\Documents and Settings\NateTheGreat555\Local Settings\Application Data\d3d9caps.dat
[2010/08/04 23:50:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/03 12:42:18 | 000,247,296 | ---- | M] () -- C:\WINDOWS\System32\ddrkp.dll
[2010/08/03 12:41:58 | 000,294,912 | ---- | M] () -- C:\WINDOWS\System32\hdrkp.dll
[2010/08/02 12:57:53 | 005,839,824 | -H-- | M] () -- C:\Documents and Settings\NateTheGreat555\Local Settings\Application Data\IconCache.db
[2010/08/02 12:55:02 | 000,001,524 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/08/02 12:51:21 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/08/02 12:35:55 | 033,850,672 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\NateTheGreat555\My Documents\QuickTimeInstaller.exe
[2010/08/01 18:04:50 | 000,154,027 | ---- | M] () -- C:\Documents and Settings\NateTheGreat555\My Documents\DUCA-Bass-Guitar Pic BW+Me Colored.png
[2010/08/01 17:48:52 | 000,037,543 | ---- | M] () -- C:\Documents and Settings\NateTheGreat555\My Documents\38649_677669408016_10510003_38030786_6681976_n.jpg
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[66 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/15 13:41:41 | 000,303,616 | ---- | C] () -- C:\Documents and Settings\NateTheGreat555\Desktop\gmer.exe
[2010/08/15 13:39:52 | 000,535,552 | ---- | C] () -- C:\Documents and Settings\NateTheGreat555\Desktop\dds.scr
[2010/08/15 13:31:06 | 000,002,004 | ---- | C] () -- C:\Documents and Settings\NateTheGreat555\Desktop\HiJackThis.lnk
[2010/08/09 10:56:44 | 803,262,464 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/08 16:39:19 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\NateTheGreat555\Local Settings\Application Data\housecall.guid.cache
[2010/08/06 18:47:48 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/08/06 01:28:06 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/06 01:01:22 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\NateTheGreat555\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/06 01:01:22 | 000,000,907 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/08/06 00:55:23 | 000,001,718 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/06 00:37:38 | 000,001,980 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UltraMon.lnk
[2010/08/05 13:51:36 | 000,010,948 | ---- | C] () -- C:\WINDOWS\System32\msrun.exe
[2010/08/05 13:50:37 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\drvsign.exe
[2010/08/05 13:50:37 | 000,003,387 | ---- | C] () -- C:\WINDOWS\System32\ndisrd.inf
[2010/08/05 13:50:37 | 000,001,400 | ---- | C] () -- C:\WINDOWS\System32\ndisrd_m.inf
[2010/08/03 12:42:18 | 000,247,296 | ---- | C] () -- C:\WINDOWS\System32\ddrkp.dll
[2010/08/03 12:41:58 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\hdrkp.dll
[2010/08/02 12:51:21 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/08/01 18:04:47 | 000,154,027 | ---- | C] () -- C:\Documents and Settings\NateTheGreat555\My Documents\DUCA-Bass-Guitar Pic BW+Me Colored.png
[2010/08/01 17:48:45 | 000,037,543 | ---- | C] () -- C:\Documents and Settings\NateTheGreat555\My Documents\38649_677669408016_10510003_38030786_6681976_n.jpg
[2010/01/29 21:53:06 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\CLEyeDevices.dll
[2009/11/21 22:26:47 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/11/21 22:26:47 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/10/26 19:42:10 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\NateTheGreat555\Application Data\$_hpcst$.hpc
[2009/08/20 11:51:58 | 000,000,395 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2009/07/09 00:30:22 | 000,000,298 | ---- | C] () -- C:\Documents and Settings\NateTheGreat555\Application Data\iPod Access v4 Prefs
[2009/07/09 00:08:35 | 000,000,046 | -H-- | C] () -- C:\Documents and Settings\NateTheGreat555\Application Data\iPodAccessv4_OwnerName
[2009/07/09 00:08:35 | 000,000,046 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\iPodAccessv4_OwnerName
[2009/07/09 00:07:37 | 000,000,011 | -H-- | C] () -- C:\Documents and Settings\NateTheGreat555\Application Data\iPodAccess_Time
[2009/06/28 17:15:27 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/06/25 11:51:15 | 000,002,296 | ---- | C] () -- C:\Documents and Settings\NateTheGreat555\Local Settings\Application Data\d3d9caps.dat
[2009/06/22 23:32:56 | 000,000,023 | ---- | C] () -- C:\WINDOWS\EPC60.ini
[2009/06/20 22:51:15 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/06/20 22:51:14 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/06/08 15:53:41 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2009/06/03 20:40:45 | 000,000,023 | ---- | C] () -- C:\WINDOWS\SWFDecompiler.INI
[2009/05/25 15:48:11 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2009/05/21 20:03:27 | 000,000,119 | ---- | C] () -- C:\Documents and Settings\NateTheGreat555\Application Data\hdl_dump.list
[2009/05/18 19:51:59 | 000,000,278 | ---- | C] () -- C:\Documents and Settings\NateTheGreat555\Application Data\hdl_dump.conf
[2009/05/13 21:36:40 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\NateTheGreat555\Application Data\winscp.rnd
[2009/04/19 20:27:50 | 000,014,379 | ---- | C] () -- C:\WINDOWS\tw5a.ini
[2009/04/19 20:27:50 | 000,000,152 | ---- | C] () -- C:\WINDOWS\Setup5a.ini
[2009/04/19 19:54:44 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2009/04/16 21:47:12 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2009/04/16 02:12:25 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\NateTheGreat555\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2008/02/05 13:28:20 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\NateTheGreat555\Local Settings\Application Data\setup.txt
[2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2005/08/22 10:03:23 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib_dec.dll
[2004/08/03 20:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2002/06/06 01:01:58 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll
[1998/03/10 11:10:54 | 000,009,317 | ---- | C] () -- C:\WINDOWS\Froggersetup.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
< End of report >


and here is the extras.txt log:


OTL Extras logfile created on: 8/22/2010 1:05:55 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = I:\Bleeping Computer Help
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.00 Mb Total Physical Memory | 421.00 Mb Available Physical Memory | 55.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 8.83 Gb Free Space | 11.86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 55.87 Gb Total Space | 20.10 Gb Free Space | 35.98% Space Free | Partition Type: NTFS
Drive F: | 177.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 121.00 Mb Total Space | 33.04 Mb Free Space | 27.31% Space Free | Partition Type: FAT32

Computer Name: NATEUPSTAIRS
Current User Name: NateTheGreat555
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1343024091-57989841-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Gizmo5\Gizmo5.exe" = C:\Program Files\Gizmo5\Gizmo5.exe:*:Enabled:Gizmo5 -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\SAMSUNG\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\SAMSUNG\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files\SAMSUNG\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\SAMSUNG\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Program Files\LogMeIn\x86\LogMeInToolkit.exe" = C:\Program Files\LogMeIn\x86\LogMeInToolkit.exe:*:Enabled:LogMeIn -- (LogMeIn, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A9C92A5-D27F-4BD9-9DB9-0EFD8C681E29}" = Safari
"{0D3F9802-689F-9B6D-8E44-B55971F0CCBB}" = FlipShare
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1246FF64-3035-4A92-8FE6-A968275495EB}" = Sony Vegas Pro 8.0
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C4C5C53-D960-4E1C-96A6-F6B52EA43A45}" = ACID Xpress 7.0
"{1C94C999-15D2-4C75-9A73-BCC8A677D42E}" = UltraMon
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{25A13826-8E4A-4FBF-AD2B-776447FE9646}" = WMI Tools
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 14
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2E08ABBA-F263-40E8-B942-BE6FF74195B8}" = Pocket Controller-Enterprise
"{31851B85-C98E-44DE-8750-9843BCD63963}" = Adobe After Effects 5.5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36F98975-BAD7-4506-862A-0EF3CC841440}" = Windows XP Embedded Tools SP1
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4475560E-9418-4908-A158-472D873AE139}" = LogMeIn
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4EC8B911-98AB-4819-B5EE-D32E8A0A8AAA}_is1" = DVDx 2
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}" = msxml4
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = MyDVD
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{659B48CD-0608-4ED5-94C0-0B6C87114F10}" = Apple Mobile Device Support
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BAE05B5-0DB4-4152-B28E-529D55C1DD9F}" = USBAV-170
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{888019C0-54D4-40C2-9274-27B9DAB17017}" = Intel® Network Connections 14.0.40.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D5D99B8-DFA2-4018-ADE9-A6B83E655C65}" =
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94C1A41C-2A2D-4AF0-858E-924288245621}" = SlimDX Redistributable (August 2009)
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C19FFB1-25FC-43FC-AC78-919E5E2A6DD0}" = TortoiseSVN 1.6.6.17493 (32 bit)
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A39EA3C8-7BF3-4FA7-9A67-3D3611BAE59E}_is1" = Convert MOV to AVI 1.0
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AA8D04AF-6C3B-4D45-88D2-0944433B8D37}" = PS2 HD Handiness 0.75
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B40C92E7-0878-47B7-893E-FF842C210B0F}" = gMapMaker
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D482AA7B-92FD-490D-A0EA-7A653D2A78E8}" = YouTube Uploader for CASIO
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D58FE5E1-A794-44DB-9833-A140E4A3C3CB}" = AV Capture
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{DE4A7830-7480-425C-8330-699C30FD8C66}" = PHM Registry Editor
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E133E97F-5186-4503-BEC8-752EB9E8EBD7}" = Copy
"{E209F988-EF49-4B3D-84A6-3CBB67F058AC}" = Google SketchUp 7
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FC857AFE-FC36-3C91-BC17-F8E233C21B4B}" = Strawberry Perl
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"7-Zip" = 7-Zip 4.65
"AC3Filter" = AC3Filter (remove only)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AsUninst.exe" = Anvil Studio
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.7 (Unicode)
"Avidemux 2.4" = Avidemux 2.4
"AviSynth" = AviSynth 2.5
"Blender" = Blender (remove only)
"CCleaner" = CCleaner (remove only)
"CL-Eye Driver" = CL-Eye Driver
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"CPU-Control_is1" = CPU-Control
"DebugMode Wax 2.0" = DebugMode Wax 2.0
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"D-Link VGA Webcam" = D-Link VGA Webcam
"DragonUnPACKer5_is1" = Dragon UnPACKer 5
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
"energyXT 2.5.2_is1" = energyXT 2.5.2
"EPSON Printer and Utilities" = EPSON Printer Software
"eZ" = eZ
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FFmpeg for Audacity on Windows_is1" = FFmpeg for Audacity on Windows
"FFmpeg for Audacity_is1" = FFmpeg 2009-01-08 for Audacity
"FileZilla Client" = FileZilla Client 3.3.1
"Finale 2008" = Finale 2008
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Frogger" = Frogger v3.0e
"Gizmo5" = Gizmo5
"gtkmm" = gtkmm Development Environment 2.16
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Ink Monitor" = Ink Monitor
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"iPod Access for Windows_is1" = iPod Access for Windows v4.3
"Jahplayer" = Jahplayer
"Jahshaka" = Jahshaka
"JSmooth 0.9.9-7" = JSmooth 0.9.9-7
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.12.1
"Loki Browser Plugin" = Loki Browser Plugin
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"MediaCoder" = MediaCoder 0.7.1.4450
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft DirectX SDK (March 2009)" = Microsoft DirectX SDK (March 2009)
"MovieConverterV3" = Movie Converter V3 (remove only)
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nvu_is1" = Nvu 1.0PR
"OpenLibraries" = OpenLibraries
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Oregon Trail II" = Oregon Trail II
"Pennsylvania Topo Planimetric" = Pennsylvania Topo Planimetric Map
"Pong" = Pong
"PopCap Browser Plugin" = PopCap Browser Plugin
"PowerISO" = PowerISO
"PROSet" = Intel® PRO Network Adapters and Drivers
"Quartz Composer Eval" = Quartz Composer Eval
"RADVideo" = RAD Video Tools
"RegCure" = RegCure 1.5.2.7
"RiffWorks T4" = RiffWorks T4
"RollerCoaster Tycoon Setup" = Roll
"Salvation_v100" = Salvation v1.0
"SalvationMX_v100" = Salvation MX v1.0
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SIMREADER" = SIMREADER
"SmodeStudio12Demo" = Smode Studio 1.2 Demo (remove only)
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"ST5UNST #1" = Press Your Luck
"synfig" = Synfig Core
"SystemRequirementsLab" = System Requirements Lab
"Total Video Converter 3.14_is1" = Total Video Converter 3.14 08113
"Tunatic" = Tunatic
"UltraISO_is1" = UltraISO Premium V9.35
"Videora iPod touch Converter" = Videora iPod touch Converter 4.08
"VLC media player" = VLC media player 1.0.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"WinFF_is1" = WinFF 1.0
"WinGrub" = WinGrub
"Wings 3D 1.0.2" = Wings 3D 1.0.2
"WinGTK-2_is1" = GTK+ 2.10.13 runtime environment
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.1 beta
"winusb0200" = Microsoft WinUsb 2.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XiphQT" = Xiph QuickTime Components
"X-Lite 1.5_is1" = X-Lite 3.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"YouTube Downloader App" = YouTube Downloader App 1.03
"ZoneAlarm" = ZoneAlarm

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1343024091-57989841-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/6/2010 1:20:23 AM | Computer Name = NATEUPSTAIRS | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 8/6/2010 1:28:12 AM | Computer Name = NATEUPSTAIRS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/6/2010 1:28:12 AM | Computer Name = NATEUPSTAIRS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/6/2010 8:33:01 AM | Computer Name = NATEUPSTAIRS | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module Flash9f.ocx, version 9.0.124.0, fault address 0x0009c1d5.

Error - 8/6/2010 10:06:15 AM | Computer Name = NATEUPSTAIRS | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module pconest5.dll, version 1.0.0.823, fault address 0x00002eef.

Error - 8/6/2010 10:06:59 AM | Computer Name = NATEUPSTAIRS | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 8/6/2010 6:25:00 PM | Computer Name = NATEUPSTAIRS | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module pconest5.dll, version 1.0.0.823, fault address 0x00002eef.

Error - 8/9/2010 12:08:04 AM | Computer Name = NATEUPSTAIRS | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 8/9/2010 10:58:53 AM | Computer Name = NATEUPSTAIRS | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 8/15/2010 12:48:17 PM | Computer Name = NATEUPSTAIRS | Source = Application Error | ID = 1000
Description = Faulting application FlipShareService.exe, version 4.5.0.39816, faulting
module FlipShareService.exe, version 4.5.0.39816, fault address 0x000075b3.

[ Application Events ]
Error - 8/6/2010 1:20:23 AM | Computer Name = NATEUPSTAIRS | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 8/6/2010 1:28:12 AM | Computer Name = NATEUPSTAIRS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/6/2010 1:28:12 AM | Computer Name = NATEUPSTAIRS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/6/2010 8:33:01 AM | Computer Name = NATEUPSTAIRS | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module Flash9f.ocx, version 9.0.124.0, fault address 0x0009c1d5.

Error - 8/6/2010 10:06:15 AM | Computer Name = NATEUPSTAIRS | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module pconest5.dll, version 1.0.0.823, fault address 0x00002eef.

Error - 8/6/2010 10:06:59 AM | Computer Name = NATEUPSTAIRS | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 8/6/2010 6:25:00 PM | Computer Name = NATEUPSTAIRS | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module pconest5.dll, version 1.0.0.823, fault address 0x00002eef.

Error - 8/9/2010 12:08:04 AM | Computer Name = NATEUPSTAIRS | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 8/9/2010 10:58:53 AM | Computer Name = NATEUPSTAIRS | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 8/15/2010 12:48:17 PM | Computer Name = NATEUPSTAIRS | Source = Application Error | ID = 1000
Description = Faulting application FlipShareService.exe, version 4.5.0.39816, faulting
module FlipShareService.exe, version 4.5.0.39816, fault address 0x000075b3.

[ OSession Events ]
Error - 2/18/2010 11:27:44 PM | Computer Name = NATE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 18747
seconds with 1980 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/22/2010 1:04:30 PM | Computer Name = NATEUPSTAIRS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-Embedding

Error - 8/22/2010 1:04:30 PM | Computer Name = NATEUPSTAIRS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-Embedding

Error - 8/22/2010 1:04:30 PM | Computer Name = NATEUPSTAIRS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-Embedding

Error - 8/22/2010 1:04:30 PM | Computer Name = NATEUPSTAIRS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-Embedding

Error - 8/22/2010 1:04:36 PM | Computer Name = NATEUPSTAIRS | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 8/22/2010 1:05:19 PM | Computer Name = NATEUPSTAIRS | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/22/2010 1:05:24 PM | Computer Name = NATEUPSTAIRS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-Embedding

Error - 8/22/2010 1:05:24 PM | Computer Name = NATEUPSTAIRS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-Embedding

Error - 8/22/2010 1:05:24 PM | Computer Name = NATEUPSTAIRS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-Embedding

Error - 8/22/2010 1:05:24 PM | Computer Name = NATEUPSTAIRS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-Embedding


< End of report >


Now, about that GMER program...

My computer continuously crashes and auto-reboots every time I try to run it, whether it be in normal mode or safe mode. So that log is impossible for me to produce. This is weird...

If there's anything else I can provide you with that might help, please don't hesitate to respond back. Sorry about GMER, but thanks for helping me out!

-Nate


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:02 PM

Posted 22 August 2010 - 01:11 PM

Hi, no problem, lets run rootkit unhooker instead.


P2P WARNING
-------------------
Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth, and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Nate555

Nate555
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 22 August 2010 - 01:31 PM

Thanks for the reply.

Just as a sidenote, I have uTorrent installed because there were a couple of times I needed to download a few .iso's that were only available as torrents (mainly linux stuff). I am in no way a gamer and I very rarely download illegal stuff. I'm good at finding the freebies. tongue.gif

Anyway, here's that log file:


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2179328 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2179328 bytes
0x804D7000 RAW 2179328 bytes
0x804D7000 WMIxWDM 2179328 bytes
0xBF800000 Win32k 1847296 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1847296 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF6D53000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1052672 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBFA38000 C:\WINDOWS\System32\ialmdd5.DLL 925696 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xF6B95000 C:\WINDOWS\system32\drivers\senfilt.sys 733184 bytes (Creative Technology Ltd., Creative WDM Audio Driver)
0xF7491000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xECA1B000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xECB71000 C:\WINDOWS\System32\vsdatant.sys 438272 bytes (Check Point Software Technologies LTD, TrueVector Device Driver)
0xF5BD1000 C:\WINDOWS\System32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)
0xECC04000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB0D4A000 C:\WINDOWS\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB07E1000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF6C6C000 C:\WINDOWS\system32\drivers\smwdm.sys 262144 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xBFA04000 C:\WINDOWS\System32\ialmdev5.DLL 212992 bytes (Intel Corporation, Component GHAL Driver)
0xF75C7000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF7464000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB0E3C000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB068D000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xECAB2000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xECBDC000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF6CE3000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 155648 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xF6C48000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB18A1000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF6CAC000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF6D1C000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xECB4F000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBFF30000 C:\WINDOWS\System32\atidrae.dll 139264 bytes (ATI Technologies Inc., ATIRAGE Display Driver)
0xECADD000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xBF9E3000 C:\WINDOWS\System32\ialmdnt5.dll 135168 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xEC9E3000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806EC000 ACPI_HAL 131968 bytes
0x806EC000 C:\WINDOWS\system32\hal.dll 131968 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7547000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7597000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF5C2A000 C:\WINDOWS\system32\DRIVERS\mcdbus.sys 118784 bytes (MagicISO, Inc., MagicISO SCSI Host Controller)
0xF7435000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF757F000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF7567000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xECA04000 C:\Program Files\UltraISO\drivers\ISODrive.sys 94208 bytes (EZB Systems, Inc., ISO DVD/CD-ROM Device Driver)
0xF751E000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6B4B000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB108B000 C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 90112 bytes (Microsoft Corporation, NWLINK2 IPX Protocol Driver)
0xB0FAE000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6CCF000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF7450000 srescan.sys 81920 bytes
0xF6D3F000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF6D09000 C:\WINDOWS\System32\DRIVERS\atimpae.sys 77824 bytes (ATI Technologies Inc., ATIRAGE3 Miniport Driver)
0xECC5C000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF9C3000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7535000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB06E0000 C:\WINDOWS\system32\Drivers\EPLPDX02.SYS 69632 bytes (MK Systems CO., LTD., LPT I/O driver for EPSON PRINTER)
0xF75B6000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6973000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB25BB000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB2023000 C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 65536 bytes (Microsoft Corporation, NWLINK2 IPX Netbios Protocol Driver)
0xF7866000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF76A6000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7666000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xF7696000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB3DBB000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7736000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBF9D5000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF597D000 C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 57344 bytes (Microsoft Corporation, NWLINK2 SPX Protocol Driver)
0xF7886000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7656000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7856000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7796000 C:\WINDOWS\system32\drivers\libusb0.sys 53248 bytes (http://libusb-win32.sourceforge.net, LibUSB-Win32 - Kernel Driver)
0xF7726000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF69B4000 C:\WINDOWS\System32\Drivers\SCDEmu.SYS 53248 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0xF7636000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7786000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7876000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7626000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7766000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7826000 C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 40960 bytes (LogMeIn, Inc., LogMeIn Rfs Drivemap Driver)
0xF7716000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7806000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7646000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF69A4000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF59FD000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF77F6000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7616000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF77B6000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF69D4000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB1FD3000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7676000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF6994000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF78A6000 cercsr6.sys 32768 bytes (Adaptec, Inc., DELL CERC SATA1.5/6ch Miniport Driver)
0xF798E000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF78F6000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7976000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7896000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF78EE000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB3CA5000 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF7906000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF78FE000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF794E000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7996000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF797E000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7966000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF7986000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF789E000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7926000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF792E000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7916000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF78E6000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB2523000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF6E54000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB5162000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF6E74000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7A26000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB246C000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7AB6000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB0D9C000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF7AD6000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF6E64000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF6E70000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus® ASPI Shell)
0xF7ADE000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB0DC0000 C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys 12288 bytes (Realtime Soft Ltd, UltraMon Utility Driver)
0xF7B1C000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7BDC000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7B1A000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7B16000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B1E000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B30000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7B66000 C:\Program Files\LogMeIn\x86\RaInfo.sys 8192 bytes (LogMeIn, Inc., RemotelyAnywhere Kernel Information Provider)
0xF7B20000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7BCE000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7BDA000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7B18000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7D13000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7CCC000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7D12000 C:\WINDOWS\system32\DRIVERS\lmimirr.sys 4096 bytes (LogMeIn, Inc., LogMeIn Mirror Miniport Driver)
0xF7D5F000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7BDE000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x839DBAEA ?_empty_? 1302 bytes
!!!!!!!!!!!Hidden driver: 0x83A45F38 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xF757F000 WARNING: suspicious driver modification [atapi.sys::0x839DBAEA]
WARNING: Virus alike driver modification [bthpan.sys]
WARNING: Virus alike driver modification [sonypvs1.sys]
WARNING: Virus alike driver modification [sffp_mmc.sys]
WARNING: Virus alike driver modification [sffp_sd.sys]
WARNING: Virus alike driver modification [hsfdpsp2.sys]
WARNING: Virus alike driver modification [HSF_DP.sys]
WARNING: Virus alike driver modification [atinrvxx.sys]
WARNING: Virus alike driver modification [mup.sys]
WARNING: Virus alike driver modification [sffdisk.sys]
WARNING: Virus alike driver modification [irenum.sys]
WARNING: Virus alike driver modification [wadv08nt.sys]
WARNING: Virus alike driver modification [ati1mdxx.sys]
WARNING: Virus alike driver modification [ianswxp.sys]
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [bdasup.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [wadv07nt.sys]
WARNING: Virus alike driver modification [wadv09nt.sys]
WARNING: Virus alike driver modification [wadv11nt.sys]
WARNING: Virus alike driver modification [pcmcia.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [tdpipe.sys]
WARNING: Virus alike driver modification [ati1pdxx.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [nwlnkflt.sys]
WARNING: Virus alike driver modification [tunmp.sys]
WARNING: Virus alike driver modification [ftdisk.sys]
WARNING: Virus alike driver modification [mtlmnt5.sys]
WARNING: Virus alike driver modification [mutohpen.sys]
WARNING: Virus alike driver modification [fltmgr.sys]
WARNING: Virus alike driver modification [slnt7554.sys]
WARNING: Virus alike driver modification [mtlstrm.sys]
WARNING: Virus alike driver modification [slwdmsup.sys]
WARNING: Virus alike driver modification [wacompen.sys]
WARNING: Virus alike driver modification [recagent.sys]
WARNING: Virus alike driver modification [atinmdxx.sys]
WARNING: Virus alike driver modification [atinttxx.sys]
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [rdpwd.sys]
WARNING: Virus alike driver modification [diskdump.sys]
WARNING: Virus alike driver modification [ca506aaf.sys]
WARNING: Virus alike driver modification [atinpdxx.sys]
WARNING: Virus alike driver modification [hdaudbus.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [tape.sys]
WARNING: Virus alike driver modification [hidir.sys]
WARNING: Virus alike driver modification [dmio.sys]
WARNING: Virus alike driver modification [mpe.sys]
WARNING: Virus alike driver modification [usbintel.sys]
WARNING: Virus alike driver modification [MODEMCSA.sys]
WARNING: Virus alike driver modification [windrvr.sys]
WARNING: Virus alike driver modification [s3gnbm.sys]
WARNING: Virus alike driver modification [bthenum.sys]
WARNING: Virus alike driver modification [ca506av.sys]
WARNING: Virus alike driver modification [ntmtlfax.sys]
WARNING: Virus alike driver modification [ndis.sys]
WARNING: Virus alike driver modification [motccgp.sys]
WARNING: Virus alike driver modification [partmgr.sys]
WARNING: Virus alike driver modification [bthusb.sys]
WARNING: Virus alike driver modification [nv4_mini.sys]
WARNING: Virus alike driver modification [rdpdr.sys]
WARNING: Virus alike driver modification [rmcast.sys]
WARNING: Virus alike driver modification [secdrv.sys]
WARNING: Virus alike driver modification [HSFHWBS2.sys]
WARNING: Virus alike driver modification [ati1ttxx.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [tdtcp.sys]
WARNING: Virus alike driver modification [hsfbs2s2.sys]
WARNING: Virus alike driver modification [watv06nt.sys]
WARNING: Virus alike driver modification [tcpip6.sys]
WARNING: Virus alike driver modification [usbcamd.sys]
WARNING: Virus alike driver modification [usbcamd2.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [bthport.sys]
WARNING: Virus alike driver modification [sonyhcs.sys]
WARNING: Virus alike driver modification [ati2mtaa.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [slntamr.sys]
0xF7806000 WARNING: Virus alike driver modification [termdd.sys], 40960 bytes
WARNING: Virus alike driver modification [mtxparhm.sys]
WARNING: Virus alike driver modification [intelide.sys]
WARNING: Virus alike driver modification [ntfs.sys]
WARNING: Virus alike driver modification [dmload.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [smbali.sys]
WARNING: Virus alike driver modification [arp1394.sys]
WARNING: Virus alike driver modification [sonyhcb.sys]
WARNING: Virus alike driver modification [nic1394.sys]
WARNING: Virus alike driver modification [ati1rvxx.sys]
WARNING: Virus alike driver modification [mf.sys]
WARNING: Virus alike driver modification [motswch.sys]
WARNING: Virus alike driver modification [pci.sys]
WARNING: Virus alike driver modification [hsfcxts2.sys]
WARNING: Virus alike driver modification [ati2mtag.sys]
WARNING: Virus alike driver modification [bridge.sys]
WARNING: Virus alike driver modification [sr.sys]
WARNING: Virus alike driver modification [atimpae.sys]
WARNING: Virus alike driver modification [nvraid.sys]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [WudfPf.sys]
WARNING: Virus alike driver modification [usbvideo.sys]
WARNING: Virus alike driver modification [dmboot.sys]
WARNING: Virus alike driver modification [WudfRd.sys]
WARNING: Virus alike driver modification [motccgpfl.sys]
WARNING: Virus alike driver modification [ksecdd.sys]
WARNING: Virus alike driver modification [NvAtaBus.sys]
WARNING: Virus alike driver modification [slnthal.sys]
WARNING: Virus alike driver modification [scsiport.sys]



END.

(Well, this looks fun...)
Thanks.
-Nate

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:02 PM

Posted 22 August 2010 - 03:04 PM

Yes, looks like a brand-new rootkit unfortunately... ohmy.gif Please consider the following information before continuing.

BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


Even if you are considering a reformat, I would like to ask you to follow the steps here so we can have a look at the infected MBR, thank you! smile.gif http://www.kernelmode.info/tutorial-bootdisk/

>Instructions removed, see last post!<

Edited by elise025, 23 August 2010 - 07:36 AM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Nate555

Nate555
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 22 August 2010 - 10:42 PM

What the heck, lets see where this takes me. I'm curious with computers and such, so I'll continue with the cleaning process.
This thing's been offline for a few weeks now, so that's not that important at the moment, but I will surely heed your advice.

First off, I've got the three files that the FreeDOS program created, but how should I upload them? I get errors when I try to upload them.
For the time being, I just dumped them onto MediaFire, let me know if I should do it differently.
http://www.mediafire.com/download.php?g8c1mdm5kbf4mb9

I will edit this post when this log is finished, everything else went smoothly so far. Thanks for your help!

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:02 PM

Posted 23 August 2010 - 04:46 AM

If you haven't followed the steps yet, please don't do so!! I have some alternative steps, please post back here as soon as you read this.

Edited by elise025, 23 August 2010 - 07:25 AM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Nate555

Nate555
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 23 August 2010 - 12:16 PM

I successfully completed the fixmbr command, that was the last thing I did. What else did you have in mind.

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:02 PM

Posted 23 August 2010 - 01:29 PM

In that case, please post a new MBRcheck log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 Nate555

Nate555
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 23 August 2010 - 08:35 PM

Can do.

----------------------------------------

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2179328 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2179328 bytes
0x804D7000 RAW 2179328 bytes
0x804D7000 WMIxWDM 2179328 bytes
0xBF800000 Win32k 1847296 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1847296 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF6A79000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1052672 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBFA38000 C:\WINDOWS\System32\ialmdd5.DLL 925696 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xF68BB000 C:\WINDOWS\system32\drivers\senfilt.sys 733184 bytes (Creative Technology Ltd., Creative WDM Audio Driver)
0xF7491000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xEB887000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xEB9DD000 C:\WINDOWS\System32\vsdatant.sys 438272 bytes (Check Point Software Technologies LTD, TrueVector Device Driver)
0xF58D2000 C:\WINDOWS\System32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)
0xEBA70000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB2B46000 C:\WINDOWS\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB25DD000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF6992000 C:\WINDOWS\system32\drivers\smwdm.sys 262144 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xBFA04000 C:\WINDOWS\System32\ialmdev5.DLL 212992 bytes (Intel Corporation, Component GHAL Driver)
0xF75C7000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF7464000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB2C38000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xEB91E000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xEBA48000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF6A09000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 155648 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xF696E000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB369D000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF69D2000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF6A42000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xEB9BB000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBFF30000 C:\WINDOWS\System32\atidrae.dll 139264 bytes (ATI Technologies Inc., ATIRAGE Display Driver)
0xEB949000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xBF9E3000 C:\WINDOWS\System32\ialmdnt5.dll 135168 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xEB84F000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806EC000 ACPI_HAL 131968 bytes
0x806EC000 C:\WINDOWS\system32\hal.dll 131968 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7547000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7597000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF592B000 C:\WINDOWS\system32\DRIVERS\mcdbus.sys 118784 bytes (MagicISO, Inc., MagicISO SCSI Host Controller)
0xF7435000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF757F000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF7567000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xEB870000 C:\Program Files\UltraISO\drivers\ISODrive.sys 94208 bytes (EZB Systems, Inc., ISO DVD/CD-ROM Device Driver)
0xF751E000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6871000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB2E87000 C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 90112 bytes (Microsoft Corporation, NWLINK2 IPX Protocol Driver)
0xB2DAA000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF69F5000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF7450000 srescan.sys 81920 bytes
0xF6A65000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF6A2F000 C:\WINDOWS\System32\DRIVERS\atimpae.sys 77824 bytes (ATI Technologies Inc., ATIRAGE3 Miniport Driver)
0xEBAC8000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF9C3000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7535000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB2504000 C:\WINDOWS\system32\Drivers\EPLPDX02.SYS 69632 bytes (MK Systems CO., LTD., LPT I/O driver for EPSON PRINTER)
0xF75B6000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6739000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB42B0000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB5F60000 C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 65536 bytes (Microsoft Corporation, NWLINK2 IPX Netbios Protocol Driver)
0xF77E6000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF7826000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7666000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xF7816000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xEB7FF000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7856000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBF9D5000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xB3C90000 C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 57344 bytes (Microsoft Corporation, NWLINK2 SPX Protocol Driver)
0xF7806000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7656000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF77D6000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF76D6000 C:\WINDOWS\system32\drivers\libusb0.sys 53248 bytes (http://libusb-win32.sourceforge.net, LibUSB-Win32 - Kernel Driver)
0xF6BFA000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF6B8A000 C:\WINDOWS\System32\Drivers\SCDEmu.SYS 53248 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0xF7636000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF6B9A000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF77F6000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7626000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF6BBA000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF77C6000 C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 40960 bytes (LogMeIn, Inc., LogMeIn Rfs Drivemap Driver)
0xF7846000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF76E6000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7646000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF76A6000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7886000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF7776000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7616000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF6B7A000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF6BCA000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB5F80000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7676000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF76C6000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF78A6000 cercsr6.sys 32768 bytes (Adaptec, Inc., DELL CERC SATA1.5/6ch Miniport Driver)
0xF797E000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF78BE000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7966000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7896000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7A1E000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7996000 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF78CE000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF78C6000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7916000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7986000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF796E000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7956000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF7976000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF789E000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF78E6000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF78EE000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF78DE000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7A16000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB3E7B000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7ABE000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB565E000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF6D41000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7A26000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xEB96F000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xEBAFB000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB2DFF000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF73F4000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7AAE000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7AA6000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus® ASPI Shell)
0xF73EC000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB2BC8000 C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys 12288 bytes (Realtime Soft Ltd, UltraMon Utility Driver)
0xF7B52000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B50000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7B1A000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7B16000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B54000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB5097000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xB3F83000 C:\Program Files\LogMeIn\x86\RaInfo.sys 8192 bytes (LogMeIn, Inc., RemotelyAnywhere Kernel Information Provider)
0xF7B56000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7BC4000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B4E000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7B18000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7C14000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7D48000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7C17000 C:\WINDOWS\system32\DRIVERS\lmimirr.sys 4096 bytes (LogMeIn, Inc., LogMeIn Mirror Miniport Driver)
0xF7CC7000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7BDE000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x839FFAEA ?_empty_? 1302 bytes
!!!!!!!!!!!Hidden driver: 0x83E92F38 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xF757F000 WARNING: suspicious driver modification [atapi.sys::0x839FFAEA]
WARNING: Virus alike driver modification [bthpan.sys]
WARNING: Virus alike driver modification [sonypvs1.sys]
WARNING: Virus alike driver modification [sffp_mmc.sys]
WARNING: Virus alike driver modification [sffp_sd.sys]
WARNING: Virus alike driver modification [hsfdpsp2.sys]
WARNING: Virus alike driver modification [HSF_DP.sys]
WARNING: Virus alike driver modification [atinrvxx.sys]
WARNING: Virus alike driver modification [mup.sys]
WARNING: Virus alike driver modification [sffdisk.sys]
WARNING: Virus alike driver modification [irenum.sys]
WARNING: Virus alike driver modification [wadv08nt.sys]
WARNING: Virus alike driver modification [ati1mdxx.sys]
WARNING: Virus alike driver modification [ianswxp.sys]
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [bdasup.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [wadv07nt.sys]
WARNING: Virus alike driver modification [wadv09nt.sys]
WARNING: Virus alike driver modification [wadv11nt.sys]
WARNING: Virus alike driver modification [pcmcia.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [tdpipe.sys]
WARNING: Virus alike driver modification [ati1pdxx.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [nwlnkflt.sys]
WARNING: Virus alike driver modification [tunmp.sys]
WARNING: Virus alike driver modification [ftdisk.sys]
WARNING: Virus alike driver modification [mtlmnt5.sys]
WARNING: Virus alike driver modification [mutohpen.sys]
WARNING: Virus alike driver modification [fltmgr.sys]
WARNING: Virus alike driver modification [slnt7554.sys]
WARNING: Virus alike driver modification [mtlstrm.sys]
WARNING: Virus alike driver modification [slwdmsup.sys]
WARNING: Virus alike driver modification [wacompen.sys]
WARNING: Virus alike driver modification [recagent.sys]
WARNING: Virus alike driver modification [atinmdxx.sys]
WARNING: Virus alike driver modification [atinttxx.sys]
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [rdpwd.sys]
WARNING: Virus alike driver modification [diskdump.sys]
WARNING: Virus alike driver modification [ca506aaf.sys]
WARNING: Virus alike driver modification [atinpdxx.sys]
WARNING: Virus alike driver modification [hdaudbus.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [tape.sys]
WARNING: Virus alike driver modification [hidir.sys]
WARNING: Virus alike driver modification [dmio.sys]
WARNING: Virus alike driver modification [mpe.sys]
WARNING: Virus alike driver modification [usbintel.sys]
WARNING: Virus alike driver modification [MODEMCSA.sys]
WARNING: Virus alike driver modification [windrvr.sys]
WARNING: Virus alike driver modification [s3gnbm.sys]
WARNING: Virus alike driver modification [bthenum.sys]
WARNING: Virus alike driver modification [ca506av.sys]
WARNING: Virus alike driver modification [ntmtlfax.sys]
WARNING: Virus alike driver modification [ndis.sys]
WARNING: Virus alike driver modification [motccgp.sys]
WARNING: Virus alike driver modification [partmgr.sys]
WARNING: Virus alike driver modification [bthusb.sys]
WARNING: Virus alike driver modification [nv4_mini.sys]
WARNING: Virus alike driver modification [rdpdr.sys]
WARNING: Virus alike driver modification [rmcast.sys]
WARNING: Virus alike driver modification [secdrv.sys]
WARNING: Virus alike driver modification [HSFHWBS2.sys]
WARNING: Virus alike driver modification [ati1ttxx.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [tdtcp.sys]
WARNING: Virus alike driver modification [hsfbs2s2.sys]
WARNING: Virus alike driver modification [watv06nt.sys]
WARNING: Virus alike driver modification [tcpip6.sys]
WARNING: Virus alike driver modification [usbcamd.sys]
WARNING: Virus alike driver modification [usbcamd2.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [bthport.sys]
WARNING: Virus alike driver modification [sonyhcs.sys]
WARNING: Virus alike driver modification [ati2mtaa.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [slntamr.sys]
0xF76E6000 WARNING: Virus alike driver modification [termdd.sys], 40960 bytes
WARNING: Virus alike driver modification [mtxparhm.sys]
WARNING: Virus alike driver modification [intelide.sys]
WARNING: Virus alike driver modification [ntfs.sys]
WARNING: Virus alike driver modification [dmload.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [smbali.sys]
WARNING: Virus alike driver modification [arp1394.sys]
WARNING: Virus alike driver modification [sonyhcb.sys]
WARNING: Virus alike driver modification [nic1394.sys]
WARNING: Virus alike driver modification [ati1rvxx.sys]
WARNING: Virus alike driver modification [mf.sys]
WARNING: Virus alike driver modification [motswch.sys]
WARNING: Virus alike driver modification [pci.sys]
WARNING: Virus alike driver modification [hsfcxts2.sys]
WARNING: Virus alike driver modification [ati2mtag.sys]
WARNING: Virus alike driver modification [bridge.sys]
WARNING: Virus alike driver modification [sr.sys]
WARNING: Virus alike driver modification [atimpae.sys]
WARNING: Virus alike driver modification [nvraid.sys]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [WudfPf.sys]
WARNING: Virus alike driver modification [usbvideo.sys]
WARNING: Virus alike driver modification [dmboot.sys]
WARNING: Virus alike driver modification [WudfRd.sys]
WARNING: Virus alike driver modification [motccgpfl.sys]
WARNING: Virus alike driver modification [ksecdd.sys]
WARNING: Virus alike driver modification [NvAtaBus.sys]
WARNING: Virus alike driver modification [slnthal.sys]
WARNING: Virus alike driver modification [scsiport.sys]

---------------------------------------------------------------------------------------

This any help?

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:02 PM

Posted 24 August 2010 - 03:34 AM

Thats not MBR check, but shows what I want to see anyway. smile.gif

>content removed<

Edited by elise025, 24 August 2010 - 02:34 PM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 Nate555

Nate555
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 24 August 2010 - 10:49 AM

Just uploaded the files/log to that site.

Thanks so much again for the support!

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:02 PM

Posted 24 August 2010 - 10:55 AM

Thank you. For security reasons, I moved the original instructions temporarily out of sight.

I'll post back shortly with more instructions.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:02 PM

Posted 24 August 2010 - 12:25 PM

Hello again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users