Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Server 2003, Has a rootkit infection keeps growing back.


  • This topic is locked This topic is locked
24 replies to this topic

#1 iGmO

iGmO

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 14 October 2010 - 06:48 PM

http://www.bleepingcomputer.com/forums/topic353678.html

So if you read that thread you see that I was asked to create a DDS and GMER log and post them to this forum.

I have been met with failure. DDS will not run on the Server 2003 OS. It just says that the OS is not supported.

I have tried twice to run GMER, it will start and popup a box saying that it detects rootkit activity. There are also a few entries in the log that appear to look like they are attached to svchost. They are the randomly lettered file names that viruses are so fond of these days. The jpeg that I have attached is a screen shot of GMER before it goes into it's main scan so you can see the names

I uncheck the appropriate boxes and tell it to scan, after about 10 minutes it hangs the machine. It will not respond to control alt-delete and there is no disk activity that I can hear. I have had to reset the machine I have let it remain in this state for over an hour with no results.

Thank you very much for any assistance you can provide.


iGmO


Attached Files

  • Attached File  GMER.jpg   174.53KB   7 downloads


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:52 PM

Posted 23 October 2010 - 07:50 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 iGmO

iGmO
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 24 October 2010 - 06:52 AM

Hello Mole,

Thank you for your response. I am still eagerly awaiting assistance.

Thanks,
iGmO

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:52 PM

Posted 24 October 2010 - 11:59 AM

I have not worked a great deal with Server 2003 machines so I apologise if I post something that you are unable to carry out. Just let me know and we'll work round it.

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"



Then please run OTL

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#5 iGmO

iGmO
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 24 October 2010 - 05:27 PM

The forum didn't like the length of my post with all 3 logs splitting them up one by one

Here is Report.txt

OTL Extras logfile created on: 10/24/2010 6:13:15 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 24.00% Memory free
6.00 Gb Paging File | 3.00 Gb Available in Paging File | 51.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.00 Gb Total Space | 10.26 Gb Free Space | 41.02% Space Free | Partition Type: NTFS
Drive D: | 35.00 Gb Total Space | 16.77 Gb Free Space | 47.92% Space Free | Partition Type: NTFS
Drive F: | 68.36 Gb Total Space | 32.10 Gb Free Space | 46.96% Space Free | Partition Type: NTFS
Drive H: | 68.36 Gb Total Space | 32.10 Gb Free Space | 46.96% Space Free | Partition Type: NTFS

Computer Name: SERVERVW | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- d:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- d:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "d:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "d:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DAA9912-3FE2-4B84-B926-8D7F71A8A99A}" = Microsoft SQL Server 2005 Reporting Services (TIMEFORCE)
"{16906D21-0656-4F8B-9A01-C3D24B5401FC}" = Intel® PROSet for Wired Connections
"{201E698C-B88E-41AE-8C46-3BBACADCD6E7}" = VERITAS Backup Exec for Windows Servers
"{20608BFA-6068-48FE-A410-400F2A124C27}" = Microsoft SQL Server Management Studio Express
"{2475C7C3-1663-4BE4-8067-7A09A1928FC3}" = Windows Server 2003 Access-based Enumeration
"{29C314DE-E439-4D75-AD83-87A46B4CBCE6}" = InstrumentationService
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SUNBELT)
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{4C29ADA8-578D-461A-AAF8-2BA26BE09533}" = ShadowProtect Server
"{4D6340A0-51FC-4683-9481-9573DFBAC566}" = ClockLink For TimeForceŽ
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools
"{5D112C61-C8D0-4718-8DD7-B9115EB9AF90}" = LogMeIn
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs
"{69880C00-08DD-4385-B752-9C62656F6D1E}" = Microsoft SQL Server 2005 Backward compatibility
"{6D3055C4-4F2D-460F-9013-0B6AF576069D}" = ShadowProtect Server
"{750DFF5E-C559-11D4-A441-00B0D0436EE7}" = Broadcom Management Programs
"{76DD1D2B-C2A9-4848-9B81-CB69B26406D0}" = Remote Access Open Manage Components
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{95E0F051-3E25-40DF-98E3-D6CC86C057AE}" = Intel® LAN Adapters SNMP Agent
"{9BC51C0F-DA8E-4370-9997-899B3435A647}" = VMware vSphere Host Update Utility 4.0
"{9D544611-F437-4153-913E-91CE036583CC}" = Sunbelt Enterprise Agent
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A9D8E924-443D-4928-B095-D63C0BEB233E}" = DataEngine
"{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (TIMEFORCE)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C40698F9-A861-4531-9F8C-FA7F8961375B}" = VMware vSphere Client 4.0
"{CA3553E0-191B-4E2F-AD3C-82E33CB9D4E4}" = Microsoft Group Policy Management Console with SP1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D19797E7-161C-4EEA-8548-DFC47B0BA354}" = Qqest TimeForceŽ
"{D1E5AC9D-DA9D-4167-8130-30B59D01F52D}" = AMS
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (BKUPEXEC)
"{EA42DF80-6116-433F-B30B-8BCD2596B664}" = VIPRE Enterprise
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EFE295A9-C617-4ECE-A191-14265F5BD7ED}" = VERITAS Update
"{F07F0BCD-5C6D-4499-9F05-6ED747078A72}" = Windows Support Tools
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F653AB56-DB37-415B-8DDD-EF5BC1982150}" = SQL Anywhere Studio 9, Software
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FE2F6A2C-196E-4210-9C04-2B1BC21F07EF}" = VMware Tools
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Hypersight Rootkit Detector_is1" = Hypersight Rootkit Detector 1.0 beta
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs
"JRE 1.2.2" = Java 2 Runtime Environment Standard Edition v1.2.2
"LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Ping Plotter Freeware" = Ping Plotter Freeware
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealVNC_is1" = VNC 4.0
"Server Administrator" = Dell OpenManage
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"Trojan Remover_is1" = Trojan Remover 6.8.2
"VERITAS Backup Exec 9.0" = VERITAS Backup Exec for Windows Servers

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/22/2010 3:27:38 AM | Computer Name = SERVERVW | Source = Report Server Windows Service (TIMEFORCE) | ID = 107
Description = Report Server Windows Service (TIMEFORCE) cannot connect to the report
server database.

Error - 10/22/2010 10:59:45 AM | Computer Name = SERVERVW | Source = Active Server Pages | ID = 5
Description = Error: The Template Persistent Cache initialization failed for Application
Pool 'DefaultAppPool' because of the following error: Could not create a Disk Cache
Sub-directory for the Application Pool. The data may have additional error codes..

Error - 10/22/2010 3:27:50 PM | Computer Name = SERVERVW | Source = Report Server Windows Service (TIMEFORCE) | ID = 107
Description = Report Server Windows Service (TIMEFORCE) cannot connect to the report
server database.

Error - 10/22/2010 11:00:00 PM | Computer Name = SERVERVW | Source = ShadowProtectSvc | ID = 1121
Description = Backup status: failed Image file: \\NICK\K\F_VOL Log file: D:\Program
Files\StorageCraft\ShadowProtect\Logs\{283208F0-93CD-4DB0-8EB8-06EE283233CC}.txt
Start
time: 10/22/2010 11:00:00 PM Module: service Code: 509 Message: Cannot get access
to destination object

Error - 10/22/2010 11:00:00 PM | Computer Name = SERVERVW | Source = ShadowProtectSvc | ID = 1121
Description = Backup status: failed Image file: \\NICK\K\C_VOL Log file: D:\Program
Files\StorageCraft\ShadowProtect\Logs\{A9A9BFCE-449E-488C-B3C3-06C7018B8421}.txt
Start
time: 10/22/2010 11:00:00 PM Module: service Code: 509 Message: Cannot get access
to destination object

Error - 10/22/2010 11:00:00 PM | Computer Name = SERVERVW | Source = ShadowProtectSvc | ID = 1121
Description = Backup status: failed Image file: \\NICK\K\D_VOL Log file: D:\Program
Files\StorageCraft\ShadowProtect\Logs\{F09CB9D0-081D-4CA7-94E8-F13C1990C2CD}.txt
Start
time: 10/22/2010 11:00:00 PM Module: service Code: 509 Message: Cannot get access
to destination object

Error - 10/23/2010 3:27:53 AM | Computer Name = SERVERVW | Source = Report Server Windows Service (TIMEFORCE) | ID = 107
Description = Report Server Windows Service (TIMEFORCE) cannot connect to the report
server database.

Error - 10/23/2010 3:28:00 PM | Computer Name = SERVERVW | Source = Report Server Windows Service (TIMEFORCE) | ID = 107
Description = Report Server Windows Service (TIMEFORCE) cannot connect to the report
server database.

Error - 10/24/2010 3:28:01 AM | Computer Name = SERVERVW | Source = Report Server Windows Service (TIMEFORCE) | ID = 107
Description = Report Server Windows Service (TIMEFORCE) cannot connect to the report
server database.

Error - 10/24/2010 3:28:06 PM | Computer Name = SERVERVW | Source = Report Server Windows Service (TIMEFORCE) | ID = 107
Description = Report Server Windows Service (TIMEFORCE) cannot connect to the report
server database.

[ Directory Service Events ]
Error - 10/23/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: DC=domain,DC=local The local
domain controller has not recently received replication information from a number
of domain controllers. The count of domain controllers is shown, divided into
the following intervals. More than 24 hours: 1 More than a week: 1 More than one month:
0

More
than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime (days): 60 Domain
controllers that do not replicate in a timely manner may encounter errors. It may
miss password changes and be unable to authenticate. A DC that has not replicated
in a tombstone lifetime may have missed the deletion of some objects, and may be
automatically blocked from future replication until it is reconciled. To identify
the domain controllers by name, install the support tools included on the installation
CD and run dcdiag.exe. You can also use the support tool repadmin.exe to display
the replication latencies of the domain controllers in the forest. The command
is "repadmin /showvector /latency <partition-dn>".

Error - 10/23/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: CN=Configuration,DC=domain,DC=local



The
local domain controller has not recently received replication information from
a number of domain controllers. The count of domain controllers is shown, divided
into the following intervals. More than 24 hours: 1 More than a week: 1 More than one
month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime
(days): 60 Domain controllers that do not replicate in a timely manner may encounter
errors. It may miss password changes and be unable to authenticate. A DC that has
not replicated in a tombstone lifetime may have missed the deletion of some objects,
and may be automatically blocked from future replication until it is reconciled.



To
identify the domain controllers by name, install the support tools included on
the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe
to display the replication latencies of the domain controllers in the forest.
The command is "repadmin /showvector /latency <partition-dn>".

Error - 10/23/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: CN=Schema,CN=Configuration,DC=domain,DC=local



The
local domain controller has not recently received replication information from
a number of domain controllers. The count of domain controllers is shown, divided
into the following intervals. More than 24 hours: 1 More than a week: 1 More than one
month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime
(days): 60 Domain controllers that do not replicate in a timely manner may encounter
errors. It may miss password changes and be unable to authenticate. A DC that has
not replicated in a tombstone lifetime may have missed the deletion of some objects,
and may be automatically blocked from future replication until it is reconciled.



To
identify the domain controllers by name, install the support tools included on
the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe
to display the replication latencies of the domain controllers in the forest.
The command is "repadmin /showvector /latency <partition-dn>".

Error - 10/23/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: DC=DomainDnsZones,DC=domain,DC=local



The
local domain controller has not recently received replication information from
a number of domain controllers. The count of domain controllers is shown, divided
into the following intervals. More than 24 hours: 1 More than a week: 1 More than one
month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime
(days): 60 Domain controllers that do not replicate in a timely manner may encounter
errors. It may miss password changes and be unable to authenticate. A DC that has
not replicated in a tombstone lifetime may have missed the deletion of some objects,
and may be automatically blocked from future replication until it is reconciled.



To
identify the domain controllers by name, install the support tools included on
the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe
to display the replication latencies of the domain controllers in the forest.
The command is "repadmin /showvector /latency <partition-dn>".

Error - 10/23/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: DC=ForestDnsZones,DC=domain,DC=local



The
local domain controller has not recently received replication information from
a number of domain controllers. The count of domain controllers is shown, divided
into the following intervals. More than 24 hours: 1 More than a week: 1 More than one
month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime
(days): 60 Domain controllers that do not replicate in a timely manner may encounter
errors. It may miss password changes and be unable to authenticate. A DC that has
not replicated in a tombstone lifetime may have missed the deletion of some objects,
and may be automatically blocked from future replication until it is reconciled.



To
identify the domain controllers by name, install the support tools included on
the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe
to display the replication latencies of the domain controllers in the forest.
The command is "repadmin /showvector /latency <partition-dn>".

Error - 10/24/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: DC=domain,DC=local The local
domain controller has not recently received replication information from a number
of domain controllers. The count of domain controllers is shown, divided into
the following intervals. More than 24 hours: 1 More than a week: 1 More than one month:
0

More
than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime (days): 60 Domain
controllers that do not replicate in a timely manner may encounter errors. It may
miss password changes and be unable to authenticate. A DC that has not replicated
in a tombstone lifetime may have missed the deletion of some objects, and may be
automatically blocked from future replication until it is reconciled. To identify
the domain controllers by name, install the support tools included on the installation
CD and run dcdiag.exe. You can also use the support tool repadmin.exe to display
the replication latencies of the domain controllers in the forest. The command
is "repadmin /showvector /latency <partition-dn>".

Error - 10/24/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: CN=Configuration,DC=domain,DC=local



The
local domain controller has not recently received replication information from
a number of domain controllers. The count of domain controllers is shown, divided
into the following intervals. More than 24 hours: 1 More than a week: 1 More than one
month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime
(days): 60 Domain controllers that do not replicate in a timely manner may encounter
errors. It may miss password changes and be unable to authenticate. A DC that has
not replicated in a tombstone lifetime may have missed the deletion of some objects,
and may be automatically blocked from future replication until it is reconciled.



To
identify the domain controllers by name, install the support tools included on
the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe
to display the replication latencies of the domain controllers in the forest.
The command is "repadmin /showvector /latency <partition-dn>".

Error - 10/24/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: CN=Schema,CN=Configuration,DC=domain,DC=local



The
local domain controller has not recently received replication information from
a number of domain controllers. The count of domain controllers is shown, divided
into the following intervals. More than 24 hours: 1 More than a week: 1 More than one
month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime
(days): 60 Domain controllers that do not replicate in a timely manner may encounter
errors. It may miss password changes and be unable to authenticate. A DC that has
not replicated in a tombstone lifetime may have missed the deletion of some objects,
and may be automatically blocked from future replication until it is reconciled.



To
identify the domain controllers by name, install the support tools included on
the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe
to display the replication latencies of the domain controllers in the forest.
The command is "repadmin /showvector /latency <partition-dn>".

Error - 10/24/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: DC=DomainDnsZones,DC=domain,DC=local



The
local domain controller has not recently received replication information from
a number of domain controllers. The count of domain controllers is shown, divided
into the following intervals. More than 24 hours: 1 More than a week: 1 More than one
month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime
(days): 60 Domain controllers that do not replicate in a timely manner may encounter
errors. It may miss password changes and be unable to authenticate. A DC that has
not replicated in a tombstone lifetime may have missed the deletion of some objects,
and may be automatically blocked from future replication until it is reconciled.



To
identify the domain controllers by name, install the support tools included on
the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe
to display the replication latencies of the domain controllers in the forest.
The command is "repadmin /showvector /latency <partition-dn>".

Error - 10/24/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: DC=ForestDnsZones,DC=domain,DC=local



The
local domain controller has not recently received replication information from
a number of domain controllers. The count of domain controllers is shown, divided
into the following intervals. More than 24 hours: 1 More than a week: 1 More than one
month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime
(days): 60 Domain controllers that do not replicate in a timely manner may encounter
errors. It may miss password changes and be unable to authenticate. A DC that has
not replicated in a tombstone lifetime may have missed the deletion of some objects,
and may be automatically blocked from future replication until it is reconciled.



To
identify the domain controllers by name, install the support tools included on
the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe
to display the replication latencies of the domain controllers in the forest.
The command is "repadmin /showvector /latency <partition-dn>".

[ DNS Server Events ]
Error - 10/6/2010 11:24:05 PM | Computer Name = SERVERVW-ORIG | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone _msdcs.domain.local in the
Active Directory. This DNS server is configured to obtain and use information from
the directory for this zone and is unable to load the zone without it. Check that
the Active Directory is functioning properly and reload the zone. The event data
is the error code.

Error - 10/7/2010 1:53:53 AM | Computer Name = SERVERVW-ORIG | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone 100.168.192.in-addr.arpa in
the Active Directory. This DNS server is configured to obtain and use information
from the directory for this zone and is unable to load the zone without it. Check
that the Active Directory is functioning properly and reload the zone. The event
data is the error code.

Error - 10/7/2010 1:53:53 AM | Computer Name = SERVERVW-ORIG | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone domain.local in the Active
Directory. This DNS server is configured to obtain and use information from the directory
for this zone and is unable to load the zone without it. Check that the Active Directory
is functioning properly and reload the zone. The event data is the error code.

Error - 10/7/2010 1:53:53 AM | Computer Name = SERVERVW-ORIG | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone _msdcs.domain.local in the
Active Directory. This DNS server is configured to obtain and use information from
the directory for this zone and is unable to load the zone without it. Check that
the Active Directory is functioning properly and reload the zone. The event data
is the error code.

Error - 10/7/2010 2:11:00 AM | Computer Name = SERVERVW | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone 100.168.192.in-addr.arpa in
the Active Directory. This DNS server is configured to obtain and use information
from the directory for this zone and is unable to load the zone without it. Check
that the Active Directory is functioning properly and reload the zone. The event
data is the error code.

Error - 10/7/2010 2:11:00 AM | Computer Name = SERVERVW | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone domain.local in the Active
Directory. This DNS server is configured to obtain and use information from the directory
for this zone and is unable to load the zone without it. Check that the Active Directory
is functioning properly and reload the zone. The event data is the error code.

Error - 10/7/2010 2:11:00 AM | Computer Name = SERVERVW | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone _msdcs.domain.local in the
Active Directory. This DNS server is configured to obtain and use information from
the directory for this zone and is unable to load the zone without it. Check that
the Active Directory is functioning properly and reload the zone. The event data
is the error code.

Error - 10/6/2010 10:31:12 PM | Computer Name = SERVERVW | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone 100.168.192.in-addr.arpa in
the Active Directory. This DNS server is configured to obtain and use information
from the directory for this zone and is unable to load the zone without it. Check
that the Active Directory is functioning properly and reload the zone. The event
data is the error code.

Error - 10/6/2010 10:31:12 PM | Computer Name = SERVERVW | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone domain.local in the Active
Directory. This DNS server is configured to obtain and use information from the directory
for this zone and is unable to load the zone without it. Check that the Active Directory
is functioning properly and reload the zone. The event data is the error code.

Error - 10/6/2010 10:31:12 PM | Computer Name = SERVERVW | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone _msdcs.domain.local in the
Active Directory. This DNS server is configured to obtain and use information from
the directory for this zone and is unable to load the zone without it. Check that
the Active Directory is functioning properly and reload the zone. The event data
is the error code.

[ File Replication Service Events ]
Error - 9/14/2010 7:30:23 AM | Computer Name = SERVERVW | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path c: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a c:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 9/14/2010 7:30:23 AM | Computer Name = SERVERVW | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path C: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a C:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 9/29/2010 10:08:33 PM | Computer Name = SERVERVW | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path c: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a c:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 9/29/2010 10:08:33 PM | Computer Name = SERVERVW | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path C: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a C:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 9/30/2010 12:45:16 PM | Computer Name = SERVERVW | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path c: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a c:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 9/30/2010 12:45:16 PM | Computer Name = SERVERVW | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path C: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a C:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 10/14/2010 9:04:44 AM | Computer Name = SERVERVW | Source = NtFrs | ID = 13548
Description = The File Replication Service is unable to replicate with its partner
computer because the difference in clock times is outside the range of plus or minus
30
minutes. The connection to the partner computer is: "DOMAIN SYSTEM VOLUME (SYSVOL
SHARE)\SERVERVW\C48A399C-4630-45DE-80B6-1B57F372A98D -> DOMAIN\VIRTUALDC$ RemoteCxt"

The
detected time difference is: 245 minutes. Note: If this time difference is close
to a multiple of 60 minutes then it is likely that either this computer or its partner
computer was set to the incorrect time zone when the computer time was initially
set. Check that the time zone and the system time are correctly set on both computers.



If
necessary, the default value used to test for computer time consistency may be changed
in the registry on this computer. (Note: This is not recommended.) To change this
parameter, run regedit. Click on Start, Run and type regedit. Expand HKEY_LOCAL_MACHINE.

Click
down the key path: "System\CurrentControlSet\Services\NtFrs\Parameters" Double
click on the value name "Partner Clock Skew In Minutes" and update the value. If
the value name is not present you may add it with the New->DWORD Value function
under
the Edit Menu item. Type the value name exactly as shown above.

Error - 10/14/2010 9:14:49 AM | Computer Name = SERVERVW | Source = NtFrs | ID = 13548
Description = The File Replication Service is unable to replicate with its partner
computer because the difference in clock times is outside the range of plus or minus
30
minutes. The connection to the partner computer is: "DOMAIN SYSTEM VOLUME (SYSVOL
SHARE)\SERVERVW\C48A399C-4630-45DE-80B6-1B57F372A98D -> DOMAIN\VIRTUALDC$ RemoteCxt"

The
detected time difference is: 245 minutes. Note: If this time difference is close
to a multiple of 60 minutes then it is likely that either this computer or its partner
computer was set to the incorrect time zone when the computer time was initially
set. Check that the time zone and the system time are correctly set on both computers.



If
necessary, the default value used to test for computer time consistency may be changed
in the registry on this computer. (Note: This is not recommended.) To change this
parameter, run regedit. Click on Start, Run and type regedit. Expand HKEY_LOCAL_MACHINE.

Click
down the key path: "System\CurrentControlSet\Services\NtFrs\Parameters" Double
click on the value name "Partner Clock Skew In Minutes" and update the value. If
the value name is not present you may add it with the New->DWORD Value function
under
the Edit Menu item. Type the value name exactly as shown above.

Error - 10/14/2010 5:20:06 AM | Computer Name = SERVERVW | Source = NtFrs | ID = 13568
Description =

Error - 10/14/2010 10:59:59 AM | Computer Name = SERVERVW | Source = NtFrs | ID = 13568
Description =

[ System Events ]
Error - 10/15/2010 7:58:51 AM | Computer Name = SERVERVW | Source = Kerberos | ID = 5
Description = The kerberos client received a KRB_AP_ERR_TKT_NYV error from the server
WKS12$. This indicates that the ticket used against that server is not yet valid
(in relationship to that server time). Contact your system administrator to make
sure the client and server times are in sync, and that the KDC in realm DOMAIN.LOCAL
is in sync with the KDC in the client realm.

Error - 10/15/2010 8:50:42 AM | Computer Name = SERVERVW | Source = Kerberos | ID = 5
Description = The kerberos client received a KRB_AP_ERR_TKT_NYV error from the server
host/servervw-phys.domain.local. This indicates that the ticket used against that
server is not yet valid (in relationship to that server time). Contact your system
administrator to make sure the client and server times are in sync, and that the
KDC in realm DOMAIN.LOCAL is in sync with the KDC in the client realm.

Error - 10/15/2010 9:03:50 AM | Computer Name = SERVERVW | Source = Kerberos | ID = 5
Description = The kerberos client received a KRB_AP_ERR_TKT_NYV error from the server
WKS9$. This indicates that the ticket used against that server is not yet valid
(in relationship to that server time). Contact your system administrator to make
sure the client and server times are in sync, and that the KDC in realm DOMAIN.LOCAL
is in sync with the KDC in the client realm.

Error - 10/16/2010 8:18:00 PM | Computer Name = SERVERVW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10/17/2010 8:18:00 PM | Computer Name = SERVERVW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10/19/2010 1:23:00 AM | Computer Name = SERVERVW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10/20/2010 1:23:00 AM | Computer Name = SERVERVW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10/21/2010 7:23:00 PM | Computer Name = SERVERVW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10/23/2010 1:23:00 AM | Computer Name = SERVERVW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10/24/2010 1:23:00 AM | Computer Name = SERVERVW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}


< End of report >

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- d:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- d:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "d:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "d:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DAA9912-3FE2-4B84-B926-8D7F71A8A99A}" = Microsoft SQL Server 2005 Reporting Services (TIMEFORCE)
"{16906D21-0656-4F8B-9A01-C3D24B5401FC}" = Intel® PROSet for Wired Connections
"{201E698C-B88E-41AE-8C46-3BBACADCD6E7}" = VERITAS Backup Exec for Windows Servers
"{20608BFA-6068-48FE-A410-400F2A124C27}" = Microsoft SQL Server Management Studio Express
"{2475C7C3-1663-4BE4-8067-7A09A1928FC3}" = Windows Server 2003 Access-based Enumeration
"{29C314DE-E439-4D75-AD83-87A46B4CBCE6}" = InstrumentationService
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SUNBELT)
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{4C29ADA8-578D-461A-AAF8-2BA26BE09533}" = ShadowProtect Server
"{4D6340A0-51FC-4683-9481-9573DFBAC566}" = ClockLink For TimeForceŽ
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools
"{5D112C61-C8D0-4718-8DD7-B9115EB9AF90}" = LogMeIn
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs
"{69880C00-08DD-4385-B752-9C62656F6D1E}" = Microsoft SQL Server 2005 Backward compatibility
"{6D3055C4-4F2D-460F-9013-0B6AF576069D}" = ShadowProtect Server
"{750DFF5E-C559-11D4-A441-00B0D0436EE7}" = Broadcom Management Programs
"{76DD1D2B-C2A9-4848-9B81-CB69B26406D0}" = Remote Access Open Manage Components
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{95E0F051-3E25-40DF-98E3-D6CC86C057AE}" = Intel® LAN Adapters SNMP Agent
"{9BC51C0F-DA8E-4370-9997-899B3435A647}" = VMware vSphere Host Update Utility 4.0
"{9D544611-F437-4153-913E-91CE036583CC}" = Sunbelt Enterprise Agent
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A9D8E924-443D-4928-B095-D63C0BEB233E}" = DataEngine
"{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (TIMEFORCE)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C40698F9-A861-4531-9F8C-FA7F8961375B}" = VMware vSphere Client 4.0
"{CA3553E0-191B-4E2F-AD3C-82E33CB9D4E4}" = Microsoft Group Policy Management Console with SP1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D19797E7-161C-4EEA-8548-DFC47B0BA354}" = Qqest TimeForceŽ
"{D1E5AC9D-DA9D-4167-8130-30B59D01F52D}" = AMS
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (BKUPEXEC)
"{EA42DF80-6116-433F-B30B-8BCD2596B664}" = VIPRE Enterprise
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EFE295A9-C617-4ECE-A191-14265F5BD7ED}" = VERITAS Update
"{F07F0BCD-5C6D-4499-9F05-6ED747078A72}" = Windows Support Tools
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F653AB56-DB37-415B-8DDD-EF5BC1982150}" = SQL Anywhere Studio 9, Software
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FE2F6A2C-196E-4210-9C04-2B1BC21F07EF}" = VMware Tools
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Hypersight Rootkit Detector_is1" = Hypersight Rootkit Detector 1.0 beta
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs
"JRE 1.2.2" = Java 2 Runtime Environment Standard Edition v1.2.2
"LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Ping Plotter Freeware" = Ping Plotter Freeware
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealVNC_is1" = VNC 4.0
"Server Administrator" = Dell OpenManage
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"Trojan Remover_is1" = Trojan Remover 6.8.2
"VERITAS Backup Exec 9.0" = VERITAS Backup Exec for Windows Servers

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/22/2010 3:27:38 AM | Computer Name = SERVERVW | Source = Report Server Windows Service (TIMEFORCE) | ID = 107
Description = Report Server Windows Service (TIMEFORCE) cannot connect to the report
server database.

Error - 10/22/2010 10:59:45 AM | Computer Name = SERVERVW | Source = Active Server Pages | ID = 5
Description = Error: The Template Persistent Cache initialization failed for Application
Pool 'DefaultAppPool' because of the following error: Could not create a Disk Cache
Sub-directory for the Application Pool. The data may have additional error codes..

Error - 10/22/2010 3:27:50 PM | Computer Name = SERVERVW | Source = Report Server Windows Service (TIMEFORCE) | ID = 107
Description = Report Server Windows Service (TIMEFORCE) cannot connect to the report
server database.

Error - 10/22/2010 11:00:00 PM | Computer Name = SERVERVW | Source = ShadowProtectSvc | ID = 1121
Description = Backup status: failed Image file: \\NICK\K\F_VOL Log file: D:\Program
Files\StorageCraft\ShadowProtect\Logs\{283208F0-93CD-4DB0-8EB8-06EE283233CC}.txt
Start
time: 10/22/2010 11:00:00 PM Module: service Code: 509 Message: Cannot get access
to destination object

Error - 10/22/2010 11:00:00 PM | Computer Name = SERVERVW | Source = ShadowProtectSvc | ID = 1121
Description = Backup status: failed Image file: \\NICK\K\C_VOL Log file: D:\Program
Files\StorageCraft\ShadowProtect\Logs\{A9A9BFCE-449E-488C-B3C3-06C7018B8421}.txt
Start
time: 10/22/2010 11:00:00 PM Module: service Code: 509 Message: Cannot get access
to destination object

Error - 10/22/2010 11:00:00 PM | Computer Name = SERVERVW | Source = ShadowProtectSvc | ID = 1121
Description = Backup status: failed Image file: \\NICK\K\D_VOL Log file: D:\Program
Files\StorageCraft\ShadowProtect\Logs\{F09CB9D0-081D-4CA7-94E8-F13C1990C2CD}.txt
Start
time: 10/22/2010 11:00:00 PM Module: service Code: 509 Message: Cannot get access
to destination object

Error - 10/23/2010 3:27:53 AM | Computer Name = SERVERVW | Source = Report Server Windows Service (TIMEFORCE) | ID = 107
Description = Report Server Windows Service (TIMEFORCE) cannot connect to the report
server database.

Error - 10/23/2010 3:28:00 PM | Computer Name = SERVERVW | Source = Report Server Windows Service (TIMEFORCE) | ID = 107
Description = Report Server Windows Service (TIMEFORCE) cannot connect to the report
server database.

Error - 10/24/2010 3:28:01 AM | Computer Name = SERVERVW | Source = Report Server Windows Service (TIMEFORCE) | ID = 107
Description = Report Server Windows Service (TIMEFORCE) cannot connect to the report
server database.

Error - 10/24/2010 3:28:06 PM | Computer Name = SERVERVW | Source = Report Server Windows Service (TIMEFORCE) | ID = 107
Description = Report Server Windows Service (TIMEFORCE) cannot connect to the report
server database.

[ Directory Service Events ]
Error - 10/23/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: DC=domain,DC=local The local
domain controller has not recently received replication information from a number
of domain controllers. The count of domain controllers is shown, divided into
the following intervals. More than 24 hours: 1 More than a week: 1 More than one month:
0

More
than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime (days): 60 Domain
controllers that do not replicate in a timely manner may encounter errors. It may
miss password changes and be unable to authenticate. A DC that has not replicated
in a tombstone lifetime may have missed the deletion of some objects, and may be
automatically blocked from future replication until it is reconciled. To identify
the domain controllers by name, install the support tools included on the installation
CD and run dcdiag.exe. You can also use the support tool repadmin.exe to display
the replication latencies of the domain controllers in the forest. The command
is "repadmin /showvector /latency <partition-dn>".

Error - 10/23/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: CN=Configuration,DC=domain,DC=local



The
local domain controller has not recently received replication information from
a number of domain controllers. The count of domain controllers is shown, divided
into the following intervals. More than 24 hours: 1 More than a week: 1 More than one
month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime
(days): 60 Domain controllers that do not replicate in a timely manner may encounter
errors. It may miss password changes and be unable to authenticate. A DC that has
not replicated in a tombstone lifetime may have missed the deletion of some objects,
and may be automatically blocked from future replication until it is reconciled.



To
identify the domain controllers by name, install the support tools included on
the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe
to display the replication latencies of the domain controllers in the forest.
The command is "repadmin /showvector /latency <partition-dn>".

Error - 10/23/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: CN=Schema,CN=Configuration,DC=domain,DC=local



The
local domain controller has not recently received replication information from
a number of domain controllers. The count of domain controllers is shown, divided
into the following intervals. More than 24 hours: 1 More than a week: 1 More than one
month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime
(days): 60 Domain controllers that do not replicate in a timely manner may encounter
errors. It may miss password changes and be unable to authenticate. A DC that has
not replicated in a tombstone lifetime may have missed the deletion of some objects,
and may be automatically blocked from future replication until it is reconciled.



To
identify the domain controllers by name, install the support tools included on
the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe
to display the replication latencies of the domain controllers in the forest.
The command is "repadmin /showvector /latency <partition-dn>".

Error - 10/23/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: DC=DomainDnsZones,DC=domain,DC=local



The
local domain controller has not recently received replication information from
a number of domain controllers. The count of domain controllers is shown, divided
into the following intervals. More than 24 hours: 1 More than a week: 1 More than one
month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime
(days): 60 Domain controllers that do not replicate in a timely manner may encounter
errors. It may miss password changes and be unable to authenticate. A DC that has
not replicated in a tombstone lifetime may have missed the deletion of some objects,
and may be automatically blocked from future replication until it is reconciled.



To
identify the domain controllers by name, install the support tools included on
the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe
to display the replication latencies of the domain controllers in the forest.
The command is "repadmin /showvector /latency <partition-dn>".

Error - 10/23/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: DC=ForestDnsZones,DC=domain,DC=local



The
local domain controller has not recently received replication information from
a number of domain controllers. The count of domain controllers is shown, divided
into the following intervals. More than 24 hours: 1 More than a week: 1 More than one
month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime
(days): 60 Domain controllers that do not replicate in a timely manner may encounter
errors. It may miss password changes and be unable to authenticate. A DC that has
not replicated in a tombstone lifetime may have missed the deletion of some objects,
and may be automatically blocked from future replication until it is reconciled.



To
identify the domain controllers by name, install the support tools included on
the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe
to display the replication latencies of the domain controllers in the forest.
The command is "repadmin /showvector /latency <partition-dn>".

Error - 10/24/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: DC=domain,DC=local The local
domain controller has not recently received replication information from a number
of domain controllers. The count of domain controllers is shown, divided into
the following intervals. More than 24 hours: 1 More than a week: 1 More than one month:
0

More
than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime (days): 60 Domain
controllers that do not replicate in a timely manner may encounter errors. It may
miss password changes and be unable to authenticate. A DC that has not replicated
in a tombstone lifetime may have missed the deletion of some objects, and may be
automatically blocked from future replication until it is reconciled. To identify
the domain controllers by name, install the support tools included on the installation
CD and run dcdiag.exe. You can also use the support tool repadmin.exe to display
the replication latencies of the domain controllers in the forest. The command
is "repadmin /showvector /latency <partition-dn>".

Error - 10/24/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: CN=Configuration,DC=domain,DC=local



The
local domain controller has not recently received replication information from
a number of domain controllers. The count of domain controllers is shown, divided
into the following intervals. More than 24 hours: 1 More than a week: 1 More than one
month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime
(days): 60 Domain controllers that do not replicate in a timely manner may encounter
errors. It may miss password changes and be unable to authenticate. A DC that has
not replicated in a tombstone lifetime may have missed the deletion of some objects,
and may be automatically blocked from future replication until it is reconciled.



To
identify the domain controllers by name, install the support tools included on
the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe
to display the replication latencies of the domain controllers in the forest.
The command is "repadmin /showvector /latency <partition-dn>".

Error - 10/24/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: CN=Schema,CN=Configuration,DC=domain,DC=local



The
local domain controller has not recently received replication information from
a number of domain controllers. The count of domain controllers is shown, divided
into the following intervals. More than 24 hours: 1 More than a week: 1 More than one
month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime
(days): 60 Domain controllers that do not replicate in a timely manner may encounter
errors. It may miss password changes and be unable to authenticate. A DC that has
not replicated in a tombstone lifetime may have missed the deletion of some objects,
and may be automatically blocked from future replication until it is reconciled.



To
identify the domain controllers by name, install the support tools included on
the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe
to display the replication latencies of the domain controllers in the forest.
The command is "repadmin /showvector /latency <partition-dn>".

Error - 10/24/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: DC=DomainDnsZones,DC=domain,DC=local



The
local domain controller has not recently received replication information from
a number of domain controllers. The count of domain controllers is shown, divided
into the following intervals. More than 24 hours: 1 More than a week: 1 More than one
month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime
(days): 60 Domain controllers that do not replicate in a timely manner may encounter
errors. It may miss password changes and be unable to authenticate. A DC that has
not replicated in a tombstone lifetime may have missed the deletion of some objects,
and may be automatically blocked from future replication until it is reconciled.



To
identify the domain controllers by name, install the support tools included on
the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe
to display the replication latencies of the domain controllers in the forest.
The command is "repadmin /showvector /latency <partition-dn>".

Error - 10/24/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: DC=ForestDnsZones,DC=domain,DC=local



The
local domain controller has not recently received replication information from
a number of domain controllers. The count of domain controllers is shown, divided
into the following intervals. More than 24 hours: 1 More than a week: 1 More than one
month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime
(days): 60 Domain controllers that do not replicate in a timely manner may encounter
errors. It may miss password changes and be unable to authenticate. A DC that has
not replicated in a tombstone lifetime may have missed the deletion of some objects,
and may be automatically blocked from future replication until it is reconciled.



To
identify the domain controllers by name, install the support tools included on
the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe
to display the replication latencies of the domain controllers in the forest.
The command is "repadmin /showvector /latency <partition-dn>".

[ DNS Server Events ]
Error - 10/6/2010 11:24:05 PM | Computer Name = SERVERVW-ORIG | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone _msdcs.domain.local in the
Active Directory. This DNS server is configured to obtain and use information from
the directory for this zone and is unable to load the zone without it. Check that
the Active Directory is functioning properly and reload the zone. The event data
is the error code.

Error - 10/7/2010 1:53:53 AM | Computer Name = SERVERVW-ORIG | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone 100.168.192.in-addr.arpa in
the Active Directory. This DNS server is configured to obtain and use information
from the directory for this zone and is unable to load the zone without it. Check
that the Active Directory is functioning properly and reload the zone. The event
data is the error code.

Error - 10/7/2010 1:53:53 AM | Computer Name = SERVERVW-ORIG | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone domain.local in the Active
Directory. This DNS server is configured to obtain and use information from the directory
for this zone and is unable to load the zone without it. Check that the Active Directory
is functioning properly and reload the zone. The event data is the error code.

Error - 10/7/2010 1:53:53 AM | Computer Name = SERVERVW-ORIG | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone _msdcs.domain.local in the
Active Directory. This DNS server is configured to obtain and use information from
the directory for this zone and is unable to load the zone without it. Check that
the Active Directory is functioning properly and reload the zone. The event data
is the error code.

Error - 10/7/2010 2:11:00 AM | Computer Name = SERVERVW | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone 100.168.192.in-addr.arpa in
the Active Directory. This DNS server is configured to obtain and use information
from the directory for this zone and is unable to load the zone without it. Check
that the Active Directory is functioning properly and reload the zone. The event
data is the error code.

Error - 10/7/2010 2:11:00 AM | Computer Name = SERVERVW | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone domain.local in the Active
Directory. This DNS server is configured to obtain and use information from the directory
for this zone and is unable to load the zone without it. Check that the Active Directory
is functioning properly and reload the zone. The event data is the error code.

Error - 10/7/2010 2:11:00 AM | Computer Name = SERVERVW | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone _msdcs.domain.local in the
Active Directory. This DNS server is configured to obtain and use information from
the directory for this zone and is unable to load the zone without it. Check that
the Active Directory is functioning properly and reload the zone. The event data
is the error code.

Error - 10/6/2010 10:31:12 PM | Computer Name = SERVERVW | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone 100.168.192.in-addr.arpa in
the Active Directory. This DNS server is configured to obtain and use information
from the directory for this zone and is unable to load the zone without it. Check
that the Active Directory is functioning properly and reload the zone. The event
data is the error code.

Error - 10/6/2010 10:31:12 PM | Computer Name = SERVERVW | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone domain.local in the Active
Directory. This DNS server is configured to obtain and use information from the directory
for this zone and is unable to load the zone without it. Check that the Active Directory
is functioning properly and reload the zone. The event data is the error code.

Error - 10/6/2010 10:31:12 PM | Computer Name = SERVERVW | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone _msdcs.domain.local in the
Active Directory. This DNS server is configured to obtain and use information from
the directory for this zone and is unable to load the zone without it. Check that
the Active Directory is functioning properly and reload the zone. The event data
is the error code.

[ File Replication Service Events ]
Error - 9/14/2010 7:30:23 AM | Computer Name = SERVERVW | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path c: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a c:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 9/14/2010 7:30:23 AM | Computer Name = SERVERVW | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path C: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a C:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 9/29/2010 10:08:33 PM | Computer Name = SERVERVW | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path c: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a c:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 9/29/2010 10:08:33 PM | Computer Name = SERVERVW | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path C: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a C:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 9/30/2010 12:45:16 PM | Computer Name = SERVERVW | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path c: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a c:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 9/30/2010 12:45:16 PM | Computer Name = SERVERVW | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path C: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a C:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 10/14/2010 9:04:44 AM | Computer Name = SERVERVW | Source = NtFrs | ID = 13548
Description = The File Replication Service is unable to replicate with its partner
computer because the difference in clock times is outside the range of plus or minus
30
minutes. The connection to the partner computer is: "DOMAIN SYSTEM VOLUME (SYSVOL
SHARE)\SERVERVW\C48A399C-4630-45DE-80B6-1B57F372A98D -> DOMAIN\VIRTUALDC$ RemoteCxt"

The
detected time difference is: 245 minutes. Note: If this time difference is close
to a multiple of 60 minutes then it is likely that either this computer or its partner
computer was set to the incorrect time zone when the computer time was initially
set. Check that the time zone and the system time are correctly set on both computers.



If
necessary, the default value used to test for computer time consistency may be changed
in the registry on this computer. (Note: This is not recommended.) To change this
parameter, run regedit. Click on Start, Run and type regedit. Expand HKEY_LOCAL_MACHINE.

Click
down the key path: "System\CurrentControlSet\Services\NtFrs\Parameters" Double
click on the value name "Partner Clock Skew In Minutes" and update the value. If
the value name is not present you may add it with the New->DWORD Value function
under
the Edit Menu item. Type the value name exactly as shown above.

Error - 10/14/2010 9:14:49 AM | Computer Name = SERVERVW | Source = NtFrs | ID = 13548
Description = The File Replication Service is unable to replicate with its partner
computer because the difference in clock times is outside the range of plus or minus
30
minutes. The connection to the partner computer is: "DOMAIN SYSTEM VOLUME (SYSVOL
SHARE)\SERVERVW\C48A399C-4630-45DE-80B6-1B57F372A98D -> DOMAIN\VIRTUALDC$ RemoteCxt"

The
detected time difference is: 245 minutes. Note: If this time difference is close
to a multiple of 60 minutes then it is likely that either this computer or its partner
computer was set to the incorrect time zone when the computer time was initially
set. Check that the time zone and the system time are correctly set on both computers.



If
necessary, the default value used to test for computer time consistency may be changed
in the registry on this computer. (Note: This is not recommended.) To change this
parameter, run regedit. Click on Start, Run and type regedit. Expand HKEY_LOCAL_MACHINE.

Click
down the key path: "System\CurrentControlSet\Services\NtFrs\Parameters" Double
click on the value name "Partner Clock Skew In Minutes" and update the value. If
the value name is not present you may add it with the New->DWORD Value function
under
the Edit Menu item. Type the value name exactly as shown above.

Error - 10/14/2010 5:20:06 AM | Computer Name = SERVERVW | Source = NtFrs | ID = 13568
Description =

Error - 10/14/2010 10:59:59 AM | Computer Name = SERVERVW | Source = NtFrs | ID = 13568
Description =

[ System Events ]
Error - 10/15/2010 7:58:51 AM | Computer Name = SERVERVW | Source = Kerberos | ID = 5
Description = The kerberos client received a KRB_AP_ERR_TKT_NYV error from the server
WKS12$. This indicates that the ticket used against that server is not yet valid
(in relationship to that server time). Contact your system administrator to make
sure the client and server times are in sync, and that the KDC in realm DOMAIN.LOCAL
is in sync with the KDC in the client realm.

Error - 10/15/2010 8:50:42 AM | Computer Name = SERVERVW | Source = Kerberos | ID = 5
Description = The kerberos client received a KRB_AP_ERR_TKT_NYV error from the server
host/servervw-phys.domain.local. This indicates that the ticket used against that
server is not yet valid (in relationship to that server time). Contact your system
administrator to make sure the client and server times are in sync, and that the
KDC in realm DOMAIN.LOCAL is in sync with the KDC in the client realm.

Error - 10/15/2010 9:03:50 AM | Computer Name = SERVERVW | Source = Kerberos | ID = 5
Description = The kerberos client received a KRB_AP_ERR_TKT_NYV error from the server
WKS9$. This indicates that the ticket used against that server is not yet valid
(in relationship to that server time). Contact your system administrator to make
sure the client and server times are in sync, and that the KDC in realm DOMAIN.LOCAL
is in sync with the KDC in the client realm.

Error - 10/16/2010 8:18:00 PM | Computer Name = SERVERVW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10/17/2010 8:18:00 PM | Computer Name = SERVERVW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10/19/2010 1:23:00 AM | Computer Name = SERVERVW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10/20/2010 1:23:00 AM | Computer Name = SERVERVW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10/21/2010 7:23:00 PM | Computer Name = SERVERVW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10/23/2010 1:23:00 AM | Computer Name = SERVERVW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10/24/2010 1:23:00 AM | Computer Name = SERVERVW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}


< End of report >

#6 iGmO

iGmO
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 24 October 2010 - 05:29 PM

extras.txt

OTL Extras logfile created on: 10/24/2010 6:13:15 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 24.00% Memory free
6.00 Gb Paging File | 3.00 Gb Available in Paging File | 51.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.00 Gb Total Space | 10.26 Gb Free Space | 41.02% Space Free | Partition Type: NTFS
Drive D: | 35.00 Gb Total Space | 16.77 Gb Free Space | 47.92% Space Free | Partition Type: NTFS
Drive F: | 68.36 Gb Total Space | 32.10 Gb Free Space | 46.96% Space Free | Partition Type: NTFS
Drive H: | 68.36 Gb Total Space | 32.10 Gb Free Space | 46.96% Space Free | Partition Type: NTFS

Computer Name: SERVERVW | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- d:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- d:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "d:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "d:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DAA9912-3FE2-4B84-B926-8D7F71A8A99A}" = Microsoft SQL Server 2005 Reporting Services (TIMEFORCE)
"{16906D21-0656-4F8B-9A01-C3D24B5401FC}" = Intel® PROSet for Wired Connections
"{201E698C-B88E-41AE-8C46-3BBACADCD6E7}" = VERITAS Backup Exec for Windows Servers
"{20608BFA-6068-48FE-A410-400F2A124C27}" = Microsoft SQL Server Management Studio Express
"{2475C7C3-1663-4BE4-8067-7A09A1928FC3}" = Windows Server 2003 Access-based Enumeration
"{29C314DE-E439-4D75-AD83-87A46B4CBCE6}" = InstrumentationService
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SUNBELT)
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{4C29ADA8-578D-461A-AAF8-2BA26BE09533}" = ShadowProtect Server
"{4D6340A0-51FC-4683-9481-9573DFBAC566}" = ClockLink For TimeForceŽ
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools
"{5D112C61-C8D0-4718-8DD7-B9115EB9AF90}" = LogMeIn
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs
"{69880C00-08DD-4385-B752-9C62656F6D1E}" = Microsoft SQL Server 2005 Backward compatibility
"{6D3055C4-4F2D-460F-9013-0B6AF576069D}" = ShadowProtect Server
"{750DFF5E-C559-11D4-A441-00B0D0436EE7}" = Broadcom Management Programs
"{76DD1D2B-C2A9-4848-9B81-CB69B26406D0}" = Remote Access Open Manage Components
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{95E0F051-3E25-40DF-98E3-D6CC86C057AE}" = Intel® LAN Adapters SNMP Agent
"{9BC51C0F-DA8E-4370-9997-899B3435A647}" = VMware vSphere Host Update Utility 4.0
"{9D544611-F437-4153-913E-91CE036583CC}" = Sunbelt Enterprise Agent
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A9D8E924-443D-4928-B095-D63C0BEB233E}" = DataEngine
"{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (TIMEFORCE)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C40698F9-A861-4531-9F8C-FA7F8961375B}" = VMware vSphere Client 4.0
"{CA3553E0-191B-4E2F-AD3C-82E33CB9D4E4}" = Microsoft Group Policy Management Console with SP1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D19797E7-161C-4EEA-8548-DFC47B0BA354}" = Qqest TimeForceŽ
"{D1E5AC9D-DA9D-4167-8130-30B59D01F52D}" = AMS
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (BKUPEXEC)
"{EA42DF80-6116-433F-B30B-8BCD2596B664}" = VIPRE Enterprise
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EFE295A9-C617-4ECE-A191-14265F5BD7ED}" = VERITAS Update
"{F07F0BCD-5C6D-4499-9F05-6ED747078A72}" = Windows Support Tools
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F653AB56-DB37-415B-8DDD-EF5BC1982150}" = SQL Anywhere Studio 9, Software
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FE2F6A2C-196E-4210-9C04-2B1BC21F07EF}" = VMware Tools
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Hypersight Rootkit Detector_is1" = Hypersight Rootkit Detector 1.0 beta
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs
"JRE 1.2.2" = Java 2 Runtime Environment Standard Edition v1.2.2
"LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Ping Plotter Freeware" = Ping Plotter Freeware
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealVNC_is1" = VNC 4.0
"Server Administrator" = Dell OpenManage
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"Trojan Remover_is1" = Trojan Remover 6.8.2
"VERITAS Backup Exec 9.0" = VERITAS Backup Exec for Windows Servers

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/22/2010 3:27:38 AM | Computer Name = SERVERVW | Source = Report Server Windows Service (TIMEFORCE) | ID = 107
Description = Report Server Windows Service (TIMEFORCE) cannot connect to the report
server database.

Error - 10/22/2010 10:59:45 AM | Computer Name = SERVERVW | Source = Active Server Pages | ID = 5
Description = Error: The Template Persistent Cache initialization failed for Application
Pool 'DefaultAppPool' because of the following error: Could not create a Disk Cache
Sub-directory for the Application Pool. The data may have additional error codes..

Error - 10/22/2010 3:27:50 PM | Computer Name = SERVERVW | Source = Report Server Windows Service (TIMEFORCE) | ID = 107
Description = Report Server Windows Service (TIMEFORCE) cannot connect to the report
server database.

Error - 10/22/2010 11:00:00 PM | Computer Name = SERVERVW | Source = ShadowProtectSvc | ID = 1121
Description = Backup status: failed Image file: \\NICK\K\F_VOL Log file: D:\Program
Files\StorageCraft\ShadowProtect\Logs\{283208F0-93CD-4DB0-8EB8-06EE283233CC}.txt
Start
time: 10/22/2010 11:00:00 PM Module: service Code: 509 Message: Cannot get access
to destination object

Error - 10/22/2010 11:00:00 PM | Computer Name = SERVERVW | Source = ShadowProtectSvc | ID = 1121
Description = Backup status: failed Image file: \\NICK\K\C_VOL Log file: D:\Program
Files\StorageCraft\ShadowProtect\Logs\{A9A9BFCE-449E-488C-B3C3-06C7018B8421}.txt
Start
time: 10/22/2010 11:00:00 PM Module: service Code: 509 Message: Cannot get access
to destination object

Error - 10/22/2010 11:00:00 PM | Computer Name = SERVERVW | Source = ShadowProtectSvc | ID = 1121
Description = Backup status: failed Image file: \\NICK\K\D_VOL Log file: D:\Program
Files\StorageCraft\ShadowProtect\Logs\{F09CB9D0-081D-4CA7-94E8-F13C1990C2CD}.txt
Start
time: 10/22/2010 11:00:00 PM Module: service Code: 509 Message: Cannot get access
to destination object

Error - 10/23/2010 3:27:53 AM | Computer Name = SERVERVW | Source = Report Server Windows Service (TIMEFORCE) | ID = 107
Description = Report Server Windows Service (TIMEFORCE) cannot connect to the report
server database.

Error - 10/23/2010 3:28:00 PM | Computer Name = SERVERVW | Source = Report Server Windows Service (TIMEFORCE) | ID = 107
Description = Report Server Windows Service (TIMEFORCE) cannot connect to the report
server database.

Error - 10/24/2010 3:28:01 AM | Computer Name = SERVERVW | Source = Report Server Windows Service (TIMEFORCE) | ID = 107
Description = Report Server Windows Service (TIMEFORCE) cannot connect to the report
server database.

Error - 10/24/2010 3:28:06 PM | Computer Name = SERVERVW | Source = Report Server Windows Service (TIMEFORCE) | ID = 107
Description = Report Server Windows Service (TIMEFORCE) cannot connect to the report
server database.

[ Directory Service Events ]
Error - 10/23/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: DC=domain,DC=local The local
domain controller has not recently received replication information from a number
of domain controllers. The count of domain controllers is shown, divided into
the following intervals. More than 24 hours: 1 More than a week: 1 More than one month:
0

More
than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime (days): 60 Domain
controllers that do not replicate in a timely manner may encounter errors. It may
miss password changes and be unable to authenticate. A DC that has not replicated
in a tombstone lifetime may have missed the deletion of some objects, and may be
automatically blocked from future replication until it is reconciled. To identify
the domain controllers by name, install the support tools included on the installation
CD and run dcdiag.exe. You can also use the support tool repadmin.exe to display
the replication latencies of the domain controllers in the forest. The command
is "repadmin /showvector /latency <partition-dn>".

Error - 10/23/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: CN=Configuration,DC=domain,DC=local



The
local domain controller has not recently received replication information from
a number of domain controllers. The count of domain controllers is shown, divided
into the following intervals. More than 24 hours: 1 More than a week: 1 More than one
month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime
(days): 60 Domain controllers that do not replicate in a timely manner may encounter
errors. It may miss password changes and be unable to authenticate. A DC that has
not replicated in a tombstone lifetime may have missed the deletion of some objects,
and may be automatically blocked from future replication until it is reconciled.



To
identify the domain controllers by name, install the support tools included on
the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe
to display the replication latencies of the domain controllers in the forest.
The command is "repadmin /showvector /latency <partition-dn>".

Error - 10/23/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: CN=Schema,CN=Configuration,DC=domain,DC=local



The
local domain controller has not recently received replication information from
a number of domain controllers. The count of domain controllers is shown, divided
into the following intervals. More than 24 hours: 1 More than a week: 1 More than one
month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime
(days): 60 Domain controllers that do not replicate in a timely manner may encounter
errors. It may miss password changes and be unable to authenticate. A DC that has
not replicated in a tombstone lifetime may have missed the deletion of some objects,
and may be automatically blocked from future replication until it is reconciled.



To
identify the domain controllers by name, install the support tools included on
the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe
to display the replication latencies of the domain controllers in the forest.
The command is "repadmin /showvector /latency <partition-dn>".

Error - 10/23/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: DC=DomainDnsZones,DC=domain,DC=local



The
local domain controller has not recently received replication information from
a number of domain controllers. The count of domain controllers is shown, divided
into the following intervals. More than 24 hours: 1 More than a week: 1 More than one
month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime
(days): 60 Domain controllers that do not replicate in a timely manner may encounter
errors. It may miss password changes and be unable to authenticate. A DC that has
not replicated in a tombstone lifetime may have missed the deletion of some objects,
and may be automatically blocked from future replication until it is reconciled.



To
identify the domain controllers by name, install the support tools included on
the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe
to display the replication latencies of the domain controllers in the forest.
The command is "repadmin /showvector /latency <partition-dn>".

Error - 10/23/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: DC=ForestDnsZones,DC=domain,DC=local



The
local domain controller has not recently received replication information from
a number of domain controllers. The count of domain controllers is shown, divided
into the following intervals. More than 24 hours: 1 More than a week: 1 More than one
month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime
(days): 60 Domain controllers that do not replicate in a timely manner may encounter
errors. It may miss password changes and be unable to authenticate. A DC that has
not replicated in a tombstone lifetime may have missed the deletion of some objects,
and may be automatically blocked from future replication until it is reconciled.



To
identify the domain controllers by name, install the support tools included on
the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe
to display the replication latencies of the domain controllers in the forest.
The command is "repadmin /showvector /latency <partition-dn>".

Error - 10/24/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: DC=domain,DC=local The local
domain controller has not recently received replication information from a number
of domain controllers. The count of domain controllers is shown, divided into
the following intervals. More than 24 hours: 1 More than a week: 1 More than one month:
0

More
than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime (days): 60 Domain
controllers that do not replicate in a timely manner may encounter errors. It may
miss password changes and be unable to authenticate. A DC that has not replicated
in a tombstone lifetime may have missed the deletion of some objects, and may be
automatically blocked from future replication until it is reconciled. To identify
the domain controllers by name, install the support tools included on the installation
CD and run dcdiag.exe. You can also use the support tool repadmin.exe to display
the replication latencies of the domain controllers in the forest. The command
is "repadmin /showvector /latency <partition-dn>".

Error - 10/24/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: CN=Configuration,DC=domain,DC=local



The
local domain controller has not recently received replication information from
a number of domain controllers. The count of domain controllers is shown, divided
into the following intervals. More than 24 hours: 1 More than a week: 1 More than one
month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime
(days): 60 Domain controllers that do not replicate in a timely manner may encounter
errors. It may miss password changes and be unable to authenticate. A DC that has
not replicated in a tombstone lifetime may have missed the deletion of some objects,
and may be automatically blocked from future replication until it is reconciled.



To
identify the domain controllers by name, install the support tools included on
the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe
to display the replication latencies of the domain controllers in the forest.
The command is "repadmin /showvector /latency <partition-dn>".

Error - 10/24/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: CN=Schema,CN=Configuration,DC=domain,DC=local



The
local domain controller has not recently received replication information from
a number of domain controllers. The count of domain controllers is shown, divided
into the following intervals. More than 24 hours: 1 More than a week: 1 More than one
month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime
(days): 60 Domain controllers that do not replicate in a timely manner may encounter
errors. It may miss password changes and be unable to authenticate. A DC that has
not replicated in a tombstone lifetime may have missed the deletion of some objects,
and may be automatically blocked from future replication until it is reconciled.



To
identify the domain controllers by name, install the support tools included on
the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe
to display the replication latencies of the domain controllers in the forest.
The command is "repadmin /showvector /latency <partition-dn>".

Error - 10/24/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: DC=DomainDnsZones,DC=domain,DC=local



The
local domain controller has not recently received replication information from
a number of domain controllers. The count of domain controllers is shown, divided
into the following intervals. More than 24 hours: 1 More than a week: 1 More than one
month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime
(days): 60 Domain controllers that do not replicate in a timely manner may encounter
errors. It may miss password changes and be unable to authenticate. A DC that has
not replicated in a tombstone lifetime may have missed the deletion of some objects,
and may be automatically blocked from future replication until it is reconciled.



To
identify the domain controllers by name, install the support tools included on
the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe
to display the replication latencies of the domain controllers in the forest.
The command is "repadmin /showvector /latency <partition-dn>".

Error - 10/24/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: DC=ForestDnsZones,DC=domain,DC=local



The
local domain controller has not recently received replication information from
a number of domain controllers. The count of domain controllers is shown, divided
into the following intervals. More than 24 hours: 1 More than a week: 1 More than one
month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime
(days): 60 Domain controllers that do not replicate in a timely manner may encounter
errors. It may miss password changes and be unable to authenticate. A DC that has
not replicated in a tombstone lifetime may have missed the deletion of some objects,
and may be automatically blocked from future replication until it is reconciled.



To
identify the domain controllers by name, install the support tools included on
the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe
to display the replication latencies of the domain controllers in the forest.
The command is "repadmin /showvector /latency <partition-dn>".

[ DNS Server Events ]
Error - 10/6/2010 11:24:05 PM | Computer Name = SERVERVW-ORIG | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone _msdcs.domain.local in the
Active Directory. This DNS server is configured to obtain and use information from
the directory for this zone and is unable to load the zone without it. Check that
the Active Directory is functioning properly and reload the zone. The event data
is the error code.

Error - 10/7/2010 1:53:53 AM | Computer Name = SERVERVW-ORIG | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone 100.168.192.in-addr.arpa in
the Active Directory. This DNS server is configured to obtain and use information
from the directory for this zone and is unable to load the zone without it. Check
that the Active Directory is functioning properly and reload the zone. The event
data is the error code.

Error - 10/7/2010 1:53:53 AM | Computer Name = SERVERVW-ORIG | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone domain.local in the Active
Directory. This DNS server is configured to obtain and use information from the directory
for this zone and is unable to load the zone without it. Check that the Active Directory
is functioning properly and reload the zone. The event data is the error code.

Error - 10/7/2010 1:53:53 AM | Computer Name = SERVERVW-ORIG | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone _msdcs.domain.local in the
Active Directory. This DNS server is configured to obtain and use information from
the directory for this zone and is unable to load the zone without it. Check that
the Active Directory is functioning properly and reload the zone. The event data
is the error code.

Error - 10/7/2010 2:11:00 AM | Computer Name = SERVERVW | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone 100.168.192.in-addr.arpa in
the Active Directory. This DNS server is configured to obtain and use information
from the directory for this zone and is unable to load the zone without it. Check
that the Active Directory is functioning properly and reload the zone. The event
data is the error code.

Error - 10/7/2010 2:11:00 AM | Computer Name = SERVERVW | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone domain.local in the Active
Directory. This DNS server is configured to obtain and use information from the directory
for this zone and is unable to load the zone without it. Check that the Active Directory
is functioning properly and reload the zone. The event data is the error code.

Error - 10/7/2010 2:11:00 AM | Computer Name = SERVERVW | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone _msdcs.domain.local in the
Active Directory. This DNS server is configured to obtain and use information from
the directory for this zone and is unable to load the zone without it. Check that
the Active Directory is functioning properly and reload the zone. The event data
is the error code.

Error - 10/6/2010 10:31:12 PM | Computer Name = SERVERVW | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone 100.168.192.in-addr.arpa in
the Active Directory. This DNS server is configured to obtain and use information
from the directory for this zone and is unable to load the zone without it. Check
that the Active Directory is functioning properly and reload the zone. The event
data is the error code.

Error - 10/6/2010 10:31:12 PM | Computer Name = SERVERVW | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone domain.local in the Active
Directory. This DNS server is configured to obtain and use information from the directory
for this zone and is unable to load the zone without it. Check that the Active Directory
is functioning properly and reload the zone. The event data is the error code.

Error - 10/6/2010 10:31:12 PM | Computer Name = SERVERVW | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone _msdcs.domain.local in the
Active Directory. This DNS server is configured to obtain and use information from
the directory for this zone and is unable to load the zone without it. Check that
the Active Directory is functioning properly and reload the zone. The event data
is the error code.

[ File Replication Service Events ]
Error - 9/14/2010 7:30:23 AM | Computer Name = SERVERVW | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path c: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a c:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 9/14/2010 7:30:23 AM | Computer Name = SERVERVW | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path C: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a C:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 9/29/2010 10:08:33 PM | Computer Name = SERVERVW | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path c: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a c:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 9/29/2010 10:08:33 PM | Computer Name = SERVERVW | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path C: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a C:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 9/30/2010 12:45:16 PM | Computer Name = SERVERVW | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path c: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a c:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 9/30/2010 12:45:16 PM | Computer Name = SERVERVW | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path C: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a C:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 10/14/2010 9:04:44 AM | Computer Name = SERVERVW | Source = NtFrs | ID = 13548
Description = The File Replication Service is unable to replicate with its partner
computer because the difference in clock times is outside the range of plus or minus
30
minutes. The connection to the partner computer is: "DOMAIN SYSTEM VOLUME (SYSVOL
SHARE)\SERVERVW\C48A399C-4630-45DE-80B6-1B57F372A98D -> DOMAIN\VIRTUALDC$ RemoteCxt"

The
detected time difference is: 245 minutes. Note: If this time difference is close
to a multiple of 60 minutes then it is likely that either this computer or its partner
computer was set to the incorrect time zone when the computer time was initially
set. Check that the time zone and the system time are correctly set on both computers.



If
necessary, the default value used to test for computer time consistency may be changed
in the registry on this computer. (Note: This is not recommended.) To change this
parameter, run regedit. Click on Start, Run and type regedit. Expand HKEY_LOCAL_MACHINE.

Click
down the key path: "System\CurrentControlSet\Services\NtFrs\Parameters" Double
click on the value name "Partner Clock Skew In Minutes" and update the value. If
the value name is not present you may add it with the New->DWORD Value function
under
the Edit Menu item. Type the value name exactly as shown above.

Error - 10/14/2010 9:14:49 AM | Computer Name = SERVERVW | Source = NtFrs | ID = 13548
Description = The File Replication Service is unable to replicate with its partner
computer because the difference in clock times is outside the range of plus or minus
30
minutes. The connection to the partner computer is: "DOMAIN SYSTEM VOLUME (SYSVOL
SHARE)\SERVERVW\C48A399C-4630-45DE-80B6-1B57F372A98D -> DOMAIN\VIRTUALDC$ RemoteCxt"

The
detected time difference is: 245 minutes. Note: If this time difference is close
to a multiple of 60 minutes then it is likely that either this computer or its partner
computer was set to the incorrect time zone when the computer time was initially
set. Check that the time zone and the system time are correctly set on both computers.



If
necessary, the default value used to test for computer time consistency may be changed
in the registry on this computer. (Note: This is not recommended.) To change this
parameter, run regedit. Click on Start, Run and type regedit. Expand HKEY_LOCAL_MACHINE.

Click
down the key path: "System\CurrentControlSet\Services\NtFrs\Parameters" Double
click on the value name "Partner Clock Skew In Minutes" and update the value. If
the value name is not present you may add it with the New->DWORD Value function
under
the Edit Menu item. Type the value name exactly as shown above.

Error - 10/14/2010 5:20:06 AM | Computer Name = SERVERVW | Source = NtFrs | ID = 13568
Description =

Error - 10/14/2010 10:59:59 AM | Computer Name = SERVERVW | Source = NtFrs | ID = 13568
Description =

[ System Events ]
Error - 10/15/2010 7:58:51 AM | Computer Name = SERVERVW | Source = Kerberos | ID = 5
Description = The kerberos client received a KRB_AP_ERR_TKT_NYV error from the server
WKS12$. This indicates that the ticket used against that server is not yet valid
(in relationship to that server time). Contact your system administrator to make
sure the client and server times are in sync, and that the KDC in realm DOMAIN.LOCAL
is in sync with the KDC in the client realm.

Error - 10/15/2010 8:50:42 AM | Computer Name = SERVERVW | Source = Kerberos | ID = 5
Description = The kerberos client received a KRB_AP_ERR_TKT_NYV error from the server
host/servervw-phys.domain.local. This indicates that the ticket used against that
server is not yet valid (in relationship to that server time). Contact your system
administrator to make sure the client and server times are in sync, and that the
KDC in realm DOMAIN.LOCAL is in sync with the KDC in the client realm.

Error - 10/15/2010 9:03:50 AM | Computer Name = SERVERVW | Source = Kerberos | ID = 5
Description = The kerberos client received a KRB_AP_ERR_TKT_NYV error from the server
WKS9$. This indicates that the ticket used against that server is not yet valid
(in relationship to that server time). Contact your system administrator to make
sure the client and server times are in sync, and that the KDC in realm DOMAIN.LOCAL
is in sync with the KDC in the client realm.

Error - 10/16/2010 8:18:00 PM | Computer Name = SERVERVW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10/17/2010 8:18:00 PM | Computer Name = SERVERVW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10/19/2010 1:23:00 AM | Computer Name = SERVERVW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10/20/2010 1:23:00 AM | Computer Name = SERVERVW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10/21/2010 7:23:00 PM | Computer Name = SERVERVW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10/23/2010 1:23:00 AM | Computer Name = SERVERVW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10/24/2010 1:23:00 AM | Computer Name = SERVERVW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}


< End of report >

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- d:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- d:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "d:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "d:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DAA9912-3FE2-4B84-B926-8D7F71A8A99A}" = Microsoft SQL Server 2005 Reporting Services (TIMEFORCE)
"{16906D21-0656-4F8B-9A01-C3D24B5401FC}" = Intel® PROSet for Wired Connections
"{201E698C-B88E-41AE-8C46-3BBACADCD6E7}" = VERITAS Backup Exec for Windows Servers
"{20608BFA-6068-48FE-A410-400F2A124C27}" = Microsoft SQL Server Management Studio Express
"{2475C7C3-1663-4BE4-8067-7A09A1928FC3}" = Windows Server 2003 Access-based Enumeration
"{29C314DE-E439-4D75-AD83-87A46B4CBCE6}" = InstrumentationService
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SUNBELT)
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{4C29ADA8-578D-461A-AAF8-2BA26BE09533}" = ShadowProtect Server
"{4D6340A0-51FC-4683-9481-9573DFBAC566}" = ClockLink For TimeForceŽ
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools
"{5D112C61-C8D0-4718-8DD7-B9115EB9AF90}" = LogMeIn
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs
"{69880C00-08DD-4385-B752-9C62656F6D1E}" = Microsoft SQL Server 2005 Backward compatibility
"{6D3055C4-4F2D-460F-9013-0B6AF576069D}" = ShadowProtect Server
"{750DFF5E-C559-11D4-A441-00B0D0436EE7}" = Broadcom Management Programs
"{76DD1D2B-C2A9-4848-9B81-CB69B26406D0}" = Remote Access Open Manage Components
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{95E0F051-3E25-40DF-98E3-D6CC86C057AE}" = Intel® LAN Adapters SNMP Agent
"{9BC51C0F-DA8E-4370-9997-899B3435A647}" = VMware vSphere Host Update Utility 4.0
"{9D544611-F437-4153-913E-91CE036583CC}" = Sunbelt Enterprise Agent
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A9D8E924-443D-4928-B095-D63C0BEB233E}" = DataEngine
"{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (TIMEFORCE)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C40698F9-A861-4531-9F8C-FA7F8961375B}" = VMware vSphere Client 4.0
"{CA3553E0-191B-4E2F-AD3C-82E33CB9D4E4}" = Microsoft Group Policy Management Console with SP1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D19797E7-161C-4EEA-8548-DFC47B0BA354}" = Qqest TimeForceŽ
"{D1E5AC9D-DA9D-4167-8130-30B59D01F52D}" = AMS
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (BKUPEXEC)
"{EA42DF80-6116-433F-B30B-8BCD2596B664}" = VIPRE Enterprise
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EFE295A9-C617-4ECE-A191-14265F5BD7ED}" = VERITAS Update
"{F07F0BCD-5C6D-4499-9F05-6ED747078A72}" = Windows Support Tools
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F653AB56-DB37-415B-8DDD-EF5BC1982150}" = SQL Anywhere Studio 9, Software
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FE2F6A2C-196E-4210-9C04-2B1BC21F07EF}" = VMware Tools
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Hypersight Rootkit Detector_is1" = Hypersight Rootkit Detector 1.0 beta
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs
"JRE 1.2.2" = Java 2 Runtime Environment Standard Edition v1.2.2
"LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Ping Plotter Freeware" = Ping Plotter Freeware
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealVNC_is1" = VNC 4.0
"Server Administrator" = Dell OpenManage
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"Trojan Remover_is1" = Trojan Remover 6.8.2
"VERITAS Backup Exec 9.0" = VERITAS Backup Exec for Windows Servers

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/22/2010 3:27:38 AM | Computer Name = SERVERVW | Source = Report Server Windows Service (TIMEFORCE) | ID = 107
Description = Report Server Windows Service (TIMEFORCE) cannot connect to the report
server database.

Error - 10/22/2010 10:59:45 AM | Computer Name = SERVERVW | Source = Active Server Pages | ID = 5
Description = Error: The Template Persistent Cache initialization failed for Application
Pool 'DefaultAppPool' because of the following error: Could not create a Disk Cache
Sub-directory for the Application Pool. The data may have additional error codes..

Error - 10/22/2010 3:27:50 PM | Computer Name = SERVERVW | Source = Report Server Windows Service (TIMEFORCE) | ID = 107
Description = Report Server Windows Service (TIMEFORCE) cannot connect to the report
server database.

Error - 10/22/2010 11:00:00 PM | Computer Name = SERVERVW | Source = ShadowProtectSvc | ID = 1121
Description = Backup status: failed Image file: \\NICK\K\F_VOL Log file: D:\Program
Files\StorageCraft\ShadowProtect\Logs\{283208F0-93CD-4DB0-8EB8-06EE283233CC}.txt
Start
time: 10/22/2010 11:00:00 PM Module: service Code: 509 Message: Cannot get access
to destination object

Error - 10/22/2010 11:00:00 PM | Computer Name = SERVERVW | Source = ShadowProtectSvc | ID = 1121
Description = Backup status: failed Image file: \\NICK\K\C_VOL Log file: D:\Program
Files\StorageCraft\ShadowProtect\Logs\{A9A9BFCE-449E-488C-B3C3-06C7018B8421}.txt
Start
time: 10/22/2010 11:00:00 PM Module: service Code: 509 Message: Cannot get access
to destination object

Error - 10/22/2010 11:00:00 PM | Computer Name = SERVERVW | Source = ShadowProtectSvc | ID = 1121
Description = Backup status: failed Image file: \\NICK\K\D_VOL Log file: D:\Program
Files\StorageCraft\ShadowProtect\Logs\{F09CB9D0-081D-4CA7-94E8-F13C1990C2CD}.txt
Start
time: 10/22/2010 11:00:00 PM Module: service Code: 509 Message: Cannot get access
to destination object

Error - 10/23/2010 3:27:53 AM | Computer Name = SERVERVW | Source = Report Server Windows Service (TIMEFORCE) | ID = 107
Description = Report Server Windows Service (TIMEFORCE) cannot connect to the report
server database.

Error - 10/23/2010 3:28:00 PM | Computer Name = SERVERVW | Source = Report Server Windows Service (TIMEFORCE) | ID = 107
Description = Report Server Windows Service (TIMEFORCE) cannot connect to the report
server database.

Error - 10/24/2010 3:28:01 AM | Computer Name = SERVERVW | Source = Report Server Windows Service (TIMEFORCE) | ID = 107
Description = Report Server Windows Service (TIMEFORCE) cannot connect to the report
server database.

Error - 10/24/2010 3:28:06 PM | Computer Name = SERVERVW | Source = Report Server Windows Service (TIMEFORCE) | ID = 107
Description = Report Server Windows Service (TIMEFORCE) cannot connect to the report
server database.

[ Directory Service Events ]
Error - 10/23/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: DC=domain,DC=local The local
domain controller has not recently received replication information from a number
of domain controllers. The count of domain controllers is shown, divided into
the following intervals. More than 24 hours: 1 More than a week: 1 More than one month:
0

More
than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime (days): 60 Domain
controllers that do not replicate in a timely manner may encounter errors. It may
miss password changes and be unable to authenticate. A DC that has not replicated
in a tombstone lifetime may have missed the deletion of some objects, and may be
automatically blocked from future replication until it is reconciled. To identify
the domain controllers by name, install the support tools included on the installation
CD and run dcdiag.exe. You can also use the support tool repadmin.exe to display
the replication latencies of the domain controllers in the forest. The command
is "repadmin /showvector /latency <partition-dn>".

Error - 10/23/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: CN=Configuration,DC=domain,DC=local



The
local domain controller has not recently received replication information from
a number of domain controllers. The count of domain controllers is shown, divided
into the following intervals. More than 24 hours: 1 More than a week: 1 More than one
month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime
(days): 60 Domain controllers that do not replicate in a timely manner may encounter
errors. It may miss password changes and be unable to authenticate. A DC that has
not replicated in a tombstone lifetime may have missed the deletion of some objects,
and may be automatically blocked from future replication until it is reconciled.



To
identify the domain controllers by name, install the support tools included on
the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe
to display the replication latencies of the domain controllers in the forest.
The command is "repadmin /showvector /latency <partition-dn>".

Error - 10/23/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: CN=Schema,CN=Configuration,DC=domain,DC=local



The
local domain controller has not recently received replication information from
a number of domain controllers. The count of domain controllers is shown, divided
into the following intervals. More than 24 hours: 1 More than a week: 1 More than one
month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime
(days): 60 Domain controllers that do not replicate in a timely manner may encounter
errors. It may miss password changes and be unable to authenticate. A DC that has
not replicated in a tombstone lifetime may have missed the deletion of some objects,
and may be automatically blocked from future replication until it is reconciled.



To
identify the domain controllers by name, install the support tools included on
the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe
to display the replication latencies of the domain controllers in the forest.
The command is "repadmin /showvector /latency <partition-dn>".

Error - 10/23/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: DC=DomainDnsZones,DC=domain,DC=local



The
local domain controller has not recently received replication information from
a number of domain controllers. The count of domain controllers is shown, divided
into the following intervals. More than 24 hours: 1 More than a week: 1 More than one
month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime
(days): 60 Domain controllers that do not replicate in a timely manner may encounter
errors. It may miss password changes and be unable to authenticate. A DC that has
not replicated in a tombstone lifetime may have missed the deletion of some objects,
and may be automatically blocked from future replication until it is reconciled.



To
identify the domain controllers by name, install the support tools included on
the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe
to display the replication latencies of the domain controllers in the forest.
The command is "repadmin /showvector /latency <partition-dn>".

Error - 10/23/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: DC=ForestDnsZones,DC=domain,DC=local



The
local domain controller has not recently received replication information from
a number of domain controllers. The count of domain controllers is shown, divided
into the following intervals. More than 24 hours: 1 More than a week: 1 More than one
month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime
(days): 60 Domain controllers that do not replicate in a timely manner may encounter
errors. It may miss password changes and be unable to authenticate. A DC that has
not replicated in a tombstone lifetime may have missed the deletion of some objects,
and may be automatically blocked from future replication until it is reconciled.



To
identify the domain controllers by name, install the support tools included on
the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe
to display the replication latencies of the domain controllers in the forest.
The command is "repadmin /showvector /latency <partition-dn>".

Error - 10/24/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: DC=domain,DC=local The local
domain controller has not recently received replication information from a number
of domain controllers. The count of domain controllers is shown, divided into
the following intervals. More than 24 hours: 1 More than a week: 1 More than one month:
0

More
than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime (days): 60 Domain
controllers that do not replicate in a timely manner may encounter errors. It may
miss password changes and be unable to authenticate. A DC that has not replicated
in a tombstone lifetime may have missed the deletion of some objects, and may be
automatically blocked from future replication until it is reconciled. To identify
the domain controllers by name, install the support tools included on the installation
CD and run dcdiag.exe. You can also use the support tool repadmin.exe to display
the replication latencies of the domain controllers in the forest. The command
is "repadmin /showvector /latency <partition-dn>".

Error - 10/24/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: CN=Configuration,DC=domain,DC=local



The
local domain controller has not recently received replication information from
a number of domain controllers. The count of domain controllers is shown, divided
into the following intervals. More than 24 hours: 1 More than a week: 1 More than one
month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime
(days): 60 Domain controllers that do not replicate in a timely manner may encounter
errors. It may miss password changes and be unable to authenticate. A DC that has
not replicated in a tombstone lifetime may have missed the deletion of some objects,
and may be automatically blocked from future replication until it is reconciled.



To
identify the domain controllers by name, install the support tools included on
the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe
to display the replication latencies of the domain controllers in the forest.
The command is "repadmin /showvector /latency <partition-dn>".

Error - 10/24/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: CN=Schema,CN=Configuration,DC=domain,DC=local



The
local domain controller has not recently received replication information from
a number of domain controllers. The count of domain controllers is shown, divided
into the following intervals. More than 24 hours: 1 More than a week: 1 More than one
month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime
(days): 60 Domain controllers that do not replicate in a timely manner may encounter
errors. It may miss password changes and be unable to authenticate. A DC that has
not replicated in a tombstone lifetime may have missed the deletion of some objects,
and may be automatically blocked from future replication until it is reconciled.



To
identify the domain controllers by name, install the support tools included on
the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe
to display the replication latencies of the domain controllers in the forest.
The command is "repadmin /showvector /latency <partition-dn>".

Error - 10/24/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: DC=DomainDnsZones,DC=domain,DC=local



The
local domain controller has not recently received replication information from
a number of domain controllers. The count of domain controllers is shown, divided
into the following intervals. More than 24 hours: 1 More than a week: 1 More than one
month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime
(days): 60 Domain controllers that do not replicate in a timely manner may encounter
errors. It may miss password changes and be unable to authenticate. A DC that has
not replicated in a tombstone lifetime may have missed the deletion of some objects,
and may be automatically blocked from future replication until it is reconciled.



To
identify the domain controllers by name, install the support tools included on
the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe
to display the replication latencies of the domain controllers in the forest.
The command is "repadmin /showvector /latency <partition-dn>".

Error - 10/24/2010 8:29:54 AM | Computer Name = SERVERVW | Source = NTDS Replication | ID = 1864
Description = This is the replication status for the following directory partition
on the local domain controller. Directory partition: DC=ForestDnsZones,DC=domain,DC=local



The
local domain controller has not recently received replication information from
a number of domain controllers. The count of domain controllers is shown, divided
into the following intervals. More than 24 hours: 1 More than a week: 1 More than one
month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime
(days): 60 Domain controllers that do not replicate in a timely manner may encounter
errors. It may miss password changes and be unable to authenticate. A DC that has
not replicated in a tombstone lifetime may have missed the deletion of some objects,
and may be automatically blocked from future replication until it is reconciled.



To
identify the domain controllers by name, install the support tools included on
the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe
to display the replication latencies of the domain controllers in the forest.
The command is "repadmin /showvector /latency <partition-dn>".

[ DNS Server Events ]
Error - 10/6/2010 11:24:05 PM | Computer Name = SERVERVW-ORIG | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone _msdcs.domain.local in the
Active Directory. This DNS server is configured to obtain and use information from
the directory for this zone and is unable to load the zone without it. Check that
the Active Directory is functioning properly and reload the zone. The event data
is the error code.

Error - 10/7/2010 1:53:53 AM | Computer Name = SERVERVW-ORIG | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone 100.168.192.in-addr.arpa in
the Active Directory. This DNS server is configured to obtain and use information
from the directory for this zone and is unable to load the zone without it. Check
that the Active Directory is functioning properly and reload the zone. The event
data is the error code.

Error - 10/7/2010 1:53:53 AM | Computer Name = SERVERVW-ORIG | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone domain.local in the Active
Directory. This DNS server is configured to obtain and use information from the directory
for this zone and is unable to load the zone without it. Check that the Active Directory
is functioning properly and reload the zone. The event data is the error code.

Error - 10/7/2010 1:53:53 AM | Computer Name = SERVERVW-ORIG | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone _msdcs.domain.local in the
Active Directory. This DNS server is configured to obtain and use information from
the directory for this zone and is unable to load the zone without it. Check that
the Active Directory is functioning properly and reload the zone. The event data
is the error code.

Error - 10/7/2010 2:11:00 AM | Computer Name = SERVERVW | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone 100.168.192.in-addr.arpa in
the Active Directory. This DNS server is configured to obtain and use information
from the directory for this zone and is unable to load the zone without it. Check
that the Active Directory is functioning properly and reload the zone. The event
data is the error code.

Error - 10/7/2010 2:11:00 AM | Computer Name = SERVERVW | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone domain.local in the Active
Directory. This DNS server is configured to obtain and use information from the directory
for this zone and is unable to load the zone without it. Check that the Active Directory
is functioning properly and reload the zone. The event data is the error code.

Error - 10/7/2010 2:11:00 AM | Computer Name = SERVERVW | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone _msdcs.domain.local in the
Active Directory. This DNS server is configured to obtain and use information from
the directory for this zone and is unable to load the zone without it. Check that
the Active Directory is functioning properly and reload the zone. The event data
is the error code.

Error - 10/6/2010 10:31:12 PM | Computer Name = SERVERVW | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone 100.168.192.in-addr.arpa in
the Active Directory. This DNS server is configured to obtain and use information
from the directory for this zone and is unable to load the zone without it. Check
that the Active Directory is functioning properly and reload the zone. The event
data is the error code.

Error - 10/6/2010 10:31:12 PM | Computer Name = SERVERVW | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone domain.local in the Active
Directory. This DNS server is configured to obtain and use information from the directory
for this zone and is unable to load the zone without it. Check that the Active Directory
is functioning properly and reload the zone. The event data is the error code.

Error - 10/6/2010 10:31:12 PM | Computer Name = SERVERVW | Source = DNS | ID = 4001
Description = The DNS server was unable to open zone _msdcs.domain.local in the
Active Directory. This DNS server is configured to obtain and use information from
the directory for this zone and is unable to load the zone without it. Check that
the Active Directory is functioning properly and reload the zone. The event data
is the error code.

[ File Replication Service Events ]
Error - 9/14/2010 7:30:23 AM | Computer Name = SERVERVW | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path c: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a c:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 9/14/2010 7:30:23 AM | Computer Name = SERVERVW | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path C: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a C:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 9/29/2010 10:08:33 PM | Computer Name = SERVERVW | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path c: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a c:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 9/29/2010 10:08:33 PM | Computer Name = SERVERVW | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path C: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a C:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 9/30/2010 12:45:16 PM | Computer Name = SERVERVW | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path c: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a c:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 9/30/2010 12:45:16 PM | Computer Name = SERVERVW | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path C: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a C:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 10/14/2010 9:04:44 AM | Computer Name = SERVERVW | Source = NtFrs | ID = 13548
Description = The File Replication Service is unable to replicate with its partner
computer because the difference in clock times is outside the range of plus or minus
30
minutes. The connection to the partner computer is: "DOMAIN SYSTEM VOLUME (SYSVOL
SHARE)\SERVERVW\C48A399C-4630-45DE-80B6-1B57F372A98D -> DOMAIN\VIRTUALDC$ RemoteCxt"

The
detected time difference is: 245 minutes. Note: If this time difference is close
to a multiple of 60 minutes then it is likely that either this computer or its partner
computer was set to the incorrect time zone when the computer time was initially
set. Check that the time zone and the system time are correctly set on both computers.



If
necessary, the default value used to test for computer time consistency may be changed
in the registry on this computer. (Note: This is not recommended.) To change this
parameter, run regedit. Click on Start, Run and type regedit. Expand HKEY_LOCAL_MACHINE.

Click
down the key path: "System\CurrentControlSet\Services\NtFrs\Parameters" Double
click on the value name "Partner Clock Skew In Minutes" and update the value. If
the value name is not present you may add it with the New->DWORD Value function
under
the Edit Menu item. Type the value name exactly as shown above.

Error - 10/14/2010 9:14:49 AM | Computer Name = SERVERVW | Source = NtFrs | ID = 13548
Description = The File Replication Service is unable to replicate with its partner
computer because the difference in clock times is outside the range of plus or minus
30
minutes. The connection to the partner computer is: "DOMAIN SYSTEM VOLUME (SYSVOL
SHARE)\SERVERVW\C48A399C-4630-45DE-80B6-1B57F372A98D -> DOMAIN\VIRTUALDC$ RemoteCxt"

The
detected time difference is: 245 minutes. Note: If this time difference is close
to a multiple of 60 minutes then it is likely that either this computer or its partner
computer was set to the incorrect time zone when the computer time was initially
set. Check that the time zone and the system time are correctly set on both computers.



If
necessary, the default value used to test for computer time consistency may be changed
in the registry on this computer. (Note: This is not recommended.) To change this
parameter, run regedit. Click on Start, Run and type regedit. Expand HKEY_LOCAL_MACHINE.

Click
down the key path: "System\CurrentControlSet\Services\NtFrs\Parameters" Double
click on the value name "Partner Clock Skew In Minutes" and update the value. If
the value name is not present you may add it with the New->DWORD Value function
under
the Edit Menu item. Type the value name exactly as shown above.

Error - 10/14/2010 5:20:06 AM | Computer Name = SERVERVW | Source = NtFrs | ID = 13568
Description =

Error - 10/14/2010 10:59:59 AM | Computer Name = SERVERVW | Source = NtFrs | ID = 13568
Description =

[ System Events ]
Error - 10/15/2010 7:58:51 AM | Computer Name = SERVERVW | Source = Kerberos | ID = 5
Description = The kerberos client received a KRB_AP_ERR_TKT_NYV error from the server
WKS12$. This indicates that the ticket used against that server is not yet valid
(in relationship to that server time). Contact your system administrator to make
sure the client and server times are in sync, and that the KDC in realm DOMAIN.LOCAL
is in sync with the KDC in the client realm.

Error - 10/15/2010 8:50:42 AM | Computer Name = SERVERVW | Source = Kerberos | ID = 5
Description = The kerberos client received a KRB_AP_ERR_TKT_NYV error from the server
host/servervw-phys.domain.local. This indicates that the ticket used against that
server is not yet valid (in relationship to that server time). Contact your system
administrator to make sure the client and server times are in sync, and that the
KDC in realm DOMAIN.LOCAL is in sync with the KDC in the client realm.

Error - 10/15/2010 9:03:50 AM | Computer Name = SERVERVW | Source = Kerberos | ID = 5
Description = The kerberos client received a KRB_AP_ERR_TKT_NYV error from the server
WKS9$. This indicates that the ticket used against that server is not yet valid
(in relationship to that server time). Contact your system administrator to make
sure the client and server times are in sync, and that the KDC in realm DOMAIN.LOCAL
is in sync with the KDC in the client realm.

Error - 10/16/2010 8:18:00 PM | Computer Name = SERVERVW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10/17/2010 8:18:00 PM | Computer Name = SERVERVW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10/19/2010 1:23:00 AM | Computer Name = SERVERVW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10/20/2010 1:23:00 AM | Computer Name = SERVERVW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10/21/2010 7:23:00 PM | Computer Name = SERVERVW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10/23/2010 1:23:00 AM | Computer Name = SERVERVW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10/24/2010 1:23:00 AM | Computer Name = SERVERVW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}


< End of report >

First half of OTL.txt

OTL logfile created on: 10/24/2010 6:13:15 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 24.00% Memory free
6.00 Gb Paging File | 3.00 Gb Available in Paging File | 51.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.00 Gb Total Space | 10.26 Gb Free Space | 41.02% Space Free | Partition Type: NTFS
Drive D: | 35.00 Gb Total Space | 16.77 Gb Free Space | 47.92% Space Free | Partition Type: NTFS
Drive F: | 68.36 Gb Total Space | 32.10 Gb Free Space | 46.96% Space Free | Partition Type: NTFS
Drive H: | 68.36 Gb Total Space | 32.10 Gb Free Space | 46.96% Space Free | Partition Type: NTFS

Computer Name: SERVERVW | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Administrator\WINDOWS\LMI29.tmp\lmi_rescue.exe (LogMeIn, Inc.)
PRC - C:\Documents and Settings\Administrator\Local Settings\Temp\tmp28.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Sunbelt Software\SBEAgent\SBPIMSvc.exe (Sunbelt Software)
PRC - C:\WINDOWS\system32\vsnapvss.exe (StorageCraft Technology Corporation)
PRC - D:\program files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe (StorageCraft Technology Corporation)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe (VMware, Inc.)
PRC - C:\Program Files\VMware\VMware Tools\vmtoolsd.exe (VMware, Inc.)
PRC - C:\Program Files\VMware\VMware Tools\VMwareTray.exe (VMware, Inc.)
PRC - C:\Program Files\VMware\VMware Tools\VMwareUser.exe (VMware, Inc.)
PRC - C:\Program Files\VMware\VMware Tools\vmacthlp.exe (VMware, Inc.)
PRC - C:\Program Files\Sunbelt Software\Enterprise\EnterpriseService.exe (Sunbelt Software)
PRC - c:\Inetpub\wwwroot\qqest\Utilities\TFProcessingQueue.exe (Qqest Software Systems)
PRC - d:\program files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\system32\dns.exe (Microsoft Corporation)
PRC - c:\Inetpub\wwwroot\qqest\Utilities\TimeForcePunches.exe (Qqest Software Systems)
PRC - F:\VWPM\vwpmrapidservices.exe (Cerner Corporation)
PRC - c:\Inetpub\wwwroot\qqest\Utilities\TimeForceServices.exe (Qqest Software Systems)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ntfrs.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\dfssvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ismserv.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\lserver.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\OpenManage\oma\bin\omsad32.exe (Dell Inc.)
PRC - C:\Program Files\Dell\OpenManage\iws\bin\win32\omaws32.exe (Dell Computer Corporation)
PRC - C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe (iAnywhere Solutions, Inc.)
PRC - C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.)
PRC - C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe ()
PRC - C:\Program Files\Dell\OpenManage\dataeng\bin\dcevt32.exe (Dell Inc.)
PRC - C:\Program Files\Dell\OpenManage\dataeng\bin\dcstor32.exe (Dell Inc.)
PRC - C:\Program Files\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)
PRC - D:\program files\VERITAS\VxUpdate\VxTaskbarMgr.exe (VERITAS Software Corporation)
PRC - F:\VWPM\srvany.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Documents and Settings\Administrator\WINDOWS\LMI29.tmp\rahook.dll (LogMeIn, Inc.)
MOD - C:\Documents and Settings\Administrator\WINDOWS\LMI29.tmp\LMIRhook.000.dll (LogMeIn, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.4770_x-ww_05FDF087\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\activeds.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\credui.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\adsldpc.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\iphlpapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\mprapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\tsappcmp.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\inetmib1.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rtutils.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wsock32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\snmpapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wtsapi32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rassapi.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (zuxrufpg) -- File not found
SRV - (zdylnfm) -- File not found
SRV - (yknygtck) -- File not found
SRV - (xhehc) -- File not found
SRV - (WinHttpAutoProxySvc) -- File not found
SRV - (wbsfkgn) -- File not found
SRV - (uurefmihf) -- File not found
SRV - (hpqvl) -- File not found
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (SBAMSvc) -- C:\Program Files\Sunbelt Software\SBEAgent\SBAMSvc.exe (Sunbelt Software)
SRV - (SBPIMSvc) -- C:\Program Files\Sunbelt Software\SBEAgent\SBPIMSvc.exe (Sunbelt Software)
SRV - (VSNAPVSS) -- C:\WINDOWS\system32\vsnapvss.exe (StorageCraft Technology Corporation)
SRV - (ShadowProtectSvc) -- D:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe (StorageCraft Technology Corporation)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (VMUpgradeHelper) -- C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe (VMware, Inc.)
SRV - (VMTools) -- C:\Program Files\VMware\VMware Tools\vmtoolsd.exe (VMware, Inc.)
SRV - (VMware Physical Disk Helper Service) -- C:\Program Files\VMware\VMware Tools\vmacthlp.exe (VMware, Inc.)
SRV - (TPVCGateway) -- C:\Program Files\VMware\VMware Tools\TPVCGateway.exe (ThinPrint GmbH)
SRV - (TPAutoConnSvc) -- C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe (ThinPrint AG)
SRV - (Sunbelt Software Enterprise Service) -- C:\Program Files\Sunbelt Software\Enterprise\EnterpriseService.exe (Sunbelt Software)
SRV - (TFPunchProcessQueue) -- c:\Inetpub\wwwroot\qqest\Utilities\TFProcessingQueue.exe (Qqest Software Systems)
SRV - (DNS) -- C:\WINDOWS\system32\dns.exe (Microsoft Corporation)
SRV - (TFPunches) -- c:\Inetpub\wwwroot\qqest\Utilities\TimeForcePunches.exe (Qqest Software Systems)
SRV - (ServiceTimeForce) -- c:\Inetpub\wwwroot\qqest\Utilities\TimeForceServices.exe (Qqest Software Systems)
SRV - (ClockLink) -- C:\Program Files\Qqest Software Systems\TimeForce\ClockLink\ClockLinkService.exe (Qqest Software Systems)
SRV - (NtFrs) -- C:\WINDOWS\system32\ntfrs.exe (Microsoft Corporation)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (Dfs) -- C:\WINDOWS\system32\dfssvc.exe (Microsoft Corporation)
SRV - (LicenseService) -- C:\WINDOWS\system32\llssrv.exe (Microsoft Corporation)
SRV - (RSoPProv) -- C:\WINDOWS\system32\rsopprov.exe (Microsoft Corporation)
SRV - (TrkSvr) -- C:\WINDOWS\system32\trksvr.dll (Microsoft Corporation)
SRV - (IsmServ) -- C:\WINDOWS\system32\ismserv.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (sacsvr) -- C:\WINDOWS\system32\sacsvr.dll (Microsoft Corporation)
SRV - (Tssdis) -- C:\WINDOWS\system32\tssdis.exe (Microsoft Corporation)
SRV - (TermServLicensing) -- C:\WINDOWS\system32\lserver.exe (Microsoft Corporation)
SRV - (omsad) -- C:\Program Files\Dell\OpenManage\oma\bin\omsad32.exe (Dell Inc.)
SRV - (Server Administrator) -- C:\Program Files\Dell\OpenManage\iws\bin\win32\omaws32.exe (Dell Computer Corporation)
SRV - (ASANYs_VWPM) -- C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.)
SRV - (dcevt32) -- C:\Program Files\Dell\OpenManage\dataeng\bin\dcevt32.exe (Dell Inc.)
SRV - (dcstor32) -- C:\Program Files\Dell\OpenManage\dataeng\bin\dcstor32.exe (Dell Inc.)
SRV - (WinVNC4) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
SRV - (BackupExecRPCService) -- D:\Program Files\VERITAS\Backup Exec\NT\beserver.exe (VERITAS Software Corporation)
SRV - (BackupExecJobEngine) -- D:\Program Files\VERITAS\Backup Exec\NT\bengine.exe (VERITAS Software Corporation)
SRV - (BackupExecAgentAccelerator) -- D:\Program Files\VERITAS\Backup Exec\NT\beremote.exe (VERITAS Software Corporation)
SRV - (BackupExecAgentBrowser) -- D:\Program Files\VERITAS\Backup Exec\NT\benetns.exe (VERITAS Software Corporation)
SRV - (BackupExecNamingService) -- D:\Program Files\VERITAS\Backup Exec\NT\benser.exe (VERITAS Software Corporation)
SRV - (BackupExecDeviceMediaService) -- D:\Program Files\VERITAS\Backup Exec\NT\pvlsvr.exe (VERITAS Software Corporation)
SRV - (ECM Service) ExecView Communication Module (ECM) -- D:\program files\VERITAS\Backup Exec\NT\ECM\ECM.exe (VERITAS Software Corporation)
SRV - (Intel Alert Originator) -- C:\WINDOWS\system32\AMS_II\IAO.EXE (IntelŽ Corporation)
SRV - (Intel Alert Handler) -- C:\WINDOWS\system32\AMS_II\HNDLRSVC.EXE (IntelŽ Corporation)
SRV - (Intel File Transfer) -- C:\WINDOWS\system32\CBA\XFR.EXE (IntelŽ Corporation)
SRV - (VWPMRapidServices) -- F:\VWPM\srvany.exe ()


========== Driver Services (SafeList) ==========

DRV - (SDTHelper) -- C:\Documents and Settings\Administrator\Desktop\Radix\sdthlpr.sys File not found
DRV - (MEMSWEEP2) -- C:\WINDOWS\System32\4E.tmp File not found
DRV - (IpInIp) -- C:\WINDOWS\System32\DRIVERS\ipinip.sys File not found
DRV - (vmscsi) -- C:\WINDOWS\System32\DRIVERS\vmscsi.sys (VMware, Inc.)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (hcore32) -- C:\WINDOWS\System32\drivers\hcore32.sys ()
DRV - (SbTis) -- C:\WINDOWS\system32\drivers\sbtis.sys (Sunbelt Software, Inc.)
DRV - (stcvsm) -- C:\WINDOWS\System32\drivers\stcvsm.sys (StorageCraft Technology Corporation)
DRV - (sbmount) -- C:\WINDOWS\System32\drivers\sbmount.sys (StorageCraft Technology Corporation)
DRV - (sbapifs) -- C:\WINDOWS\system32\drivers\sbapifs.sys (Sunbelt Software)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (SAVRKBootTasks) -- C:\WINDOWS\system32\SAVRKBootTasks.sys (Sophos Plc)
DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREDrv.sys (Sunbelt Software)
DRV - (LGTO_Sync) -- C:\WINDOWS\system32\drivers\lgtosync.sys (VMware, Inc.)
DRV - (VMMEMCTL) -- C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys (VMware, Inc.)
DRV - (vmdebug) -- C:\WINDOWS\system32\drivers\vmdebug.sys (VMware, Inc.)
DRV - (vmxnet) -- C:\WINDOWS\system32\drivers\vmxnet.sys (VMware, Inc.)
DRV - (vmmouse) -- C:\WINDOWS\system32\drivers\vmmouse.sys (VMware, Inc.)
DRV - (vmx_svga) -- C:\WINDOWS\system32\drivers\vmx_svga.sys (VMware, Inc.)
DRV - (vmci) -- C:\WINDOWS\system32\drivers\vmci.sys (VMware, Inc.)
DRV - (ql2300) -- C:\WINDOWS\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (afcnt) -- C:\WINDOWS\system32\DRIVERS\afcnt.sys (Agilent Technologies)
DRV - (WLBS) -- C:\WINDOWS\system32\drivers\wlbs.sys (Microsoft Corporation)
DRV - (ql2200) -- C:\WINDOWS\system32\DRIVERS\ql2200.sys (QLogic Corporation)
DRV - (adpu320) -- C:\WINDOWS\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (ql2100) -- C:\WINDOWS\system32\DRIVERS\ql2100.sys (QLogic Corporation)
DRV - (lp6nds35) -- C:\WINDOWS\system32\DRIVERS\lp6nds35.sys (Emulex Corporation)
DRV - (cpqfcalm) -- C:\WINDOWS\system32\DRIVERS\cpqfcalm.sys (Hewlett-Packard Company)
DRV - (ClusDisk) -- C:\WINDOWS\system32\drivers\clusdisk.sys (Microsoft Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (symmpi) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (arc) -- C:\WINDOWS\System32\drivers\arc.sys (Adaptec, Inc.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (hpt3xx) -- C:\WINDOWS\system32\DRIVERS\hpt3xx.sys (HighPoint Technologies, Inc.)
DRV - (nfrd960) -- C:\WINDOWS\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (DfsDriver) -- C:\WINDOWS\system32\drivers\Dfs.sys (Microsoft Corporation)
DRV - (iirsp) -- C:\WINDOWS\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (ipsraidn) -- C:\WINDOWS\system32\DRIVERS\ipsraidn.sys (IBM Corporation)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (LSI Logic Corporation)
DRV - (dpti2o) -- C:\WINDOWS\system32\DRIVERS\dpti2o.sys (Adaptec, Inc.)
DRV - (hpcisss) -- C:\WINDOWS\System32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (dellcerc) -- C:\WINDOWS\system32\DRIVERS\dellcerc.sys (LSI Logic Corporation)
DRV - (cpqcissm) -- C:\WINDOWS\system32\DRIVERS\cpqcissm.sys (Hewlett-Packard Company)
DRV - (Cpqarray) -- C:\WINDOWS\system32\DRIVERS\cpqarray.sys (Hewlett-Packard Company)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (cpqarry2) -- C:\WINDOWS\system32\DRIVERS\cpqarry2.sys (Hewlett-Packard Company)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (PORTACCESSOR) -- C:\Program Files\Dell\OpenManage\oldiags\packages\portaccessor.sys (Dell Computer Corporation.)
DRV - (dcdipm) -- C:\WINDOWS\system32\drivers\dcdipm32.sys (Dell Inc.)
DRV - (dcdbas) -- C:\WINDOWS\system32\DRIVERS\dcdbas32.sys (Dell Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
DRV - (Blfp) -- C:\WINDOWS\system32\drivers\baspxp32.sys (Broadcom Corporation)
DRV - (4mmdat--VRTS) -- C:\WINDOWS\system32\drivers\04mmdat.sys (VERITAS Software)
DRV - (pvdatw2k) -- C:\WINDOWS\system32\drivers\pvdatw2k.sys (Seagate Removable Storage Solutions, LLC)
DRV - (amdagp8p) -- C:\WINDOWS\system32\DRIVERS\amdagp8p.sys (Advanced Micro Devices, Inc.)
DRV - (ati2mpad) -- C:\WINDOWS\system32\drivers\ati2mpad.sys (ATI Technologies Inc.)
DRV - (SCSIChanger) -- C:\WINDOWS\system32\drivers\SCSICHNG.SYS (VERITAS Software)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = res://shdoclc.dll/softAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.9

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/10/13 13:08:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: d:\Program Files\Mozilla Firefox\components [2010/10/06 04:03:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: d:\Program Files\Mozilla Firefox\plugins [2010/10/06 04:03:35 | 000,000,000 | ---D | M]

[2010/04/16 22:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/04/16 22:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/10/14 07:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\laru0dtt.default\extensions
[2010/10/14 07:01:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\laru0dtt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/14 07:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\laru0dtt.default\extensions\staged-xpis

O1 HOSTS File: ([2010/10/07 03:38:22 | 000,421,609 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14540 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [PRONoMgrWired] c:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [VMware Tools] C:\Program Files\VMware\VMware Tools\VMwareTray.exe (VMware, Inc.)
O4 - HKLM..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser.exe (VMware, Inc.)
O4 - HKLM..\Run: [VxTaskbarMgr] D:\program files\VERITAS\VxUpdate\VxTaskbarMgr.exe (VERITAS Software Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DBISQL9] C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe (iAnywhere Solutions, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] d:\program files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SybaseCentral43] C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe ()
O4 - HKCU..\RunOnce: [*LogMeInRescue_2004595380] C:\Documents and Settings\Administrator\WINDOWS\LMI29.tmp\lmi_rescue.exe (LogMeIn, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\program files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll (VMware, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1286431376281 (WUWebControl Class)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domain.local
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\windows\explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - C:\WINDOWS\System32\TPSvc.dll (ThinPrint AG)
O20 - Winlogon\Notify\VMUpgradeAtShutdown: DllName - VMUpgradeAtShutdownWXP.dll - C:\WINDOWS\System32\VMUpgradeAtShutdownWXP.dll (VMware, Inc.)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (pwdssp.dll) - C:\WINDOWS\System32\pwdssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/05 14:03:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\##nick#k\Shell - "" = AutoRun
O33 - MountPoints2\##nick#k\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##nick#k\Shell\AutoRun\command - "" = Z:\Get_Started_for_Win.exe -- File not found
O33 - MountPoints2\{e545845a-a1ec-11dd-9d98-0011435a73b6}\Shell - "" = AutoRun
O33 - MountPoints2\{e545845a-a1ec-11dd-9d98-0011435a73b6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e545845a-a1ec-11dd-9d98-0011435a73b6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/24 18:08:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/10/14 10:59:10 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SAVRKBootTasks.sys
[2010/10/14 08:01:18 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll
[2010/10/14 07:51:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/10/14 07:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/10/14 07:04:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pavark
[2010/10/14 06:49:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Hypersight
[2010/10/14 06:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\Hypersight
[2010/10/14 06:35:40 | 000,102,800 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/10/13 13:21:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/13 13:10:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/10/13 13:03:56 | 003,601,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/10/13 13:03:56 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dat
[2010/10/13 13:03:56 | 001,168,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/10/13 13:03:56 | 000,832,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/10/13 13:03:56 | 000,634,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2010/10/13 13:03:56 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2010/10/13 13:03:56 | 000,468,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010/10/13 13:03:56 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2010/10/13 13:03:56 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2010/10/13 13:03:56 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2010/10/13 13:03:56 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2010/10/13 13:03:56 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2010/10/13 13:03:56 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010/10/13 13:03:56 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/10/13 13:03:56 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2010/10/13 13:03:56 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2010/10/13 13:03:56 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2010/10/13 13:03:56 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010/10/13 13:03:56 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2010/10/13 13:03:56 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2010/10/13 13:03:56 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2010/10/13 13:03:56 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010/10/13 13:03:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2010/10/13 13:03:47 | 006,075,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/10/13 13:03:47 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2010/10/13 13:03:47 | 000,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2010/10/13 13:03:47 | 000,468,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/10/13 13:03:47 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2010/10/13 13:03:47 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/10/13 13:03:47 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2010/10/13 13:03:47 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/10/13 13:03:47 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2010/10/13 13:03:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/10/13 13:03:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2010/10/13 13:03:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2010/10/13 13:03:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2010/10/13 12:54:27 | 000,647,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2010/10/13 12:30:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Simply Super Software
[2010/10/13 12:27:50 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe
[2010/10/13 12:27:24 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2010/10/13 12:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/10/13 12:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/10/13 12:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Simply Super Software
[2010/10/13 12:22:18 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/10/07 23:19:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/10/07 23:19:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/07 23:19:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/07 23:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/07 23:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/07 20:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
[2010/10/07 20:13:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2010/10/07 03:21:02 | 000,016,432 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmx_mode.dll
[2010/10/07 03:21:01 | 000,218,288 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmx_fb.dll
[2010/10/07 03:21:01 | 000,061,872 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmci.sys
[2010/10/07 03:21:01 | 000,028,080 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmx_svga.sys
[2010/10/07 03:20:54 | 000,036,400 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\lgtosync.sys
[2010/10/07 03:20:54 | 000,030,000 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmxnet.sys
[2010/10/07 03:20:53 | 000,011,440 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmmouse.sys
[2010/10/07 03:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2010/10/07 03:01:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/10/07 02:58:57 | 000,174,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xenrx86.dll
[2010/10/07 02:58:56 | 000,506,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xenria64.dll
[2010/10/07 02:58:53 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmswmiproppage.dll
[2010/10/07 02:58:52 | 001,150,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmswizardres.dll
[2010/10/07 02:58:52 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmswizard.exe
[2010/10/07 02:58:51 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsunicastsinkproppage.dll
[2010/10/07 02:58:51 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmssrvmk.dll
[2010/10/07 02:58:51 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmssnmp.dll
[2010/10/07 02:58:50 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsservertypelib.dll
[2010/10/07 02:58:50 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsserverupgrade.exe
[2010/10/07 02:58:50 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsserverresourceres.dll
[2010/10/07 02:58:49 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsserverresource.dll
[2010/10/07 02:58:49 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsserverconfig.exe
[2010/10/07 02:58:44 | 003,166,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsserver.dll
[2010/10/07 02:58:44 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsscriptproppage.dll
[2010/10/07 02:58:43 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsplaylistres.dll
[2010/10/07 02:58:43 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmspluginres.dll
[2010/10/07 02:58:42 | 000,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsplaylist.dll
[2010/10/07 02:58:42 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsperfmon.exe
[2010/10/07 02:58:42 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsperf.dll
[2010/10/07 02:58:41 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsnetworkdatasourceproppage.dll
[2010/10/07 02:58:41 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsmulticastsinkproppage.dll
[2010/10/07 02:58:40 | 001,852,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsmonitorres.dll
[2010/10/07 02:58:40 | 000,546,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsmonitor.dll
[2010/10/07 02:58:39 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmslogproppages.dll
[2010/10/07 02:58:39 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsipaccessproppage.dll
[2010/10/07 02:58:39 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsiphlp.dll
[2010/10/07 02:58:39 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmslf.dll
[2010/10/07 02:58:38 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmshttpcontrolproppage.dll
[2010/10/07 02:58:38 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmshttpauthenproppage.dll
[2010/10/07 02:58:38 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsiislog.dll
[2010/10/07 02:58:38 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmshttpsyscfg.exe
[2010/10/07 02:58:35 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmserror.dll
[2010/10/07 02:58:35 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmseditor.exe
[2010/10/07 02:58:35 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmserver.exe
[2010/10/07 02:58:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmserr.dll
[2010/10/07 02:58:34 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsbrowse.dll
[2010/10/07 02:58:34 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdigestauthenproppage.dll
[2010/10/07 02:58:34 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsbrowseres.dll
[2010/10/07 02:58:33 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsadminres.dll
[2010/10/07 02:58:33 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsarchivesinkv1proppage.dll
[2010/10/07 02:58:33 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsanonauthenproppage.dll
[2010/10/07 02:58:33 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsaspadmin.dll
[2010/10/07 02:58:32 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsadmin.dll
[2010/10/07 02:58:32 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsaclcheckproppage.dll
[2010/10/07 02:58:32 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsactscrpt.dll
[2010/10/07 02:58:31 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmilistener.dll
[2010/10/07 02:58:30 | 000,651,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winssnap.dll
[2010/10/07 02:58:30 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2010/10/07 02:58:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmibridge.dll
[2010/10/07 02:58:29 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2010/10/07 02:58:29 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2010/10/07 02:58:29 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wins.exe
[2010/10/07 02:58:29 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsevnt.dll
[2010/10/07 02:58:29 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpop.exe
[2010/10/07 02:58:29 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsmib.dll
[2010/10/07 02:58:29 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsctrs.dll
[2010/10/07 02:58:28 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdsutil.exe
[2010/10/07 02:58:28 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2010/10/07 02:58:28 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2010/10/07 02:58:28 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2010/10/07 02:58:27 | 001,106,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdsmmc.dll
[2010/10/07 02:58:27 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdssrv.dll
[2010/10/07 02:58:27 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdspxe.dll
[2010/10/07 02:58:25 | 000,569,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdsmgmt.dll
[2010/10/07 02:58:24 | 000,349,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdsimage.dll
[2010/10/07 02:58:24 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdsigsv.dll
[2010/10/07 02:58:24 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdscsl.dll
[2010/10/07 02:58:22 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2010/10/07 02:58:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2010/10/07 02:58:20 | 000,197,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W98_unidrv.dll
[2010/10/07 02:58:20 | 000,197,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W95_unidrv.dll
[2010/10/07 02:58:20 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2010/10/07 02:58:20 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2010/10/07 02:58:19 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2010/10/07 02:58:19 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2010/10/07 02:58:19 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2010/10/07 02:58:18 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2010/10/07 02:58:17 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2010/10/07 02:58:17 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tftpd.exe
[2010/10/07 02:58:03 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmtest.exe
[2010/10/07 02:58:03 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2010/10/07 02:58:02 | 000,359,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2010/10/07 02:58:02 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2010/10/07 02:58:02 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2010/10/07 02:58:02 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2010/10/07 02:58:02 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2010/10/07 02:58:02 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2010/10/07 02:58:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snprfdll.dll
[2010/10/07 02:58:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2010/10/07 02:58:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2010/10/07 02:58:01 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2010/10/07 02:58:01 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2010/10/07 02:58:01 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2010/10/07 02:58:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpctrs.dll
[2010/10/07 02:58:01 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2010/10/07 02:58:01 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2010/10/07 02:58:00 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sis.sys
[2010/10/07 02:58:00 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smef.dll
[2010/10/07 02:58:00 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2010/10/07 02:57:59 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seva.dll
[2010/10/07 02:57:59 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setupcl.exe
[2010/10/07 02:57:59 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seos.dll
[2010/10/07 02:57:59 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_strap.exe
[2010/10/07 02:57:58 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwiisext.dll
[2010/10/07 02:57:58 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwengb.dll
[2010/10/07 02:57:58 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwcmd.exe
[2010/10/07 02:57:58 | 000,056,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrdx86.dll
[2010/10/07 02:57:58 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwhlp.dll
[2010/10/07 02:57:58 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwauditext.dll
[2010/10/07 02:57:58 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwsddlanalysis.dll
[2010/10/07 02:57:58 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwviewer.exe
[2010/10/07 02:57:58 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scss.exe
[2010/10/07 02:57:58 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scshost.exe
[2010/10/07 02:57:57 | 000,147,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrdia64.dll
[2010/10/07 02:57:57 | 000,067,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrdw2k.dll
[2010/10/07 02:57:57 | 000,056,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrdenrl.dll
[2010/10/07 02:57:57 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rqs.exe
[2010/10/07 02:57:57 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2010/10/07 02:57:57 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rqsinst.dll
[2010/10/07 02:57:56 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\riprep.exe
[2010/10/07 02:57:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\risetup.exe
[2010/10/07 02:57:56 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regtrace.exe
[2010/10/07 02:57:55 | 000,299,008 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\rbfg.exe
[2010/10/07 02:57:55 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2010/10/07 02:57:54 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3snap.dll
[2010/10/07 02:57:54 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2010/10/07 02:57:54 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3auth.dll
[2010/10/07 02:57:54 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3svc.exe
[2010/10/07 02:57:54 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3msg.dll
[2010/10/07 02:57:54 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3perf.dll
[2010/10/07 02:57:54 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3evt.dll
[2010/10/07 02:57:51 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2010/10/07 02:57:51 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\playlisttransformproppage.dll
[2010/10/07 02:57:33 | 000,535,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2010/10/07 02:57:26 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2010/10/07 02:57:25 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oschoice.exe
[2010/10/07 02:57:25 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\p3admin.dll
[2010/10/07 02:57:25 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2010/10/07 02:57:25 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\owsrmadm.exe
[2010/10/07 02:57:25 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\p3store.dll
[2010/10/07 02:57:25 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\owsadm.exe
[2010/10/07 02:57:25 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2010/10/07 02:57:25 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2010/10/07 02:57:25 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2010/10/07 02:57:25 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2010/10/07 02:57:23 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntfsdrv.dll
[2010/10/07 02:57:22 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nntpsvc.dll
[2010/10/07 02:57:22 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nntpfs.dll
[2010/10/07 02:57:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nntpctrs.dll
[2010/10/07 02:57:22 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsneterr.dll
[2010/10/07 02:57:21 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2010/10/07 02:57:21 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\namespace.dll
[2010/10/07 02:57:20 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_msvcp60.dll
[2010/10/07 02:57:20 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2010/10/07 02:57:20 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\muisetup.exe
[2010/10/07 02:57:18 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2010/10/07 02:57:18 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2010/10/07 02:57:17 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll
[2010/10/07 02:57:14 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2010/10/07 02:57:11 | 000,118,784 | ---- | C] ( ) -- C:\WINDOWS\System32\dllcache\microsoft.windowsmediaservices.dll
[2010/10/07 02:57:11 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mailmsg.dll
[2010/10/07 02:57:10 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2010/10/07 02:57:10 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2010/10/07 02:57:10 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2010/10/07 02:57:07 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2010/10/07 02:57:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2010/10/07 02:57:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2010/10/07 02:57:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2010/10/07 02:57:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2010/10/07 02:57:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2010/10/07 02:57:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2010/10/07 02:57:06 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2010/10/07 02:57:06 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2010/10/07 02:57:06 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2010/10/07 02:57:06 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2010/10/07 02:57:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2010/10/07 02:57:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2010/10/07 02:57:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2010/10/07 02:57:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2010/10/07 02:57:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2010/10/07 02:57:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2010/10/07 02:57:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2010/10/07 02:57:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2010/10/07 02:57:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2010/10/07 02:57:05 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2010/10/07 02:57:04 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2010/10/07 02:57:04 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isrpc.dll
[2010/10/07 02:56:58 | 001,499,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_instmsiw.exe
[2010/10/07 02:56:58 | 001,489,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_instmsia.exe
[2010/10/07 02:56:58 | 000,069,632 | ---- | C] ( ) -- C:\WINDOWS\System32\dllcache\interop_msxml.dll
[2010/10/07 02:56:57 | 000,394,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2010/10/07 02:56:57 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2010/10/07 02:56:57 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2010/10/07 02:56:57 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2010/10/07 02:56:48 | 009,206,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpzp.dic
[2010/10/07 02:56:48 | 000,854,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjptk.dic
[2010/10/07 02:56:48 | 000,234,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2010/10/07 02:56:48 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2010/10/07 02:56:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2010/10/07 02:56:27 | 014,694,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpst.dic
[2010/10/07 02:56:27 | 000,137,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpsb.dic
[2010/10/07 02:56:27 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2010/10/07 02:56:15 | 010,660,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpnm.dic
[2010/10/07 02:56:15 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2010/10/07 02:56:14 | 000,993,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpln.dic
[2010/10/07 02:56:14 | 000,815,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpgn.grm
[2010/10/07 02:56:14 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/10/07 02:56:13 | 000,695,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2010/10/07 02:56:13 | 000,647,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2010/10/07 02:56:13 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2010/10/07 02:56:13 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2010/10/07 02:56:13 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcd.dic
[2010/10/07 02:56:13 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2010/10/07 02:56:13 | 000,055,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpch.dic
[2010/10/07 02:56:13 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2010/10/07 02:56:13 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2010/10/07 02:56:12 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2010/10/07 02:56:12 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2010/10/07 02:56:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2010/10/07 02:56:11 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2010/10/07 02:56:11 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2010/10/07 02:56:11 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2010/10/07 02:56:11 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2010/10/07 02:55:56 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2010/10/07 02:55:38 | 011,091,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/10/07 02:55:25 | 010,100,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2010/10/07 02:55:24 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\grovel.exe
[2010/10/07 02:55:24 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2010/10/07 02:55:24 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2010/10/07 02:55:24 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\grovmsg.dll
[2010/10/07 02:55:23 | 000,405,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsxp32.dll
[2010/10/07 02:55:23 | 000,398,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2010/10/07 02:55:23 | 000,398,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsxp32.dll
[2010/10/07 02:55:22 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2010/10/07 02:55:22 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxstiff.dll
[2010/10/07 02:55:22 | 000,387,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxstiff.dll
[2010/10/07 02:55:22 | 000,269,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2010/10/07 02:55:22 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2010/10/07 02:55:22 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2010/10/07 02:55:22 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsui.dll
[2010/10/07 02:55:22 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2010/10/07 02:55:22 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxswzrd.dll
[2010/10/07 02:55:22 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxswzrd.dll
[2010/10/07 02:55:22 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30p.dll
[2010/10/07 02:55:21 | 000,737,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2010/10/07 02:55:21 | 000,561,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2010/10/07 02:55:21 | 000,102,400 | ---- | C] (Installshield Software Corporation ) -- C:\WINDOWS\System32\dllcache\FXS_setup.exe
[2010/10/07 02:55:21 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2010/10/07 02:55:21 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsrtmtd.dll
[2010/10/07 02:55:21 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2010/10/07 02:55:21 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxssend.exe
[2010/10/07 02:55:21 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxssend.exe
[2010/10/07 02:55:20 | 000,737,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsres.dll
[2010/10/07 02:55:20 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2010/10/07 02:55:20 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsdrv32.dll
[2010/10/07 02:55:20 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsext32.dll
[2010/10/07 02:55:20 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2010/10/07 02:55:20 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2010/10/07 02:55:20 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsext32.dll
[2010/10/07 02:55:20 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2010/10/07 02:55:20 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\NT4_fxsdrv4.dll
[2010/10/07 02:55:20 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2010/10/07 02:55:19 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2010/10/07 02:55:19 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2010/10/07 02:55:19 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxscover.exe
[2010/10/07 02:55:19 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxscover.exe
[2010/10/07 02:55:19 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2010/10/07 02:55:18 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2010/10/07 02:55:18 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsclnt.exe
[2010/10/07 02:55:18 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsclnt.exe
[2010/10/07 02:55:18 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsclntr.dll
[2010/10/07 02:55:18 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2010/10/07 02:55:18 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsclntr.dll
[2010/10/07 02:55:18 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2010/10/07 02:55:17 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsapi.dll
[2010/10/07 02:55:17 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2010/10/07 02:55:17 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsapi.dll
[2010/10/07 02:55:17 | 000,466,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\NT4_fxsapi.dll
[2010/10/07 02:55:17 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsadmin.dll
[2010/10/07 02:55:17 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsvc2.dll
[2010/10/07 02:55:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2010/10/07 02:55:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2010/10/07 02:55:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2010/10/07 02:55:16 | 000,027,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2010/10/07 02:55:15 | 001,383,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp5awel.dll
[2010/10/07 02:55:15 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp5avss.dll
[2010/10/07 02:55:14 | 000,944,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp5autl.dll
[2010/10/07 02:55:14 | 000,142,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp5amsft.dll
[2010/10/07 02:55:13 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2010/10/07 02:55:13 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2010/10/07 02:55:13 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fcachdll.dll
[2010/10/07 02:55:13 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2010/10/07 02:55:13 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2010/10/07 02:55:10 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddrop.dll
[2010/10/07 02:55:09 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2010/10/07 02:55:08 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\complianceextensions.dll
[2010/10/07 02:55:08 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2010/10/07 02:55:07 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2010/10/07 02:55:07 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cleanri.exe
[2010/10/07 02:55:06 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2010/10/07 02:55:05 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2010/10/07 02:55:05 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2010/10/07 02:55:05 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2010/10/07 02:55:04 | 000,841,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2010/10/07 02:55:03 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2010/10/07 02:55:03 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2010/10/07 02:55:02 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certsrv.exe
[2010/10/07 02:55:02 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certdb.dll
[2010/10/07 02:55:02 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certenc.dll
[2010/10/07 02:55:02 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2010/10/07 02:55:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2010/10/07 02:55:00 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsmgr.dll
[2010/10/07 02:55:00 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitssrv.dll
[2010/10/07 02:54:58 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asfarchiver.dll
[2010/10/07 02:54:57 | 000,501,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2010/10/07 02:54:57 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqadmin.dll
[2010/10/07 02:54:57 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2010/10/07 02:54:56 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2010/10/07 02:54:56 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2010/10/07 02:54:56 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2010/10/07 02:54:56 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2010/10/07 02:54:56 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2010/10/07 02:54:56 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiisex.dll
[2010/10/07 02:54:55 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2010/10/07 02:54:53 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2010/10/07 02:54:51 | 000,254,005 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_msvcrt.dll
[2010/10/07 02:54:49 | 001,163,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_mfc42u.dll
[2010/10/07 02:54:37 | 001,160,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_mfc42.dll
[2010/10/07 02:54:33 | 000,400,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2010/10/07 02:54:33 | 000,199,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2010/10/07 02:54:32 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2010/10/07 02:54:32 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2010/10/07 02:54:32 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2010/10/07 02:54:32 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2010/10/07 02:54:32 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2010/10/07 02:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/10/07 02:46:33 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\battc.sys
[2010/10/07 02:45:44 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010/10/07 02:45:44 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010/10/07 02:27:52 | 000,421,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/10/07 02:27:27 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kerberos.dll
[2010/10/07 02:27:27 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdigest.dll
[2010/10/07 02:27:27 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\secur32.dll
[2010/10/07 02:23:23 | 002,488,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/10/07 02:23:23 | 002,340,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/10/07 02:23:23 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sc.exe
[2010/10/07 02:23:22 | 002,449,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/10/07 02:23:22 | 002,300,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/10/07 02:22:26 | 000,583,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010/10/07 02:19:15 | 002,854,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msi.dll
[2010/10/07 02:19:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/10/07 02:03:24 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2010/10/07 02:03:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/10/07 00:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/10/07 00:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn
[2010/10/06 23:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/10/06 22:41:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSVOL
[2010/10/06 22:41:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\NTDS
[2010/10/06 22:24:05 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2010/10/06 22:24:05 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2010/10/06 18:21:51 | 000,011,026 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmscsi.sys
[2010/10/06 18:21:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\$Reconfig$
[2010/10/06 03:31:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\VAMT2
[2010/10/06 01:35:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\vmware-converter-install-pgtvcuszkzkrokyd
[2010/10/05 23:30:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\vmware-converter-install-bkajscfpvizwydvg
[2010/10/05 21:27:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\vmware-converter-install-mczqxfzlwfxdqqkv
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/24 18:08:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/10/24 18:07:52 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RKUnhookerLE.EXE
[2010/10/24 17:23:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3018655958-1258357186-3169496164-500UA.job
[2010/10/24 07:03:19 | 000,000,600 | ---- | M] () -- C:\WINDOWS\PUTTY.RND
[2010/10/24 01:23:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3018655958-1258357186-3169496164-500Core.job
[2010/10/23 22:30:00 | 000,000,218 | ---- | M] () -- C:\WINDOWS\tasks\backupscript.job
[2010/10/21 19:23:47 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2010/10/21 19:23:47 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/18 01:18:04 | 000,065,536 | ---- | M] () -- C:\WINDOWS\NETLOGON.CHG
[2010/10/15 07:43:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/15 07:35:01 | 000,845,018 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/15 07:35:01 | 000,199,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/15 03:25:19 | 000,000,923 | ---- | M] () -- C:\WINDOWS\TimeForce.ini
[2010/10/15 03:24:39 | 000,000,183 | ---- | M] () -- C:\WINDOWS\ClockLinkService.ini
[2010/10/15 03:24:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/14 08:02:36 | 000,003,470 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/14 06:52:43 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/10/14 06:35:40 | 000,102,800 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/10/14 05:20:00 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/14 05:04:39 | 000,008,680 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/10/14 04:58:20 | 000,262,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/13 12:28:48 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/13 12:28:26 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe
[2010/10/13 12:27:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2010/10/07 03:38:22 | 000,421,609 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/07 03:20:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/10/07 02:59:28 | 000,000,316 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/10/07 02:54:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/10/07 02:54:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/10/07 02:54:12 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/10/07 02:54:07 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/10/07 02:54:07 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/10/07 02:54:05 | 000,004,272 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/07 02:53:25 | 000,001,411 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Security Configuration Wizard.lnk
[2010/10/07 02:51:36 | 000,022,756 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/10/07 02:50:21 | 000,000,208 | -HS- | M] () -- C:\boot.ini
[2010/10/07 02:49:23 | 000,002,492 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/10/07 02:25:18 | 000,003,672 | ---- | M] () -- C:\WINDOWS\ominstal.db
[2010/10/07 00:23:12 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/10/06 23:00:04 | 000,001,914 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VIPRE Enterprise.lnk
[2010/10/06 22:37:12 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\Administrator\.scUserPreferences43
[2010/10/06 18:21:51 | 000,011,026 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmscsi.sys
[2010/10/05 14:39:32 | 000,001,194 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
[2010/10/05 12:45:42 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll.000.bak
[2010/10/05 12:45:42 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll.000.bak
[2010/10/01 08:58:32 | 000,004,096 | -HS- | M] () -- C:\VSM000.IDX
[2010/09/27 14:50:44 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2010/09/27 14:49:18 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2010/09/27 14:49:18 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/24 18:09:04 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RKUnhookerLE.EXE
[2010/10/14 06:49:30 | 000,177,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\hcore32.sys
[2010/10/13 12:28:48 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/13 12:27:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2010/10/13 12:27:24 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/10/13 12:27:24 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/10/13 12:27:24 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/10/13 12:27:24 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/10/07 20:16:20 | 000,002,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2010/10/07 20:16:20 | 000,002,322 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/07 20:13:57 | 000,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3018655958-1258357186-3169496164-500UA.job
[2010/10/07 20:13:57 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3018655958-1258357186-3169496164-500Core.job
[2010/10/07 03:21:01 | 002,275,888 | R--- | C] () -- C:\WINDOWS\System32\vmwogl32.dll
[2010/10/07 03:18:41 | 000,001,374 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2010/10/07 02:58:18 | 001,413,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgs.imd
[2010/10/07 02:58:18 | 000,455,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgl.imd
[2010/10/07 02:58:18 | 000,171,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgc.imd
[2010/10/07 02:57:57 | 000,006,331 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rsess.vbs
[2010/10/07 02:57:56 | 000,026,417 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rfeed.vbs
[2010/10/07 02:57:56 | 000,012,400 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rgroup.vbs
[2010/10/07 02:57:56 | 000,011,781 | ---- | C] () -- C:\WINDOWS\System32\dllcache\regfilt.vbs
[2010/10/07 02:57:56 | 000,010,571 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rexpire.vbs
[2010/10/07 02:57:55 | 000,003,912 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rcancel.vbs
[2010/10/07 02:57:34 | 010,011,497 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgs.imd
[2010/10/07 02:57:34 | 000,733,292 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgr.imd
[2010/10/07 02:57:33 | 000,208,744 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgl.imd
[2010/10/07 02:57:31 | 001,004,904 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgix.imd
[2010/10/07 02:57:30 | 000,948,656 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgi.imd
[2010/10/07 02:57:28 | 000,867,242 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgdx.imd
[2010/10/07 02:57:26 | 000,825,038 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgd.imd
[2010/10/07 02:57:26 | 000,487,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsk.dic
[2010/10/07 02:57:26 | 000,188,140 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgc.imd
[2010/10/07 02:57:26 | 000,174,803 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsd.dic
[2010/10/07 02:57:25 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/10/07 02:57:08 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/10/07 02:56:57 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/10/07 02:56:11 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/10/07 02:55:24 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/10/07 02:55:16 | 000,100,936 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/10/07 02:55:07 | 000,409,168 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgu.imd
[2010/10/07 02:55:07 | 000,102,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlguc.imd
[2010/10/07 02:55:07 | 000,102,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgsi.imd
[2010/10/07 02:55:07 | 000,001,849 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IIS_clusftp.vbs
[2010/10/07 02:55:06 | 000,427,138 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgie.imd
[2010/10/07 02:55:06 | 000,279,894 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgd.imd
[2010/10/07 02:55:06 | 000,024,080 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgl.imd
[2010/10/07 02:55:06 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgs.imd
[2010/10/07 02:55:05 | 000,543,708 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgb.imd
[2010/10/07 02:55:05 | 000,462,929 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskdic.dic
[2010/10/07 02:55:05 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/10/07 02:54:15 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/10/07 02:54:15 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/10/07 02:49:23 | 000,002,492 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2010/10/07 02:45:36 | 000,314,515 | ---- | C] () -- C:\WINDOWS\System32\dllcache\WMSocm.CAT
[2010/10/07 02:45:36 | 000,112,975 | ---- | C] () -- C:\WINDOWS\System32\dllcache\UDDI.CAT
[2010/10/07 02:45:36 | 000,082,025 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sasetup.CAT
[2010/10/07 02:45:36 | 000,071,199 | ---- | C] () -- C:\WINDOWS\System32\dllcache\adminpak.CAT
[2010/10/07 02:45:36 | 000,067,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP5.CAT
[2010/10/07 02:45:36 | 000,066,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NETFX.CAT
[2010/10/07 02:45:36 | 000,064,351 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/10/07 02:45:36 | 000,030,616 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SCW.CAT
[2010/10/07 02:45:36 | 000,023,518 | ---- | C] () -- C:\WINDOWS\System32\dllcache\admt.cat
[2010/10/07 02:45:36 | 000,022,310 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FXSCAT.CAT
[2010/10/07 02:45:36 | 000,015,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\INS.CAT
[2010/10/07 02:45:36 | 000,014,610 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/10/07 02:45:36 | 000,010,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/10/07 02:45:36 | 000,008,571 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/10/07 02:45:36 | 000,007,379 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/10/07 02:45:35 | 001,994,359 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/10/07 02:45:35 | 001,402,437 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/10/07 02:45:35 | 000,682,720 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/10/01 08:58:32 | 000,004,096 | -HS- | C] () -- C:\VSM000.IDX
[2010/03/31 09:54:31 | 001,622,022 | R--- | C] () -- C:\WINDOWS\schema.ini
[2009/10/26 10:36:52 | 000,000,183 | ---- | C] () -- C:\WINDOWS\ClockLinkService.ini
[2009/10/26 10:36:20 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2008/10/27 15:08:18 | 000,000,923 | ---- | C] () -- C:\WINDOWS\TimeForce.ini
[2008/10/24 12:15:52 | 000,163,032 | RHS- | C] () -- C:\WINDOWS\System32\dwfajl.dll
[2008/10/24 10:55:13 | 000,050,666 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/10/24 10:55:13 | 000,010,793 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/10/24 10:35:25 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/04/26 00:57:33 | 000,011,597 | ---- | C] () -- C:\WINDOWS\System32\dnsperf.ini
[2007/02/18 08:00:00 | 000,179,577 | ---- | C] () -- C:\WINDOWS\System32\schema.ini
[2007/02/18 08:00:00 | 000,024,819 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini
[2007/02/18 08:00:00 | 000,020,386 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini
[2007/02/18 08:00:00 | 000,011,817 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini
[2007/02/18 08:00:00 | 000,011,030 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini
[2007/02/18 08:00:00 | 000,005,597 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini
[2004/12/02 20:13:19 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2004/11/24 15:13:01 | 000,000,079 | ---- | C] () -- C:\WINDOWS\System32\drivers\dcesmwdm.sys
[2004/11/24 13:57:17 | 000,002,360 | ---- | C] () -- C:\WINDOWS\System32\dhcpctrs.ini
[2004/11/24 13:36:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\itgcond.dll
[2004/11/24 13:36:18 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\itg_refs.dll
[2004/11/24 13:36:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\itg_sched.dll
[2004/11/24 13:36:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\itg_night.dll
[2004/11/24 13:33:18 | 000,000,280 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/04 00:21:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/11/03 23:58:16 | 000,000,499 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/01/05 13:56:22 | 000,004,272 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/02/03 10:26:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2001/07/31 10:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

========== LOP Check ==========

[2010/03/29 13:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ntr
[2010/04/17 02:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Overlook
[2010/10/13 12:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Simply Super Software
[2010/10/07 00:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/04/17 02:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Overlook
[2010/10/13 12:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/10/22 23:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/16 22:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/10/23 22:30:00 | 000,000,218 | ---- | M] () -- C:\WINDOWS\Tasks\backupscript.job
[2010/10/24 12:23:00 | 000,032,604 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9291F0D
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >
SRV - (zuxrufpg) -- File not found
SRV - (zdylnfm) -- File not found
SRV - (yknygtck) -- File not found
SRV - (xhehc) -- File not found
SRV - (WinHttpAutoProxySvc) -- File not found
SRV - (wbsfkgn) -- File not found
SRV - (uurefmihf) -- File not found
SRV - (hpqvl) -- File not found
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (SBAMSvc) -- C:\Program Files\Sunbelt Software\SBEAgent\SBAMSvc.exe (Sunbelt Software)
SRV - (SBPIMSvc) -- C:\Program Files\Sunbelt Software\SBEAgent\SBPIMSvc.exe (Sunbelt Software)
SRV - (VSNAPVSS) -- C:\WINDOWS\system32\vsnapvss.exe (StorageCraft Technology Corporation)
SRV - (ShadowProtectSvc) -- D:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe (StorageCraft Technology Corporation)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (VMUpgradeHelper) -- C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe (VMware, Inc.)
SRV - (VMTools) -- C:\Program Files\VMware\VMware Tools\vmtoolsd.exe (VMware, Inc.)
SRV - (VMware Physical Disk Helper Service) -- C:\Program Files\VMware\VMware Tools\vmacthlp.exe (VMware, Inc.)
SRV - (TPVCGateway) -- C:\Program Files\VMware\VMware Tools\TPVCGateway.exe (ThinPrint GmbH)
SRV - (TPAutoConnSvc) -- C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe (ThinPrint AG)
SRV - (Sunbelt Software Enterprise Service) -- C:\Program Files\Sunbelt Software\Enterprise\EnterpriseService.exe (Sunbelt Software)
SRV - (TFPunchProcessQueue) -- c:\Inetpub\wwwroot\qqest\Utilities\TFProcessingQueue.exe (Qqest Software Systems)
SRV - (DNS) -- C:\WINDOWS\system32\dns.exe (Microsoft Corporation)
SRV - (TFPunches) -- c:\Inetpub\wwwroot\qqest\Utilities\TimeForcePunches.exe (Qqest Software Systems)
SRV - (ServiceTimeForce) -- c:\Inetpub\wwwroot\qqest\Utilities\TimeForceServices.exe (Qqest Software Systems)
SRV - (ClockLink) -- C:\Program Files\Qqest Software Systems\TimeForce\ClockLink\ClockLinkService.exe (Qqest Software Systems)
SRV - (NtFrs) -- C:\WINDOWS\system32\ntfrs.exe (Microsoft Corporation)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (Dfs) -- C:\WINDOWS\system32\dfssvc.exe (Microsoft Corporation)
SRV - (LicenseService) -- C:\WINDOWS\system32\llssrv.exe (Microsoft Corporation)
SRV - (RSoPProv) -- C:\WINDOWS\system32\rsopprov.exe (Microsoft Corporation)
SRV - (TrkSvr) -- C:\WINDOWS\system32\trksvr.dll (Microsoft Corporation)
SRV - (IsmServ) -- C:\WINDOWS\system32\ismserv.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (sacsvr) -- C:\WINDOWS\system32\sacsvr.dll (Microsoft Corporation)
SRV - (Tssdis) -- C:\WINDOWS\system32\tssdis.exe (Microsoft Corporation)
SRV - (TermServLicensing) -- C:\WINDOWS\system32\lserver.exe (Microsoft Corporation)
SRV - (omsad) -- C:\Program Files\Dell\OpenManage\oma\bin\omsad32.exe (Dell Inc.)
SRV - (Server Administrator) -- C:\Program Files\Dell\OpenManage\iws\bin\win32\omaws32.exe (Dell Computer Corporation)
SRV - (ASANYs_VWPM) -- C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.)
SRV - (dcevt32) -- C:\Program Files\Dell\OpenManage\dataeng\bin\dcevt32.exe (Dell Inc.)
SRV - (dcstor32) -- C:\Program Files\Dell\OpenManage\dataeng\bin\dcstor32.exe (Dell Inc.)
SRV - (WinVNC4) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
SRV - (BackupExecRPCService) -- D:\Program Files\VERITAS\Backup Exec\NT\beserver.exe (VERITAS Software Corporation)
SRV - (BackupExecJobEngine) -- D:\Program Files\VERITAS\Backup Exec\NT\bengine.exe (VERITAS Software Corporation)
SRV - (BackupExecAgentAccelerator) -- D:\Program Files\VERITAS\Backup Exec\NT\beremote.exe (VERITAS Software Corporation)
SRV - (BackupExecAgentBrowser) -- D:\Program Files\VERITAS\Backup Exec\NT\benetns.exe (VERITAS Software Corporation)
SRV - (BackupExecNamingService) -- D:\Program Files\VERITAS\Backup Exec\NT\benser.exe (VERITAS Software Corporation)
SRV - (BackupExecDeviceMediaService) -- D:\Program Files\VERITAS\Backup Exec\NT\pvlsvr.exe (VERITAS Software Corporation)
SRV - (ECM Service) ExecView Communication Module (ECM) -- D:\program files\VERITAS\Backup Exec\NT\ECM\ECM.exe (VERITAS Software Corporation)
SRV - (Intel Alert Originator) -- C:\WINDOWS\system32\AMS_II\IAO.EXE (IntelŽ Corporation)
SRV - (Intel Alert Handler) -- C:\WINDOWS\system32\AMS_II\HNDLRSVC.EXE (IntelŽ Corporation)
SRV - (Intel File Transfer) -- C:\WINDOWS\system32\CBA\XFR.EXE (IntelŽ Corporation)
SRV - (VWPMRapidServices) -- F:\VWPM\srvany.exe ()


========== Driver Services (SafeList) ==========

DRV - (SDTHelper) -- C:\Documents and Settings\Administrator\Desktop\Radix\sdthlpr.sys File not found
DRV - (MEMSWEEP2) -- C:\WINDOWS\System32\4E.tmp File not found
DRV - (IpInIp) -- C:\WINDOWS\System32\DRIVERS\ipinip.sys File not found
DRV - (vmscsi) -- C:\WINDOWS\System32\DRIVERS\vmscsi.sys (VMware, Inc.)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (hcore32) -- C:\WINDOWS\System32\drivers\hcore32.sys ()
DRV - (SbTis) -- C:\WINDOWS\system32\drivers\sbtis.sys (Sunbelt Software, Inc.)
DRV - (stcvsm) -- C:\WINDOWS\System32\drivers\stcvsm.sys (StorageCraft Technology Corporation)
DRV - (sbmount) -- C:\WINDOWS\System32\drivers\sbmount.sys (StorageCraft Technology Corporation)
DRV - (sbapifs) -- C:\WINDOWS\system32\drivers\sbapifs.sys (Sunbelt Software)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (SAVRKBootTasks) -- C:\WINDOWS\system32\SAVRKBootTasks.sys (Sophos Plc)
DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREDrv.sys (Sunbelt Software)
DRV - (LGTO_Sync) -- C:\WINDOWS\system32\drivers\lgtosync.sys (VMware, Inc.)
DRV - (VMMEMCTL) -- C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys (VMware, Inc.)
DRV - (vmdebug) -- C:\WINDOWS\system32\drivers\vmdebug.sys (VMware, Inc.)
DRV - (vmxnet) -- C:\WINDOWS\system32\drivers\vmxnet.sys (VMware, Inc.)
DRV - (vmmouse) -- C:\WINDOWS\system32\drivers\vmmouse.sys (VMware, Inc.)
DRV - (vmx_svga) -- C:\WINDOWS\system32\drivers\vmx_svga.sys (VMware, Inc.)
DRV - (vmci) -- C:\WINDOWS\system32\drivers\vmci.sys (VMware, Inc.)
DRV - (ql2300) -- C:\WINDOWS\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (afcnt) -- C:\WINDOWS\system32\DRIVERS\afcnt.sys (Agilent Technologies)
DRV - (WLBS) -- C:\WINDOWS\system32\drivers\wlbs.sys (Microsoft Corporation)
DRV - (ql2200) -- C:\WINDOWS\system32\DRIVERS\ql2200.sys (QLogic Corporation)
DRV - (adpu320) -- C:\WINDOWS\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (ql2100) -- C:\WINDOWS\system32\DRIVERS\ql2100.sys (QLogic Corporation)
DRV - (lp6nds35) -- C:\WINDOWS\system32\DRIVERS\lp6nds35.sys (Emulex Corporation)
DRV - (cpqfcalm) -- C:\WINDOWS\system32\DRIVERS\cpqfcalm.sys (Hewlett-Packard Company)
DRV - (ClusDisk) -- C:\WINDOWS\system32\drivers\clusdisk.sys (Microsoft Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (symmpi) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (arc) -- C:\WINDOWS\System32\drivers\arc.sys (Adaptec, Inc.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (hpt3xx) -- C:\WINDOWS\system32\DRIVERS\hpt3xx.sys (HighPoint Technologies, Inc.)
DRV - (nfrd960) -- C:\WINDOWS\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (DfsDriver) -- C:\WINDOWS\system32\drivers\Dfs.sys (Microsoft Corporation)
DRV - (iirsp) -- C:\WINDOWS\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (ipsraidn) -- C:\WINDOWS\system32\DRIVERS\ipsraidn.sys (IBM Corporation)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (LSI Logic Corporation)
DRV - (dpti2o) -- C:\WINDOWS\system32\DRIVERS\dpti2o.sys (Adaptec, Inc.)
DRV - (hpcisss) -- C:\WINDOWS\System32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (dellcerc) -- C:\WINDOWS\system32\DRIVERS\dellcerc.sys (LSI Logic Corporation)
DRV - (cpqcissm) -- C:\WINDOWS\system32\DRIVERS\cpqcissm.sys (Hewlett-Packard Company)
DRV - (Cpqarray) -- C:\WINDOWS\system32\DRIVERS\cpqarray.sys (Hewlett-Packard Company)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (cpqarry2) -- C:\WINDOWS\system32\DRIVERS\cpqarry2.sys (Hewlett-Packard Company)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (PORTACCESSOR) -- C:\Program Files\Dell\OpenManage\oldiags\packages\portaccessor.sys (Dell Computer Corporation.)
DRV - (dcdipm) -- C:\WINDOWS\system32\drivers\dcdipm32.sys (Dell Inc.)
DRV - (dcdbas) -- C:\WINDOWS\system32\DRIVERS\dcdbas32.sys (Dell Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
DRV - (Blfp) -- C:\WINDOWS\system32\drivers\baspxp32.sys (Broadcom Corporation)
DRV - (4mmdat--VRTS) -- C:\WINDOWS\system32\drivers\04mmdat.sys (VERITAS Software)
DRV - (pvdatw2k) -- C:\WINDOWS\system32\drivers\pvdatw2k.sys (Seagate Removable Storage Solutions, LLC)
DRV - (amdagp8p) -- C:\WINDOWS\system32\DRIVERS\amdagp8p.sys (Advanced Micro Devices, Inc.)
DRV - (ati2mpad) -- C:\WINDOWS\system32\drivers\ati2mpad.sys (ATI Technologies Inc.)
DRV - (SCSIChanger) -- C:\WINDOWS\system32\drivers\SCSICHNG.SYS (VERITAS Software)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = res://shdoclc.dll/softAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

#7 iGmO

iGmO
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 24 October 2010 - 05:34 PM

First half of OTL.txt

OTL logfile created on: 10/24/2010 6:13:15 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 24.00% Memory free
6.00 Gb Paging File | 3.00 Gb Available in Paging File | 51.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.00 Gb Total Space | 10.26 Gb Free Space | 41.02% Space Free | Partition Type: NTFS
Drive D: | 35.00 Gb Total Space | 16.77 Gb Free Space | 47.92% Space Free | Partition Type: NTFS
Drive F: | 68.36 Gb Total Space | 32.10 Gb Free Space | 46.96% Space Free | Partition Type: NTFS
Drive H: | 68.36 Gb Total Space | 32.10 Gb Free Space | 46.96% Space Free | Partition Type: NTFS

Computer Name: SERVERVW | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Administrator\WINDOWS\LMI29.tmp\lmi_rescue.exe (LogMeIn, Inc.)
PRC - C:\Documents and Settings\Administrator\Local Settings\Temp\tmp28.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Sunbelt Software\SBEAgent\SBPIMSvc.exe (Sunbelt Software)
PRC - C:\WINDOWS\system32\vsnapvss.exe (StorageCraft Technology Corporation)
PRC - D:\program files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe (StorageCraft Technology Corporation)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe (VMware, Inc.)
PRC - C:\Program Files\VMware\VMware Tools\vmtoolsd.exe (VMware, Inc.)
PRC - C:\Program Files\VMware\VMware Tools\VMwareTray.exe (VMware, Inc.)
PRC - C:\Program Files\VMware\VMware Tools\VMwareUser.exe (VMware, Inc.)
PRC - C:\Program Files\VMware\VMware Tools\vmacthlp.exe (VMware, Inc.)
PRC - C:\Program Files\Sunbelt Software\Enterprise\EnterpriseService.exe (Sunbelt Software)
PRC - c:\Inetpub\wwwroot\qqest\Utilities\TFProcessingQueue.exe (Qqest Software Systems)
PRC - d:\program files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\system32\dns.exe (Microsoft Corporation)
PRC - c:\Inetpub\wwwroot\qqest\Utilities\TimeForcePunches.exe (Qqest Software Systems)
PRC - F:\VWPM\vwpmrapidservices.exe (Cerner Corporation)
PRC - c:\Inetpub\wwwroot\qqest\Utilities\TimeForceServices.exe (Qqest Software Systems)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ntfrs.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\dfssvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ismserv.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\lserver.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\OpenManage\oma\bin\omsad32.exe (Dell Inc.)
PRC - C:\Program Files\Dell\OpenManage\iws\bin\win32\omaws32.exe (Dell Computer Corporation)
PRC - C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe (iAnywhere Solutions, Inc.)
PRC - C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.)
PRC - C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe ()
PRC - C:\Program Files\Dell\OpenManage\dataeng\bin\dcevt32.exe (Dell Inc.)
PRC - C:\Program Files\Dell\OpenManage\dataeng\bin\dcstor32.exe (Dell Inc.)
PRC - C:\Program Files\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)
PRC - D:\program files\VERITAS\VxUpdate\VxTaskbarMgr.exe (VERITAS Software Corporation)
PRC - F:\VWPM\srvany.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Documents and Settings\Administrator\WINDOWS\LMI29.tmp\rahook.dll (LogMeIn, Inc.)
MOD - C:\Documents and Settings\Administrator\WINDOWS\LMI29.tmp\LMIRhook.000.dll (LogMeIn, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.4770_x-ww_05FDF087\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\activeds.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\credui.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\adsldpc.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\iphlpapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\mprapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\tsappcmp.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\inetmib1.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rtutils.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wsock32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\snmpapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wtsapi32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rassapi.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (zuxrufpg) -- File not found
SRV - (zdylnfm) -- File not found
SRV - (yknygtck) -- File not found
SRV - (xhehc) -- File not found
SRV - (WinHttpAutoProxySvc) -- File not found
SRV - (wbsfkgn) -- File not found
SRV - (uurefmihf) -- File not found
SRV - (hpqvl) -- File not found
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (SBAMSvc) -- C:\Program Files\Sunbelt Software\SBEAgent\SBAMSvc.exe (Sunbelt Software)
SRV - (SBPIMSvc) -- C:\Program Files\Sunbelt Software\SBEAgent\SBPIMSvc.exe (Sunbelt Software)
SRV - (VSNAPVSS) -- C:\WINDOWS\system32\vsnapvss.exe (StorageCraft Technology Corporation)
SRV - (ShadowProtectSvc) -- D:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe (StorageCraft Technology Corporation)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (VMUpgradeHelper) -- C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe (VMware, Inc.)
SRV - (VMTools) -- C:\Program Files\VMware\VMware Tools\vmtoolsd.exe (VMware, Inc.)
SRV - (VMware Physical Disk Helper Service) -- C:\Program Files\VMware\VMware Tools\vmacthlp.exe (VMware, Inc.)
SRV - (TPVCGateway) -- C:\Program Files\VMware\VMware Tools\TPVCGateway.exe (ThinPrint GmbH)
SRV - (TPAutoConnSvc) -- C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe (ThinPrint AG)
SRV - (Sunbelt Software Enterprise Service) -- C:\Program Files\Sunbelt Software\Enterprise\EnterpriseService.exe (Sunbelt Software)
SRV - (TFPunchProcessQueue) -- c:\Inetpub\wwwroot\qqest\Utilities\TFProcessingQueue.exe (Qqest Software Systems)
SRV - (DNS) -- C:\WINDOWS\system32\dns.exe (Microsoft Corporation)
SRV - (TFPunches) -- c:\Inetpub\wwwroot\qqest\Utilities\TimeForcePunches.exe (Qqest Software Systems)
SRV - (ServiceTimeForce) -- c:\Inetpub\wwwroot\qqest\Utilities\TimeForceServices.exe (Qqest Software Systems)
SRV - (ClockLink) -- C:\Program Files\Qqest Software Systems\TimeForce\ClockLink\ClockLinkService.exe (Qqest Software Systems)
SRV - (NtFrs) -- C:\WINDOWS\system32\ntfrs.exe (Microsoft Corporation)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (Dfs) -- C:\WINDOWS\system32\dfssvc.exe (Microsoft Corporation)
SRV - (LicenseService) -- C:\WINDOWS\system32\llssrv.exe (Microsoft Corporation)
SRV - (RSoPProv) -- C:\WINDOWS\system32\rsopprov.exe (Microsoft Corporation)
SRV - (TrkSvr) -- C:\WINDOWS\system32\trksvr.dll (Microsoft Corporation)
SRV - (IsmServ) -- C:\WINDOWS\system32\ismserv.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (sacsvr) -- C:\WINDOWS\system32\sacsvr.dll (Microsoft Corporation)
SRV - (Tssdis) -- C:\WINDOWS\system32\tssdis.exe (Microsoft Corporation)
SRV - (TermServLicensing) -- C:\WINDOWS\system32\lserver.exe (Microsoft Corporation)
SRV - (omsad) -- C:\Program Files\Dell\OpenManage\oma\bin\omsad32.exe (Dell Inc.)
SRV - (Server Administrator) -- C:\Program Files\Dell\OpenManage\iws\bin\win32\omaws32.exe (Dell Computer Corporation)
SRV - (ASANYs_VWPM) -- C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.)
SRV - (dcevt32) -- C:\Program Files\Dell\OpenManage\dataeng\bin\dcevt32.exe (Dell Inc.)
SRV - (dcstor32) -- C:\Program Files\Dell\OpenManage\dataeng\bin\dcstor32.exe (Dell Inc.)
SRV - (WinVNC4) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
SRV - (BackupExecRPCService) -- D:\Program Files\VERITAS\Backup Exec\NT\beserver.exe (VERITAS Software Corporation)
SRV - (BackupExecJobEngine) -- D:\Program Files\VERITAS\Backup Exec\NT\bengine.exe (VERITAS Software Corporation)
SRV - (BackupExecAgentAccelerator) -- D:\Program Files\VERITAS\Backup Exec\NT\beremote.exe (VERITAS Software Corporation)
SRV - (BackupExecAgentBrowser) -- D:\Program Files\VERITAS\Backup Exec\NT\benetns.exe (VERITAS Software Corporation)
SRV - (BackupExecNamingService) -- D:\Program Files\VERITAS\Backup Exec\NT\benser.exe (VERITAS Software Corporation)
SRV - (BackupExecDeviceMediaService) -- D:\Program Files\VERITAS\Backup Exec\NT\pvlsvr.exe (VERITAS Software Corporation)
SRV - (ECM Service) ExecView Communication Module (ECM) -- D:\program files\VERITAS\Backup Exec\NT\ECM\ECM.exe (VERITAS Software Corporation)
SRV - (Intel Alert Originator) -- C:\WINDOWS\system32\AMS_II\IAO.EXE (IntelŽ Corporation)
SRV - (Intel Alert Handler) -- C:\WINDOWS\system32\AMS_II\HNDLRSVC.EXE (IntelŽ Corporation)
SRV - (Intel File Transfer) -- C:\WINDOWS\system32\CBA\XFR.EXE (IntelŽ Corporation)
SRV - (VWPMRapidServices) -- F:\VWPM\srvany.exe ()


========== Driver Services (SafeList) ==========

DRV - (SDTHelper) -- C:\Documents and Settings\Administrator\Desktop\Radix\sdthlpr.sys File not found
DRV - (MEMSWEEP2) -- C:\WINDOWS\System32\4E.tmp File not found
DRV - (IpInIp) -- C:\WINDOWS\System32\DRIVERS\ipinip.sys File not found
DRV - (vmscsi) -- C:\WINDOWS\System32\DRIVERS\vmscsi.sys (VMware, Inc.)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (hcore32) -- C:\WINDOWS\System32\drivers\hcore32.sys ()
DRV - (SbTis) -- C:\WINDOWS\system32\drivers\sbtis.sys (Sunbelt Software, Inc.)
DRV - (stcvsm) -- C:\WINDOWS\System32\drivers\stcvsm.sys (StorageCraft Technology Corporation)
DRV - (sbmount) -- C:\WINDOWS\System32\drivers\sbmount.sys (StorageCraft Technology Corporation)
DRV - (sbapifs) -- C:\WINDOWS\system32\drivers\sbapifs.sys (Sunbelt Software)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (SAVRKBootTasks) -- C:\WINDOWS\system32\SAVRKBootTasks.sys (Sophos Plc)
DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREDrv.sys (Sunbelt Software)
DRV - (LGTO_Sync) -- C:\WINDOWS\system32\drivers\lgtosync.sys (VMware, Inc.)
DRV - (VMMEMCTL) -- C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys (VMware, Inc.)
DRV - (vmdebug) -- C:\WINDOWS\system32\drivers\vmdebug.sys (VMware, Inc.)
DRV - (vmxnet) -- C:\WINDOWS\system32\drivers\vmxnet.sys (VMware, Inc.)
DRV - (vmmouse) -- C:\WINDOWS\system32\drivers\vmmouse.sys (VMware, Inc.)
DRV - (vmx_svga) -- C:\WINDOWS\system32\drivers\vmx_svga.sys (VMware, Inc.)
DRV - (vmci) -- C:\WINDOWS\system32\drivers\vmci.sys (VMware, Inc.)
DRV - (ql2300) -- C:\WINDOWS\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (afcnt) -- C:\WINDOWS\system32\DRIVERS\afcnt.sys (Agilent Technologies)
DRV - (WLBS) -- C:\WINDOWS\system32\drivers\wlbs.sys (Microsoft Corporation)
DRV - (ql2200) -- C:\WINDOWS\system32\DRIVERS\ql2200.sys (QLogic Corporation)
DRV - (adpu320) -- C:\WINDOWS\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (ql2100) -- C:\WINDOWS\system32\DRIVERS\ql2100.sys (QLogic Corporation)
DRV - (lp6nds35) -- C:\WINDOWS\system32\DRIVERS\lp6nds35.sys (Emulex Corporation)
DRV - (cpqfcalm) -- C:\WINDOWS\system32\DRIVERS\cpqfcalm.sys (Hewlett-Packard Company)
DRV - (ClusDisk) -- C:\WINDOWS\system32\drivers\clusdisk.sys (Microsoft Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (symmpi) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (arc) -- C:\WINDOWS\System32\drivers\arc.sys (Adaptec, Inc.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (hpt3xx) -- C:\WINDOWS\system32\DRIVERS\hpt3xx.sys (HighPoint Technologies, Inc.)
DRV - (nfrd960) -- C:\WINDOWS\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (DfsDriver) -- C:\WINDOWS\system32\drivers\Dfs.sys (Microsoft Corporation)
DRV - (iirsp) -- C:\WINDOWS\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (ipsraidn) -- C:\WINDOWS\system32\DRIVERS\ipsraidn.sys (IBM Corporation)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (LSI Logic Corporation)
DRV - (dpti2o) -- C:\WINDOWS\system32\DRIVERS\dpti2o.sys (Adaptec, Inc.)
DRV - (hpcisss) -- C:\WINDOWS\System32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (dellcerc) -- C:\WINDOWS\system32\DRIVERS\dellcerc.sys (LSI Logic Corporation)
DRV - (cpqcissm) -- C:\WINDOWS\system32\DRIVERS\cpqcissm.sys (Hewlett-Packard Company)
DRV - (Cpqarray) -- C:\WINDOWS\system32\DRIVERS\cpqarray.sys (Hewlett-Packard Company)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (cpqarry2) -- C:\WINDOWS\system32\DRIVERS\cpqarry2.sys (Hewlett-Packard Company)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (PORTACCESSOR) -- C:\Program Files\Dell\OpenManage\oldiags\packages\portaccessor.sys (Dell Computer Corporation.)
DRV - (dcdipm) -- C:\WINDOWS\system32\drivers\dcdipm32.sys (Dell Inc.)
DRV - (dcdbas) -- C:\WINDOWS\system32\DRIVERS\dcdbas32.sys (Dell Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
DRV - (Blfp) -- C:\WINDOWS\system32\drivers\baspxp32.sys (Broadcom Corporation)
DRV - (4mmdat--VRTS) -- C:\WINDOWS\system32\drivers\04mmdat.sys (VERITAS Software)
DRV - (pvdatw2k) -- C:\WINDOWS\system32\drivers\pvdatw2k.sys (Seagate Removable Storage Solutions, LLC)
DRV - (amdagp8p) -- C:\WINDOWS\system32\DRIVERS\amdagp8p.sys (Advanced Micro Devices, Inc.)
DRV - (ati2mpad) -- C:\WINDOWS\system32\drivers\ati2mpad.sys (ATI Technologies Inc.)
DRV - (SCSIChanger) -- C:\WINDOWS\system32\drivers\SCSICHNG.SYS (VERITAS Software)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = res://shdoclc.dll/softAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.9

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/10/13 13:08:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: d:\Program Files\Mozilla Firefox\components [2010/10/06 04:03:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: d:\Program Files\Mozilla Firefox\plugins [2010/10/06 04:03:35 | 000,000,000 | ---D | M]

[2010/04/16 22:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/04/16 22:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/10/14 07:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\laru0dtt.default\extensions
[2010/10/14 07:01:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\laru0dtt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/14 07:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\laru0dtt.default\extensions\staged-xpis

O1 HOSTS File: ([2010/10/07 03:38:22 | 000,421,609 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14540 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [PRONoMgrWired] c:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [VMware Tools] C:\Program Files\VMware\VMware Tools\VMwareTray.exe (VMware, Inc.)
O4 - HKLM..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser.exe (VMware, Inc.)
O4 - HKLM..\Run: [VxTaskbarMgr] D:\program files\VERITAS\VxUpdate\VxTaskbarMgr.exe (VERITAS Software Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DBISQL9] C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe (iAnywhere Solutions, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] d:\program files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SybaseCentral43] C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe ()
O4 - HKCU..\RunOnce: [*LogMeInRescue_2004595380] C:\Documents and Settings\Administrator\WINDOWS\LMI29.tmp\lmi_rescue.exe (LogMeIn, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\program files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll (VMware, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1286431376281 (WUWebControl Class)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domain.local
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\windows\explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - C:\WINDOWS\System32\TPSvc.dll (ThinPrint AG)
O20 - Winlogon\Notify\VMUpgradeAtShutdown: DllName - VMUpgradeAtShutdownWXP.dll - C:\WINDOWS\System32\VMUpgradeAtShutdownWXP.dll (VMware, Inc.)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (pwdssp.dll) - C:\WINDOWS\System32\pwdssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/05 14:03:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\##nick#k\Shell - "" = AutoRun
O33 - MountPoints2\##nick#k\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##nick#k\Shell\AutoRun\command - "" = Z:\Get_Started_for_Win.exe -- File not found
O33 - MountPoints2\{e545845a-a1ec-11dd-9d98-0011435a73b6}\Shell - "" = AutoRun
O33 - MountPoints2\{e545845a-a1ec-11dd-9d98-0011435a73b6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e545845a-a1ec-11dd-9d98-0011435a73b6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/24 18:08:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/10/14 10:59:10 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SAVRKBootTasks.sys
[2010/10/14 08:01:18 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll
[2010/10/14 07:51:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/10/14 07:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/10/14 07:04:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pavark
[2010/10/14 06:49:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Hypersight
[2010/10/14 06:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\Hypersight
[2010/10/14 06:35:40 | 000,102,800 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/10/13 13:21:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/13 13:10:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/10/13 13:03:56 | 003,601,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/10/13 13:03:56 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dat
[2010/10/13 13:03:56 | 001,168,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/10/13 13:03:56 | 000,832,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/10/13 13:03:56 | 000,634,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2010/10/13 13:03:56 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2010/10/13 13:03:56 | 000,468,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010/10/13 13:03:56 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2010/10/13 13:03:56 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2010/10/13 13:03:56 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2010/10/13 13:03:56 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2010/10/13 13:03:56 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2010/10/13 13:03:56 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010/10/13 13:03:56 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/10/13 13:03:56 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2010/10/13 13:03:56 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2010/10/13 13:03:56 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2010/10/13 13:03:56 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010/10/13 13:03:56 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2010/10/13 13:03:56 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2010/10/13 13:03:56 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2010/10/13 13:03:56 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010/10/13 13:03:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2010/10/13 13:03:47 | 006,075,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/10/13 13:03:47 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2010/10/13 13:03:47 | 000,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2010/10/13 13:03:47 | 000,468,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/10/13 13:03:47 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2010/10/13 13:03:47 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/10/13 13:03:47 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2010/10/13 13:03:47 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/10/13 13:03:47 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2010/10/13 13:03:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/10/13 13:03:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2010/10/13 13:03:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2010/10/13 13:03:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2010/10/13 12:54:27 | 000,647,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2010/10/13 12:30:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Simply Super Software
[2010/10/13 12:27:50 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe
[2010/10/13 12:27:24 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2010/10/13 12:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/10/13 12:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/10/13 12:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Simply Super Software
[2010/10/13 12:22:18 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/10/07 23:19:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/10/07 23:19:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/07 23:19:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/07 23:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/07 23:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/07 20:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
[2010/10/07 20:13:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2010/10/07 03:21:02 | 000,016,432 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmx_mode.dll
[2010/10/07 03:21:01 | 000,218,288 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmx_fb.dll
[2010/10/07 03:21:01 | 000,061,872 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmci.sys
[2010/10/07 03:21:01 | 000,028,080 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmx_svga.sys
[2010/10/07 03:20:54 | 000,036,400 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\lgtosync.sys
[2010/10/07 03:20:54 | 000,030,000 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmxnet.sys
[2010/10/07 03:20:53 | 000,011,440 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmmouse.sys
[2010/10/07 03:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2010/10/07 03:01:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/10/07 02:58:57 | 000,174,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xenrx86.dll
[2010/10/07 02:58:56 | 000,506,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xenria64.dll
[2010/10/07 02:58:53 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmswmiproppage.dll
[2010/10/07 02:58:52 | 001,150,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmswizardres.dll
[2010/10/07 02:58:52 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmswizard.exe
[2010/10/07 02:58:51 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsunicastsinkproppage.dll
[2010/10/07 02:58:51 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmssrvmk.dll
[2010/10/07 02:58:51 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmssnmp.dll
[2010/10/07 02:58:50 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsservertypelib.dll
[2010/10/07 02:58:50 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsserverupgrade.exe
[2010/10/07 02:58:50 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsserverresourceres.dll
[2010/10/07 02:58:49 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsserverresource.dll
[2010/10/07 02:58:49 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsserverconfig.exe
[2010/10/07 02:58:44 | 003,166,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsserver.dll
[2010/10/07 02:58:44 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsscriptproppage.dll
[2010/10/07 02:58:43 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsplaylistres.dll
[2010/10/07 02:58:43 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmspluginres.dll
[2010/10/07 02:58:42 | 000,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsplaylist.dll
[2010/10/07 02:58:42 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsperfmon.exe
[2010/10/07 02:58:42 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsperf.dll
[2010/10/07 02:58:41 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsnetworkdatasourceproppage.dll
[2010/10/07 02:58:41 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsmulticastsinkproppage.dll
[2010/10/07 02:58:40 | 001,852,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsmonitorres.dll
[2010/10/07 02:58:40 | 000,546,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsmonitor.dll
[2010/10/07 02:58:39 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmslogproppages.dll
[2010/10/07 02:58:39 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsipaccessproppage.dll
[2010/10/07 02:58:39 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsiphlp.dll
[2010/10/07 02:58:39 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmslf.dll
[2010/10/07 02:58:38 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmshttpcontrolproppage.dll
[2010/10/07 02:58:38 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmshttpauthenproppage.dll
[2010/10/07 02:58:38 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsiislog.dll
[2010/10/07 02:58:38 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmshttpsyscfg.exe
[2010/10/07 02:58:35 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmserror.dll
[2010/10/07 02:58:35 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmseditor.exe
[2010/10/07 02:58:35 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmserver.exe
[2010/10/07 02:58:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmserr.dll
[2010/10/07 02:58:34 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsbrowse.dll
[2010/10/07 02:58:34 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdigestauthenproppage.dll
[2010/10/07 02:58:34 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsbrowseres.dll
[2010/10/07 02:58:33 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsadminres.dll
[2010/10/07 02:58:33 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsarchivesinkv1proppage.dll
[2010/10/07 02:58:33 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsanonauthenproppage.dll
[2010/10/07 02:58:33 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsaspadmin.dll
[2010/10/07 02:58:32 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsadmin.dll
[2010/10/07 02:58:32 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsaclcheckproppage.dll
[2010/10/07 02:58:32 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsactscrpt.dll
[2010/10/07 02:58:31 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmilistener.dll
[2010/10/07 02:58:30 | 000,651,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winssnap.dll
[2010/10/07 02:58:30 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2010/10/07 02:58:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmibridge.dll
[2010/10/07 02:58:29 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2010/10/07 02:58:29 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2010/10/07 02:58:29 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wins.exe
[2010/10/07 02:58:29 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsevnt.dll
[2010/10/07 02:58:29 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpop.exe
[2010/10/07 02:58:29 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsmib.dll
[2010/10/07 02:58:29 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsctrs.dll
[2010/10/07 02:58:28 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdsutil.exe
[2010/10/07 02:58:28 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2010/10/07 02:58:28 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2010/10/07 02:58:28 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2010/10/07 02:58:27 | 001,106,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdsmmc.dll
[2010/10/07 02:58:27 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdssrv.dll
[2010/10/07 02:58:27 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdspxe.dll
[2010/10/07 02:58:25 | 000,569,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdsmgmt.dll
[2010/10/07 02:58:24 | 000,349,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdsimage.dll
[2010/10/07 02:58:24 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdsigsv.dll
[2010/10/07 02:58:24 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdscsl.dll
[2010/10/07 02:58:22 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2010/10/07 02:58:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2010/10/07 02:58:20 | 000,197,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W98_unidrv.dll
[2010/10/07 02:58:20 | 000,197,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W95_unidrv.dll
[2010/10/07 02:58:20 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2010/10/07 02:58:20 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2010/10/07 02:58:19 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2010/10/07 02:58:19 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2010/10/07 02:58:19 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2010/10/07 02:58:18 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2010/10/07 02:58:17 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2010/10/07 02:58:17 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tftpd.exe
[2010/10/07 02:58:03 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmtest.exe
[2010/10/07 02:58:03 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2010/10/07 02:58:02 | 000,359,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2010/10/07 02:58:02 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2010/10/07 02:58:02 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2010/10/07 02:58:02 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2010/10/07 02:58:02 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2010/10/07 02:58:02 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2010/10/07 02:58:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snprfdll.dll
[2010/10/07 02:58:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2010/10/07 02:58:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2010/10/07 02:58:01 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2010/10/07 02:58:01 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2010/10/07 02:58:01 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2010/10/07 02:58:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpctrs.dll
[2010/10/07 02:58:01 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2010/10/07 02:58:01 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2010/10/07 02:58:00 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sis.sys
[2010/10/07 02:58:00 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smef.dll
[2010/10/07 02:58:00 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2010/10/07 02:57:59 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seva.dll
[2010/10/07 02:57:59 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setupcl.exe
[2010/10/07 02:57:59 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seos.dll
[2010/10/07 02:57:59 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_strap.exe
[2010/10/07 02:57:58 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwiisext.dll
[2010/10/07 02:57:58 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwengb.dll
[2010/10/07 02:57:58 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwcmd.exe
[2010/10/07 02:57:58 | 000,056,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrdx86.dll
[2010/10/07 02:57:58 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwhlp.dll
[2010/10/07 02:57:58 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwauditext.dll
[2010/10/07 02:57:58 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwsddlanalysis.dll
[2010/10/07 02:57:58 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwviewer.exe
[2010/10/07 02:57:58 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scss.exe
[2010/10/07 02:57:58 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scshost.exe
[2010/10/07 02:57:57 | 000,147,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrdia64.dll
[2010/10/07 02:57:57 | 000,067,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrdw2k.dll
[2010/10/07 02:57:57 | 000,056,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrdenrl.dll
[2010/10/07 02:57:57 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rqs.exe
[2010/10/07 02:57:57 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2010/10/07 02:57:57 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rqsinst.dll
[2010/10/07 02:57:56 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\riprep.exe
[2010/10/07 02:57:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\risetup.exe
[2010/10/07 02:57:56 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regtrace.exe
[2010/10/07 02:57:55 | 000,299,008 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\rbfg.exe
[2010/10/07 02:57:55 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2010/10/07 02:57:54 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3snap.dll
[2010/10/07 02:57:54 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2010/10/07 02:57:54 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3auth.dll
[2010/10/07 02:57:54 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3svc.exe
[2010/10/07 02:57:54 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3msg.dll
[2010/10/07 02:57:54 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3perf.dll
[2010/10/07 02:57:54 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3evt.dll
[2010/10/07 02:57:51 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2010/10/07 02:57:51 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\playlisttransformproppage.dll
[2010/10/07 02:57:33 | 000,535,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2010/10/07 02:57:26 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2010/10/07 02:57:25 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oschoice.exe
[2010/10/07 02:57:25 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\p3admin.dll
[2010/10/07 02:57:25 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2010/10/07 02:57:25 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\owsrmadm.exe
[2010/10/07 02:57:25 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\p3store.dll
[2010/10/07 02:57:25 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\owsadm.exe
[2010/10/07 02:57:25 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2010/10/07 02:57:25 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2010/10/07 02:57:25 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2010/10/07 02:57:25 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2010/10/07 02:57:23 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntfsdrv.dll
[2010/10/07 02:57:22 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nntpsvc.dll
[2010/10/07 02:57:22 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nntpfs.dll
[2010/10/07 02:57:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nntpctrs.dll
[2010/10/07 02:57:22 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsneterr.dll
[2010/10/07 02:57:21 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2010/10/07 02:57:21 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\namespace.dll
[2010/10/07 02:57:20 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_msvcp60.dll
[2010/10/07 02:57:20 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2010/10/07 02:57:20 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\muisetup.exe
[2010/10/07 02:57:18 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2010/10/07 02:57:18 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2010/10/07 02:57:17 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll
[2010/10/07 02:57:14 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2010/10/07 02:57:11 | 000,118,784 | ---- | C] ( ) -- C:\WINDOWS\System32\dllcache\microsoft.windowsmediaservices.dll
[2010/10/07 02:57:11 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mailmsg.dll
[2010/10/07 02:57:10 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2010/10/07 02:57:10 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2010/10/07 02:57:10 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2010/10/07 02:57:07 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2010/10/07 02:57:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2010/10/07 02:57:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2010/10/07 02:57:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2010/10/07 02:57:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2010/10/07 02:57:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2010/10/07 02:57:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2010/10/07 02:57:06 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2010/10/07 02:57:06 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2010/10/07 02:57:06 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2010/10/07 02:57:06 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2010/10/07 02:57:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2010/10/07 02:57:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2010/10/07 02:57:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2010/10/07 02:57:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2010/10/07 02:57:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2010/10/07 02:57:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2010/10/07 02:57:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2010/10/07 02:57:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2010/10/07 02:57:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2010/10/07 02:57:05 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2010/10/07 02:57:04 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2010/10/07 02:57:04 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isrpc.dll
[2010/10/07 02:56:58 | 001,499,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_instmsiw.exe
[2010/10/07 02:56:58 | 001,489,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_instmsia.exe
[2010/10/07 02:56:58 | 000,069,632 | ---- | C] ( ) -- C:\WINDOWS\System32\dllcache\interop_msxml.dll
[2010/10/07 02:56:57 | 000,394,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2010/10/07 02:56:57 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2010/10/07 02:56:57 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2010/10/07 02:56:57 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2010/10/07 02:56:48 | 009,206,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpzp.dic
[2010/10/07 02:56:48 | 000,854,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjptk.dic
[2010/10/07 02:56:48 | 000,234,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2010/10/07 02:56:48 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2010/10/07 02:56:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2010/10/07 02:56:27 | 014,694,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpst.dic
[2010/10/07 02:56:27 | 000,137,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpsb.dic
[2010/10/07 02:56:27 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2010/10/07 02:56:15 | 010,660,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpnm.dic
[2010/10/07 02:56:15 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2010/10/07 02:56:14 | 000,993,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpln.dic
[2010/10/07 02:56:14 | 000,815,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpgn.grm
[2010/10/07 02:56:14 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/10/07 02:56:13 | 000,695,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2010/10/07 02:56:13 | 000,647,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2010/10/07 02:56:13 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2010/10/07 02:56:13 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2010/10/07 02:56:13 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcd.dic
[2010/10/07 02:56:13 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2010/10/07 02:56:13 | 000,055,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpch.dic
[2010/10/07 02:56:13 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2010/10/07 02:56:13 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2010/10/07 02:56:12 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2010/10/07 02:56:12 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2010/10/07 02:56:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2010/10/07 02:56:11 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2010/10/07 02:56:11 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2010/10/07 02:56:11 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2010/10/07 02:56:11 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2010/10/07 02:55:56 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2010/10/07 02:55:38 | 011,091,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/10/07 02:55:25 | 010,100,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2010/10/07 02:55:24 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\grovel.exe
[2010/10/07 02:55:24 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2010/10/07 02:55:24 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2010/10/07 02:55:24 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\grovmsg.dll
[2010/10/07 02:55:23 | 000,405,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsxp32.dll
[2010/10/07 02:55:23 | 000,398,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2010/10/07 02:55:23 | 000,398,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsxp32.dll
[2010/10/07 02:55:22 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2010/10/07 02:55:22 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxstiff.dll
[2010/10/07 02:55:22 | 000,387,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxstiff.dll
[2010/10/07 02:55:22 | 000,269,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2010/10/07 02:55:22 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2010/10/07 02:55:22 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2010/10/07 02:55:22 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsui.dll
[2010/10/07 02:55:22 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2010/10/07 02:55:22 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxswzrd.dll
[2010/10/07 02:55:22 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxswzrd.dll
[2010/10/07 02:55:22 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30p.dll
[2010/10/07 02:55:21 | 000,737,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2010/10/07 02:55:21 | 000,561,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2010/10/07 02:55:21 | 000,102,400 | ---- | C] (Installshield Software Corporation ) -- C:\WINDOWS\System32\dllcache\FXS_setup.exe
[2010/10/07 02:55:21 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2010/10/07 02:55:21 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsrtmtd.dll
[2010/10/07 02:55:21 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2010/10/07 02:55:21 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxssend.exe
[2010/10/07 02:55:21 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxssend.exe
[2010/10/07 02:55:20 | 000,737,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsres.dll
[2010/10/07 02:55:20 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2010/10/07 02:55:20 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsdrv32.dll
[2010/10/07 02:55:20 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsext32.dll
[2010/10/07 02:55:20 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2010/10/07 02:55:20 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2010/10/07 02:55:20 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsext32.dll
[2010/10/07 02:55:20 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2010/10/07 02:55:20 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\NT4_fxsdrv4.dll
[2010/10/07 02:55:20 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2010/10/07 02:55:19 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2010/10/07 02:55:19 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2010/10/07 02:55:19 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxscover.exe
[2010/10/07 02:55:19 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxscover.exe
[2010/10/07 02:55:19 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2010/10/07 02:55:18 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2010/10/07 02:55:18 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsclnt.exe
[2010/10/07 02:55:18 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsclnt.exe
[2010/10/07 02:55:18 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsclntr.dll
[2010/10/07 02:55:18 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2010/10/07 02:55:18 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsclntr.dll
[2010/10/07 02:55:18 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2010/10/07 02:55:17 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsapi.dll
[2010/10/07 02:55:17 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2010/10/07 02:55:17 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsapi.dll
[2010/10/07 02:55:17 | 000,466,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\NT4_fxsapi.dll
[2010/10/07 02:55:17 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsadmin.dll
[2010/10/07 02:55:17 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsvc2.dll
[2010/10/07 02:55:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2010/10/07 02:55:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2010/10/07 02:55:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2010/10/07 02:55:16 | 000,027,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2010/10/07 02:55:15 | 001,383,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp5awel.dll
[2010/10/07 02:55:15 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp5avss.dll
[2010/10/07 02:55:14 | 000,944,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp5autl.dll
[2010/10/07 02:55:14 | 000,142,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp5amsft.dll
[2010/10/07 02:55:13 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2010/10/07 02:55:13 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2010/10/07 02:55:13 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fcachdll.dll
[2010/10/07 02:55:13 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2010/10/07 02:55:13 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2010/10/07 02:55:10 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddrop.dll
[2010/10/07 02:55:09 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2010/10/07 02:55:08 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\complianceextensions.dll
[2010/10/07 02:55:08 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2010/10/07 02:55:07 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2010/10/07 02:55:07 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cleanri.exe
[2010/10/07 02:55:06 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2010/10/07 02:55:05 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2010/10/07 02:55:05 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2010/10/07 02:55:05 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2010/10/07 02:55:04 | 000,841,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2010/10/07 02:55:03 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2010/10/07 02:55:03 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2010/10/07 02:55:02 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certsrv.exe
[2010/10/07 02:55:02 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certdb.dll
[2010/10/07 02:55:02 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certenc.dll
[2010/10/07 02:55:02 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2010/10/07 02:55:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2010/10/07 02:55:00 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsmgr.dll
[2010/10/07 02:55:00 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitssrv.dll
[2010/10/07 02:54:58 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asfarchiver.dll
[2010/10/07 02:54:57 | 000,501,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2010/10/07 02:54:57 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqadmin.dll
[2010/10/07 02:54:57 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2010/10/07 02:54:56 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2010/10/07 02:54:56 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2010/10/07 02:54:56 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2010/10/07 02:54:56 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2010/10/07 02:54:56 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2010/10/07 02:54:56 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiisex.dll
[2010/10/07 02:54:55 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2010/10/07 02:54:53 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2010/10/07 02:54:51 | 000,254,005 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_msvcrt.dll
[2010/10/07 02:54:49 | 001,163,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_mfc42u.dll
[2010/10/07 02:54:37 | 001,160,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_mfc42.dll
[2010/10/07 02:54:33 | 000,400,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2010/10/07 02:54:33 | 000,199,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2010/10/07 02:54:32 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2010/10/07 02:54:32 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2010/10/07 02:54:32 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2010/10/07 02:54:32 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2010/10/07 02:54:32 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2010/10/07 02:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/10/07 02:46:33 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\battc.sys
[2010/10/07 02:45:44 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010/10/07 02:45:44 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010/10/07 02:27:52 | 000,421,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/10/07 02:27:27 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kerberos.dll
[2010/10/07 02:27:27 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdigest.dll
[2010/10/07 02:27:27 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\secur32.dll
[2010/10/07 02:23:23 | 002,488,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/10/07 02:23:23 | 002,340,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/10/07 02:23:23 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sc.exe
[2010/10/07 02:23:22 | 002,449,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/10/07 02:23:22 | 002,300,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/10/07 02:22:26 | 000,583,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010/10/07 02:19:15 | 002,854,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msi.dll
[2010/10/07 02:19:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/10/07 02:03:24 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2010/10/07 02:03:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/10/07 00:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/10/07 00:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn
[2010/10/06 23:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/10/06 22:41:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSVOL
[2010/10/06 22:41:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\NTDS
[2010/10/06 22:24:05 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2010/10/06 22:24:05 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2010/10/06 18:21:51 | 000,011,026 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmscsi.sys
[2010/10/06 18:21:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\$Reconfig$
[2010/10/06 03:31:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\VAMT2
[2010/10/06 01:35:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\vmware-converter-install-pgtvcuszkzkrokyd
[2010/10/05 23:30:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\vmware-converter-install-bkajscfpvizwydvg
[2010/10/05 21:27:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\vmware-converter-install-mczqxfzlwfxdqqkv
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/24 18:08:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/10/24 18:07:52 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RKUnhookerLE.EXE
[2010/10/24 17:23:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3018655958-1258357186-3169496164-500UA.job
[2010/10/24 07:03:19 | 000,000,600 | ---- | M] () -- C:\WINDOWS\PUTTY.RND
[2010/10/24 01:23:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3018655958-1258357186-3169496164-500Core.job
[2010/10/23 22:30:00 | 000,000,218 | ---- | M] () -- C:\WINDOWS\tasks\backupscript.job
[2010/10/21 19:23:47 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2010/10/21 19:23:47 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/18 01:18:04 | 000,065,536 | ---- | M] () -- C:\WINDOWS\NETLOGON.CHG
[2010/10/15 07:43:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/15 07:35:01 | 000,845,018 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/15 07:35:01 | 000,199,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/15 03:25:19 | 000,000,923 | ---- | M] () -- C:\WINDOWS\TimeForce.ini
[2010/10/15 03:24:39 | 000,000,183 | ---- | M] () -- C:\WINDOWS\ClockLinkService.ini
[2010/10/15 03:24:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/14 08:02:36 | 000,003,470 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/14 06:52:43 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/10/14 06:35:40 | 000,102,800 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/10/14 05:20:00 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/14 05:04:39 | 000,008,680 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/10/14 04:58:20 | 000,262,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/13 12:28:48 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/13 12:28:26 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe
[2010/10/13 12:27:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2010/10/07 03:38:22 | 000,421,609 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/07 03:20:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/10/07 02:59:28 | 000,000,316 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/10/07 02:54:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/10/07 02:54:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/10/07 02:54:12 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/10/07 02:54:07 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/10/07 02:54:07 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/10/07 02:54:05 | 000,004,272 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/07 02:53:25 | 000,001,411 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Security Configuration Wizard.lnk
[2010/10/07 02:51:36 | 000,022,756 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/10/07 02:50:21 | 000,000,208 | -HS- | M] () -- C:\boot.ini
[2010/10/07 02:49:23 | 000,002,492 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/10/07 02:25:18 | 000,003,672 | ---- | M] () -- C:\WINDOWS\ominstal.db
[2010/10/07 00:23:12 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/10/06 23:00:04 | 000,001,914 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VIPRE Enterprise.lnk
[2010/10/06 22:37:12 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\Administrator\.scUserPreferences43
[2010/10/06 18:21:51 | 000,011,026 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmscsi.sys
[2010/10/05 14:39:32 | 000,001,194 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
[2010/10/05 12:45:42 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll.000.bak
[2010/10/05 12:45:42 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll.000.bak
[2010/10/01 08:58:32 | 000,004,096 | -HS- | M] () -- C:\VSM000.IDX
[2010/09/27 14:50:44 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2010/09/27 14:49:18 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2010/09/27 14:49:18 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

Second half of otl.txt


========== Files Created - No Company Name ==========

[2010/10/24 18:09:04 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RKUnhookerLE.EXE
[2010/10/14 06:49:30 | 000,177,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\hcore32.sys
[2010/10/13 12:28:48 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/13 12:27:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2010/10/13 12:27:24 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/10/13 12:27:24 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/10/13 12:27:24 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/10/13 12:27:24 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/10/07 20:16:20 | 000,002,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2010/10/07 20:16:20 | 000,002,322 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/07 20:13:57 | 000,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3018655958-1258357186-3169496164-500UA.job
[2010/10/07 20:13:57 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3018655958-1258357186-3169496164-500Core.job
[2010/10/07 03:21:01 | 002,275,888 | R--- | C] () -- C:\WINDOWS\System32\vmwogl32.dll
[2010/10/07 03:18:41 | 000,001,374 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2010/10/07 02:58:18 | 001,413,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgs.imd
[2010/10/07 02:58:18 | 000,455,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgl.imd
[2010/10/07 02:58:18 | 000,171,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgc.imd
[2010/10/07 02:57:57 | 000,006,331 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rsess.vbs
[2010/10/07 02:57:56 | 000,026,417 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rfeed.vbs
[2010/10/07 02:57:56 | 000,012,400 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rgroup.vbs
[2010/10/07 02:57:56 | 000,011,781 | ---- | C] () -- C:\WINDOWS\System32\dllcache\regfilt.vbs
[2010/10/07 02:57:56 | 000,010,571 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rexpire.vbs
[2010/10/07 02:57:55 | 000,003,912 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rcancel.vbs
[2010/10/07 02:57:34 | 010,011,497 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgs.imd
[2010/10/07 02:57:34 | 000,733,292 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgr.imd
[2010/10/07 02:57:33 | 000,208,744 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgl.imd
[2010/10/07 02:57:31 | 001,004,904 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgix.imd
[2010/10/07 02:57:30 | 000,948,656 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgi.imd
[2010/10/07 02:57:28 | 000,867,242 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgdx.imd
[2010/10/07 02:57:26 | 000,825,038 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgd.imd
[2010/10/07 02:57:26 | 000,487,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsk.dic
[2010/10/07 02:57:26 | 000,188,140 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgc.imd
[2010/10/07 02:57:26 | 000,174,803 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsd.dic
[2010/10/07 02:57:25 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/10/07 02:57:08 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/10/07 02:56:57 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/10/07 02:56:11 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/10/07 02:55:24 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/10/07 02:55:16 | 000,100,936 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/10/07 02:55:07 | 000,409,168 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgu.imd
[2010/10/07 02:55:07 | 000,102,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlguc.imd
[2010/10/07 02:55:07 | 000,102,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgsi.imd
[2010/10/07 02:55:07 | 000,001,849 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IIS_clusftp.vbs
[2010/10/07 02:55:06 | 000,427,138 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgie.imd
[2010/10/07 02:55:06 | 000,279,894 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgd.imd
[2010/10/07 02:55:06 | 000,024,080 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgl.imd
[2010/10/07 02:55:06 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgs.imd
[2010/10/07 02:55:05 | 000,543,708 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgb.imd
[2010/10/07 02:55:05 | 000,462,929 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskdic.dic
[2010/10/07 02:55:05 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/10/07 02:54:15 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/10/07 02:54:15 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/10/07 02:49:23 | 000,002,492 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2010/10/07 02:45:36 | 000,314,515 | ---- | C] () -- C:\WINDOWS\System32\dllcache\WMSocm.CAT
[2010/10/07 02:45:36 | 000,112,975 | ---- | C] () -- C:\WINDOWS\System32\dllcache\UDDI.CAT
[2010/10/07 02:45:36 | 000,082,025 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sasetup.CAT
[2010/10/07 02:45:36 | 000,071,199 | ---- | C] () -- C:\WINDOWS\System32\dllcache\adminpak.CAT
[2010/10/07 02:45:36 | 000,067,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP5.CAT
[2010/10/07 02:45:36 | 000,066,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NETFX.CAT
[2010/10/07 02:45:36 | 000,064,351 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/10/07 02:45:36 | 000,030,616 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SCW.CAT
[2010/10/07 02:45:36 | 000,023,518 | ---- | C] () -- C:\WINDOWS\System32\dllcache\admt.cat
[2010/10/07 02:45:36 | 000,022,310 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FXSCAT.CAT
[2010/10/07 02:45:36 | 000,015,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\INS.CAT
[2010/10/07 02:45:36 | 000,014,610 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/10/07 02:45:36 | 000,010,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/10/07 02:45:36 | 000,008,571 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/10/07 02:45:36 | 000,007,379 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/10/07 02:45:35 | 001,994,359 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/10/07 02:45:35 | 001,402,437 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/10/07 02:45:35 | 000,682,720 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/10/01 08:58:32 | 000,004,096 | -HS- | C] () -- C:\VSM000.IDX
[2010/03/31 09:54:31 | 001,622,022 | R--- | C] () -- C:\WINDOWS\schema.ini
[2009/10/26 10:36:52 | 000,000,183 | ---- | C] () -- C:\WINDOWS\ClockLinkService.ini
[2009/10/26 10:36:20 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2008/10/27 15:08:18 | 000,000,923 | ---- | C] () -- C:\WINDOWS\TimeForce.ini
[2008/10/24 12:15:52 | 000,163,032 | RHS- | C] () -- C:\WINDOWS\System32\dwfajl.dll
[2008/10/24 10:55:13 | 000,050,666 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/10/24 10:55:13 | 000,010,793 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/10/24 10:35:25 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/04/26 00:57:33 | 000,011,597 | ---- | C] () -- C:\WINDOWS\System32\dnsperf.ini
[2007/02/18 08:00:00 | 000,179,577 | ---- | C] () -- C:\WINDOWS\System32\schema.ini
[2007/02/18 08:00:00 | 000,024,819 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini
[2007/02/18 08:00:00 | 000,020,386 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini
[2007/02/18 08:00:00 | 000,011,817 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini
[2007/02/18 08:00:00 | 000,011,030 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini
[2007/02/18 08:00:00 | 000,005,597 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini
[2004/12/02 20:13:19 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2004/11/24 15:13:01 | 000,000,079 | ---- | C] () -- C:\WINDOWS\System32\drivers\dcesmwdm.sys
[2004/11/24 13:57:17 | 000,002,360 | ---- | C] () -- C:\WINDOWS\System32\dhcpctrs.ini
[2004/11/24 13:36:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\itgcond.dll
[2004/11/24 13:36:18 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\itg_refs.dll
[2004/11/24 13:36:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\itg_sched.dll
[2004/11/24 13:36:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\itg_night.dll
[2004/11/24 13:33:18 | 000,000,280 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/04 00:21:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/11/03 23:58:16 | 000,000,499 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/01/05 13:56:22 | 000,004,272 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/02/03 10:26:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2001/07/31 10:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

========== LOP Check ==========

[2010/03/29 13:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ntr
[2010/04/17 02:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Overlook
[2010/10/13 12:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Simply Super Software
[2010/10/07 00:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/04/17 02:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Overlook
[2010/10/13 12:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/10/22 23:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/16 22:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/10/23 22:30:00 | 000,000,218 | ---- | M] () -- C:\WINDOWS\Tasks\backupscript.job
[2010/10/24 12:23:00 | 000,032,604 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9291F0D
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >
SRV - (zuxrufpg) -- File not found
SRV - (zdylnfm) -- File not found
SRV - (yknygtck) -- File not found
SRV - (xhehc) -- File not found
SRV - (WinHttpAutoProxySvc) -- File not found
SRV - (wbsfkgn) -- File not found
SRV - (uurefmihf) -- File not found
SRV - (hpqvl) -- File not found
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (SBAMSvc) -- C:\Program Files\Sunbelt Software\SBEAgent\SBAMSvc.exe (Sunbelt Software)
SRV - (SBPIMSvc) -- C:\Program Files\Sunbelt Software\SBEAgent\SBPIMSvc.exe (Sunbelt Software)
SRV - (VSNAPVSS) -- C:\WINDOWS\system32\vsnapvss.exe (StorageCraft Technology Corporation)
SRV - (ShadowProtectSvc) -- D:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe (StorageCraft Technology Corporation)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (VMUpgradeHelper) -- C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe (VMware, Inc.)
SRV - (VMTools) -- C:\Program Files\VMware\VMware Tools\vmtoolsd.exe (VMware, Inc.)
SRV - (VMware Physical Disk Helper Service) -- C:\Program Files\VMware\VMware Tools\vmacthlp.exe (VMware, Inc.)
SRV - (TPVCGateway) -- C:\Program Files\VMware\VMware Tools\TPVCGateway.exe (ThinPrint GmbH)
SRV - (TPAutoConnSvc) -- C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe (ThinPrint AG)
SRV - (Sunbelt Software Enterprise Service) -- C:\Program Files\Sunbelt Software\Enterprise\EnterpriseService.exe (Sunbelt Software)
SRV - (TFPunchProcessQueue) -- c:\Inetpub\wwwroot\qqest\Utilities\TFProcessingQueue.exe (Qqest Software Systems)
SRV - (DNS) -- C:\WINDOWS\system32\dns.exe (Microsoft Corporation)
SRV - (TFPunches) -- c:\Inetpub\wwwroot\qqest\Utilities\TimeForcePunches.exe (Qqest Software Systems)
SRV - (ServiceTimeForce) -- c:\Inetpub\wwwroot\qqest\Utilities\TimeForceServices.exe (Qqest Software Systems)
SRV - (ClockLink) -- C:\Program Files\Qqest Software Systems\TimeForce\ClockLink\ClockLinkService.exe (Qqest Software Systems)
SRV - (NtFrs) -- C:\WINDOWS\system32\ntfrs.exe (Microsoft Corporation)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (Dfs) -- C:\WINDOWS\system32\dfssvc.exe (Microsoft Corporation)
SRV - (LicenseService) -- C:\WINDOWS\system32\llssrv.exe (Microsoft Corporation)
SRV - (RSoPProv) -- C:\WINDOWS\system32\rsopprov.exe (Microsoft Corporation)
SRV - (TrkSvr) -- C:\WINDOWS\system32\trksvr.dll (Microsoft Corporation)
SRV - (IsmServ) -- C:\WINDOWS\system32\ismserv.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (sacsvr) -- C:\WINDOWS\system32\sacsvr.dll (Microsoft Corporation)
SRV - (Tssdis) -- C:\WINDOWS\system32\tssdis.exe (Microsoft Corporation)
SRV - (TermServLicensing) -- C:\WINDOWS\system32\lserver.exe (Microsoft Corporation)
SRV - (omsad) -- C:\Program Files\Dell\OpenManage\oma\bin\omsad32.exe (Dell Inc.)
SRV - (Server Administrator) -- C:\Program Files\Dell\OpenManage\iws\bin\win32\omaws32.exe (Dell Computer Corporation)
SRV - (ASANYs_VWPM) -- C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.)
SRV - (dcevt32) -- C:\Program Files\Dell\OpenManage\dataeng\bin\dcevt32.exe (Dell Inc.)
SRV - (dcstor32) -- C:\Program Files\Dell\OpenManage\dataeng\bin\dcstor32.exe (Dell Inc.)
SRV - (WinVNC4) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
SRV - (BackupExecRPCService) -- D:\Program Files\VERITAS\Backup Exec\NT\beserver.exe (VERITAS Software Corporation)
SRV - (BackupExecJobEngine) -- D:\Program Files\VERITAS\Backup Exec\NT\bengine.exe (VERITAS Software Corporation)
SRV - (BackupExecAgentAccelerator) -- D:\Program Files\VERITAS\Backup Exec\NT\beremote.exe (VERITAS Software Corporation)
SRV - (BackupExecAgentBrowser) -- D:\Program Files\VERITAS\Backup Exec\NT\benetns.exe (VERITAS Software Corporation)
SRV - (BackupExecNamingService) -- D:\Program Files\VERITAS\Backup Exec\NT\benser.exe (VERITAS Software Corporation)
SRV - (BackupExecDeviceMediaService) -- D:\Program Files\VERITAS\Backup Exec\NT\pvlsvr.exe (VERITAS Software Corporation)
SRV - (ECM Service) ExecView Communication Module (ECM) -- D:\program files\VERITAS\Backup Exec\NT\ECM\ECM.exe (VERITAS Software Corporation)
SRV - (Intel Alert Originator) -- C:\WINDOWS\system32\AMS_II\IAO.EXE (IntelŽ Corporation)
SRV - (Intel Alert Handler) -- C:\WINDOWS\system32\AMS_II\HNDLRSVC.EXE (IntelŽ Corporation)
SRV - (Intel File Transfer) -- C:\WINDOWS\system32\CBA\XFR.EXE (IntelŽ Corporation)
SRV - (VWPMRapidServices) -- F:\VWPM\srvany.exe ()


========== Driver Services (SafeList) ==========

DRV - (SDTHelper) -- C:\Documents and Settings\Administrator\Desktop\Radix\sdthlpr.sys File not found
DRV - (MEMSWEEP2) -- C:\WINDOWS\System32\4E.tmp File not found
DRV - (IpInIp) -- C:\WINDOWS\System32\DRIVERS\ipinip.sys File not found
DRV - (vmscsi) -- C:\WINDOWS\System32\DRIVERS\vmscsi.sys (VMware, Inc.)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (hcore32) -- C:\WINDOWS\System32\drivers\hcore32.sys ()
DRV - (SbTis) -- C:\WINDOWS\system32\drivers\sbtis.sys (Sunbelt Software, Inc.)
DRV - (stcvsm) -- C:\WINDOWS\System32\drivers\stcvsm.sys (StorageCraft Technology Corporation)
DRV - (sbmount) -- C:\WINDOWS\System32\drivers\sbmount.sys (StorageCraft Technology Corporation)
DRV - (sbapifs) -- C:\WINDOWS\system32\drivers\sbapifs.sys (Sunbelt Software)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (SAVRKBootTasks) -- C:\WINDOWS\system32\SAVRKBootTasks.sys (Sophos Plc)
DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREDrv.sys (Sunbelt Software)
DRV - (LGTO_Sync) -- C:\WINDOWS\system32\drivers\lgtosync.sys (VMware, Inc.)
DRV - (VMMEMCTL) -- C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys (VMware, Inc.)
DRV - (vmdebug) -- C:\WINDOWS\system32\drivers\vmdebug.sys (VMware, Inc.)
DRV - (vmxnet) -- C:\WINDOWS\system32\drivers\vmxnet.sys (VMware, Inc.)
DRV - (vmmouse) -- C:\WINDOWS\system32\drivers\vmmouse.sys (VMware, Inc.)
DRV - (vmx_svga) -- C:\WINDOWS\system32\drivers\vmx_svga.sys (VMware, Inc.)
DRV - (vmci) -- C:\WINDOWS\system32\drivers\vmci.sys (VMware, Inc.)
DRV - (ql2300) -- C:\WINDOWS\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (afcnt) -- C:\WINDOWS\system32\DRIVERS\afcnt.sys (Agilent Technologies)
DRV - (WLBS) -- C:\WINDOWS\system32\drivers\wlbs.sys (Microsoft Corporation)
DRV - (ql2200) -- C:\WINDOWS\system32\DRIVERS\ql2200.sys (QLogic Corporation)
DRV - (adpu320) -- C:\WINDOWS\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (ql2100) -- C:\WINDOWS\system32\DRIVERS\ql2100.sys (QLogic Corporation)
DRV - (lp6nds35) -- C:\WINDOWS\system32\DRIVERS\lp6nds35.sys (Emulex Corporation)
DRV - (cpqfcalm) -- C:\WINDOWS\system32\DRIVERS\cpqfcalm.sys (Hewlett-Packard Company)
DRV - (ClusDisk) -- C:\WINDOWS\system32\drivers\clusdisk.sys (Microsoft Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (symmpi) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (arc) -- C:\WINDOWS\System32\drivers\arc.sys (Adaptec, Inc.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (hpt3xx) -- C:\WINDOWS\system32\DRIVERS\hpt3xx.sys (HighPoint Technologies, Inc.)
DRV - (nfrd960) -- C:\WINDOWS\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (DfsDriver) -- C:\WINDOWS\system32\drivers\Dfs.sys (Microsoft Corporation)
DRV - (iirsp) -- C:\WINDOWS\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (ipsraidn) -- C:\WINDOWS\system32\DRIVERS\ipsraidn.sys (IBM Corporation)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (LSI Logic Corporation)
DRV - (dpti2o) -- C:\WINDOWS\system32\DRIVERS\dpti2o.sys (Adaptec, Inc.)
DRV - (hpcisss) -- C:\WINDOWS\System32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (dellcerc) -- C:\WINDOWS\system32\DRIVERS\dellcerc.sys (LSI Logic Corporation)
DRV - (cpqcissm) -- C:\WINDOWS\system32\DRIVERS\cpqcissm.sys (Hewlett-Packard Company)
DRV - (Cpqarray) -- C:\WINDOWS\system32\DRIVERS\cpqarray.sys (Hewlett-Packard Company)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (cpqarry2) -- C:\WINDOWS\system32\DRIVERS\cpqarry2.sys (Hewlett-Packard Company)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (PORTACCESSOR) -- C:\Program Files\Dell\OpenManage\oldiags\packages\portaccessor.sys (Dell Computer Corporation.)
DRV - (dcdipm) -- C:\WINDOWS\system32\drivers\dcdipm32.sys (Dell Inc.)
DRV - (dcdbas) -- C:\WINDOWS\system32\DRIVERS\dcdbas32.sys (Dell Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
DRV - (Blfp) -- C:\WINDOWS\system32\drivers\baspxp32.sys (Broadcom Corporation)
DRV - (4mmdat--VRTS) -- C:\WINDOWS\system32\drivers\04mmdat.sys (VERITAS Software)
DRV - (pvdatw2k) -- C:\WINDOWS\system32\drivers\pvdatw2k.sys (Seagate Removable Storage Solutions, LLC)
DRV - (amdagp8p) -- C:\WINDOWS\system32\DRIVERS\amdagp8p.sys (Advanced Micro Devices, Inc.)
DRV - (ati2mpad) -- C:\WINDOWS\system32\drivers\ati2mpad.sys (ATI Technologies Inc.)
DRV - (SCSIChanger) -- C:\WINDOWS\system32\drivers\SCSICHNG.SYS (VERITAS Software)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = res://shdoclc.dll/softAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.9

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/10/13 13:08:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: d:\Program Files\Mozilla Firefox\components [2010/10/06 04:03:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: d:\Program Files\Mozilla Firefox\plugins [2010/10/06 04:03:35 | 000,000,000 | ---D | M]

[2010/04/16 22:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/04/16 22:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/10/14 07:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\laru0dtt.default\extensions
[2010/10/14 07:01:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\laru0dtt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/14 07:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\laru0dtt.default\extensions\staged-xpis

O1 HOSTS File: ([2010/10/07 03:38:22 | 000,421,609 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14540 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [PRONoMgrWired] c:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [VMware Tools] C:\Program Files\VMware\VMware Tools\VMwareTray.exe (VMware, Inc.)
O4 - HKLM..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser.exe (VMware, Inc.)
O4 - HKLM..\Run: [VxTaskbarMgr] D:\program files\VERITAS\VxUpdate\VxTaskbarMgr.exe (VERITAS Software Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DBISQL9] C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe (iAnywhere Solutions, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] d:\program files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SybaseCentral43] C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe ()
O4 - HKCU..\RunOnce: [*LogMeInRescue_2004595380] C:\Documents and Settings\Administrator\WINDOWS\LMI29.tmp\lmi_rescue.exe (LogMeIn, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\program files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll (VMware, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1286431376281 (WUWebControl Class)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domain.local
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\windows\explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - C:\WINDOWS\System32\TPSvc.dll (ThinPrint AG)
O20 - Winlogon\Notify\VMUpgradeAtShutdown: DllName - VMUpgradeAtShutdownWXP.dll - C:\WINDOWS\System32\VMUpgradeAtShutdownWXP.dll (VMware, Inc.)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (pwdssp.dll) - C:\WINDOWS\System32\pwdssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/05 14:03:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\##nick#k\Shell - "" = AutoRun
O33 - MountPoints2\##nick#k\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##nick#k\Shell\AutoRun\command - "" = Z:\Get_Started_for_Win.exe -- File not found
O33 - MountPoints2\{e545845a-a1ec-11dd-9d98-0011435a73b6}\Shell - "" = AutoRun
O33 - MountPoints2\{e545845a-a1ec-11dd-9d98-0011435a73b6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e545845a-a1ec-11dd-9d98-0011435a73b6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/24 18:08:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/10/14 10:59:10 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SAVRKBootTasks.sys
[2010/10/14 08:01:18 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll
[2010/10/14 07:51:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/10/14 07:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/10/14 07:04:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pavark
[2010/10/14 06:49:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Hypersight
[2010/10/14 06:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\Hypersight
[2010/10/14 06:35:40 | 000,102,800 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/10/13 13:21:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/13 13:10:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/10/13 13:03:56 | 003,601,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/10/13 13:03:56 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dat
[2010/10/13 13:03:56 | 001,168,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/10/13 13:03:56 | 000,832,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/10/13 13:03:56 | 000,634,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2010/10/13 13:03:56 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2010/10/13 13:03:56 | 000,468,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010/10/13 13:03:56 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2010/10/13 13:03:56 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2010/10/13 13:03:56 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2010/10/13 13:03:56 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2010/10/13 13:03:56 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2010/10/13 13:03:56 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010/10/13 13:03:56 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/10/13 13:03:56 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2010/10/13 13:03:56 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2010/10/13 13:03:56 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2010/10/13 13:03:56 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010/10/13 13:03:56 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2010/10/13 13:03:56 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2010/10/13 13:03:56 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2010/10/13 13:03:56 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010/10/13 13:03:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2010/10/13 13:03:47 | 006,075,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/10/13 13:03:47 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2010/10/13 13:03:47 | 000,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2010/10/13 13:03:47 | 000,468,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/10/13 13:03:47 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2010/10/13 13:03:47 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/10/13 13:03:47 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2010/10/13 13:03:47 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/10/13 13:03:47 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2010/10/13 13:03:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/10/13 13:03:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2010/10/13 13:03:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2010/10/13 13:03:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2010/10/13 12:54:27 | 000,647,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2010/10/13 12:30:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Simply Super Software
[2010/10/13 12:27:50 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe
[2010/10/13 12:27:24 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2010/10/13 12:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/10/13 12:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/10/13 12:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Simply Super Software
[2010/10/13 12:22:18 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/10/07 23:19:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/10/07 23:19:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/07 23:19:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/07 23:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/07 23:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/07 20:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
[2010/10/07 20:13:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2010/10/07 03:21:02 | 000,016,432 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmx_mode.dll
[2010/10/07 03:21:01 | 000,218,288 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmx_fb.dll
[2010/10/07 03:21:01 | 000,061,872 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmci.sys
[2010/10/07 03:21:01 | 000,028,080 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmx_svga.sys
[2010/10/07 03:20:54 | 000,036,400 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\lgtosync.sys
[2010/10/07 03:20:54 | 000,030,000 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmxnet.sys
[2010/10/07 03:20:53 | 000,011,440 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmmouse.sys
[2010/10/07 03:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2010/10/07 03:01:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/10/07 02:58:57 | 000,174,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xenrx86.dll
[2010/10/07 02:58:56 | 000,506,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xenria64.dll
[2010/10/07 02:58:53 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmswmiproppage.dll
[2010/10/07 02:58:52 | 001,150,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmswizardres.dll
[2010/10/07 02:58:52 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmswizard.exe
[2010/10/07 02:58:51 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsunicastsinkproppage.dll
[2010/10/07 02:58:51 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmssrvmk.dll
[2010/10/07 02:58:51 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmssnmp.dll
[2010/10/07 02:58:50 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsservertypelib.dll
[2010/10/07 02:58:50 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsserverupgrade.exe
[2010/10/07 02:58:50 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsserverresourceres.dll
[2010/10/07 02:58:49 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsserverresource.dll
[2010/10/07 02:58:49 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsserverconfig.exe
[2010/10/07 02:58:44 | 003,166,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsserver.dll
[2010/10/07 02:58:44 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsscriptproppage.dll
[2010/10/07 02:58:43 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsplaylistres.dll
[2010/10/07 02:58:43 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmspluginres.dll
[2010/10/07 02:58:42 | 000,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsplaylist.dll
[2010/10/07 02:58:42 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsperfmon.exe
[2010/10/07 02:58:42 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsperf.dll
[2010/10/07 02:58:41 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsnetworkdatasourceproppage.dll
[2010/10/07 02:58:41 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsmulticastsinkproppage.dll
[2010/10/07 02:58:40 | 001,852,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsmonitorres.dll
[2010/10/07 02:58:40 | 000,546,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsmonitor.dll
[2010/10/07 02:58:39 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmslogproppages.dll
[2010/10/07 02:58:39 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsipaccessproppage.dll
[2010/10/07 02:58:39 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsiphlp.dll
[2010/10/07 02:58:39 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmslf.dll
[2010/10/07 02:58:38 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmshttpcontrolproppage.dll
[2010/10/07 02:58:38 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmshttpauthenproppage.dll
[2010/10/07 02:58:38 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsiislog.dll
[2010/10/07 02:58:38 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmshttpsyscfg.exe
[2010/10/07 02:58:35 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmserror.dll
[2010/10/07 02:58:35 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmseditor.exe
[2010/10/07 02:58:35 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmserver.exe
[2010/10/07 02:58:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmserr.dll
[2010/10/07 02:58:34 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsbrowse.dll
[2010/10/07 02:58:34 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdigestauthenproppage.dll
[2010/10/07 02:58:34 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsbrowseres.dll
[2010/10/07 02:58:33 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsadminres.dll
[2010/10/07 02:58:33 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsarchivesinkv1proppage.dll
[2010/10/07 02:58:33 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsanonauthenproppage.dll
[2010/10/07 02:58:33 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsaspadmin.dll
[2010/10/07 02:58:32 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsadmin.dll
[2010/10/07 02:58:32 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsaclcheckproppage.dll
[2010/10/07 02:58:32 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsactscrpt.dll
[2010/10/07 02:58:31 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmilistener.dll
[2010/10/07 02:58:30 | 000,651,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winssnap.dll
[2010/10/07 02:58:30 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2010/10/07 02:58:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmibridge.dll
[2010/10/07 02:58:29 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2010/10/07 02:58:29 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2010/10/07 02:58:29 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wins.exe
[2010/10/07 02:58:29 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsevnt.dll
[2010/10/07 02:58:29 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpop.exe
[2010/10/07 02:58:29 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsmib.dll
[2010/10/07 02:58:29 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsctrs.dll
[2010/10/07 02:58:28 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdsutil.exe
[2010/10/07 02:58:28 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2010/10/07 02:58:28 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2010/10/07 02:58:28 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2010/10/07 02:58:27 | 001,106,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdsmmc.dll
[2010/10/07 02:58:27 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdssrv.dll
[2010/10/07 02:58:27 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdspxe.dll
[2010/10/07 02:58:25 | 000,569,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdsmgmt.dll
[2010/10/07 02:58:24 | 000,349,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdsimage.dll
[2010/10/07 02:58:24 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdsigsv.dll
[2010/10/07 02:58:24 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdscsl.dll
[2010/10/07 02:58:22 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2010/10/07 02:58:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2010/10/07 02:58:20 | 000,197,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W98_unidrv.dll
[2010/10/07 02:58:20 | 000,197,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W95_unidrv.dll
[2010/10/07 02:58:20 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2010/10/07 02:58:20 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2010/10/07 02:58:19 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2010/10/07 02:58:19 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2010/10/07 02:58:19 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2010/10/07 02:58:18 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2010/10/07 02:58:17 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2010/10/07 02:58:17 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tftpd.exe
[2010/10/07 02:58:03 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmtest.exe
[2010/10/07 02:58:03 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2010/10/07 02:58:02 | 000,359,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2010/10/07 02:58:02 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2010/10/07 02:58:02 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2010/10/07 02:58:02 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2010/10/07 02:58:02 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2010/10/07 02:58:02 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2010/10/07 02:58:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snprfdll.dll
[2010/10/07 02:58:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2010/10/07 02:58:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2010/10/07 02:58:01 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2010/10/07 02:58:01 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2010/10/07 02:58:01 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2010/10/07 02:58:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpctrs.dll
[2010/10/07 02:58:01 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2010/10/07 02:58:01 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2010/10/07 02:58:00 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sis.sys
[2010/10/07 02:58:00 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smef.dll
[2010/10/07 02:58:00 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2010/10/07 02:57:59 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seva.dll
[2010/10/07 02:57:59 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setupcl.exe
[2010/10/07 02:57:59 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seos.dll
[2010/10/07 02:57:59 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_strap.exe
[2010/10/07 02:57:58 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwiisext.dll
[2010/10/07 02:57:58 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwengb.dll
[2010/10/07 02:57:58 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwcmd.exe
[2010/10/07 02:57:58 | 000,056,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrdx86.dll
[2010/10/07 02:57:58 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwhlp.dll
[2010/10/07 02:57:58 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwauditext.dll
[2010/10/07 02:57:58 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwsddlanalysis.dll
[2010/10/07 02:57:58 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwviewer.exe
[2010/10/07 02:57:58 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scss.exe
[2010/10/07 02:57:58 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scshost.exe
[2010/10/07 02:57:57 | 000,147,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrdia64.dll
[2010/10/07 02:57:57 | 000,067,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrdw2k.dll
[2010/10/07 02:57:57 | 000,056,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrdenrl.dll
[2010/10/07 02:57:57 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rqs.exe
[2010/10/07 02:57:57 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2010/10/07 02:57:57 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rqsinst.dll
[2010/10/07 02:57:56 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\riprep.exe
[2010/10/07 02:57:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\risetup.exe
[2010/10/07 02:57:56 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regtrace.exe
[2010/10/07 02:57:55 | 000,299,008 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\rbfg.exe
[2010/10/07 02:57:55 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2010/10/07 02:57:54 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3snap.dll
[2010/10/07 02:57:54 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2010/10/07 02:57:54 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3auth.dll
[2010/10/07 02:57:54 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3svc.exe
[2010/10/07 02:57:54 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3msg.dll
[2010/10/07 02:57:54 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3perf.dll
[2010/10/07 02:57:54 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3evt.dll
[2010/10/07 02:57:51 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2010/10/07 02:57:51 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\playlisttransformproppage.dll
[2010/10/07 02:57:33 | 000,535,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2010/10/07 02:57:26 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2010/10/07 02:57:25 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oschoice.exe
[2010/10/07 02:57:25 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\p3admin.dll
[2010/10/07 02:57:25 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2010/10/07 02:57:25 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\owsrmadm.exe
[2010/10/07 02:57:25 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\p3store.dll
[2010/10/07 02:57:25 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\owsadm.exe
[2010/10/07 02:57:25 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2010/10/07 02:57:25 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2010/10/07 02:57:25 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2010/10/07 02:57:25 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2010/10/07 02:57:23 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntfsdrv.dll
[2010/10/07 02:57:22 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nntpsvc.dll
[2010/10/07 02:57:22 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nntpfs.dll
[2010/10/07 02:57:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nntpctrs.dll
[2010/10/07 02:57:22 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsneterr.dll
[2010/10/07 02:57:21 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2010/10/07 02:57:21 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\namespace.dll
[2010/10/07 02:57:20 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_msvcp60.dll
[2010/10/07 02:57:20 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2010/10/07 02:57:20 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\muisetup.exe
[2010/10/07 02:57:18 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2010/10/07 02:57:18 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2010/10/07 02:57:17 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll
[2010/10/07 02:57:14 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2010/10/07 02:57:11 | 000,118,784 | ---- | C] ( ) -- C:\WINDOWS\System32\dllcache\microsoft.windowsmediaservices.dll
[2010/10/07 02:57:11 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mailmsg.dll
[2010/10/07 02:57:10 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2010/10/07 02:57:10 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2010/10/07 02:57:10 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2010/10/07 02:57:07 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2010/10/07 02:57:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2010/10/07 02:57:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2010/10/07 02:57:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2010/10/07 02:57:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2010/10/07 02:57:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2010/10/07 02:57:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2010/10/07 02:57:06 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2010/10/07 02:57:06 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2010/10/07 02:57:06 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2010/10/07 02:57:06 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2010/10/07 02:57:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2010/10/07 02:57:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2010/10/07 02:57:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2010/10/07 02:57:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2010/10/07 02:57:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2010/10/07 02:57:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2010/10/07 02:57:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2010/10/07 02:57:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2010/10/07 02:57:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2010/10/07 02:57:05 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2010/10/07 02:57:04 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2010/10/07 02:57:04 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isrpc.dll
[2010/10/07 02:56:58 | 001,499,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_instmsiw.exe
[2010/10/07 02:56:58 | 001,489,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_instmsia.exe
[2010/10/07 02:56:58 | 000,069,632 | ---- | C] ( ) -- C:\WINDOWS\System32\dllcache\interop_msxml.dll
[2010/10/07 02:56:57 | 000,394,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2010/10/07 02:56:57 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2010/10/07 02:56:57 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2010/10/07 02:56:57 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2010/10/07 02:56:48 | 009,206,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpzp.dic
[2010/10/07 02:56:48 | 000,854,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjptk.dic
[2010/10/07 02:56:48 | 000,234,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2010/10/07 02:56:48 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2010/10/07 02:56:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2010/10/07 02:56:27 | 014,694,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpst.dic
[2010/10/07 02:56:27 | 000,137,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpsb.dic
[2010/10/07 02:56:27 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2010/10/07 02:56:15 | 010,660,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpnm.dic
[2010/10/07 02:56:15 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2010/10/07 02:56:14 | 000,993,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpln.dic
[2010/10/07 02:56:14 | 000,815,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpgn.grm
[2010/10/07 02:56:14 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/10/07 02:56:13 | 000,695,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2010/10/07 02:56:13 | 000,647,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2010/10/07 02:56:13 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2010/10/07 02:56:13 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2010/10/07 02:56:13 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcd.dic
[2010/10/07 02:56:13 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2010/10/07 02:56:13 | 000,055,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpch.dic
[2010/10/07 02:56:13 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2010/10/07 02:56:13 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2010/10/07 02:56:12 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2010/10/07 02:56:12 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2010/10/07 02:56:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2010/10/07 02:56:11 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2010/10/07 02:56:11 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2010/10/07 02:56:11 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2010/10/07 02:56:11 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2010/10/07 02:55:56 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2010/10/07 02:55:38 | 011,091,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/10/07 02:55:25 | 010,100,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2010/10/07 02:55:24 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\grovel.exe
[2010/10/07 02:55:24 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2010/10/07 02:55:24 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2010/10/07 02:55:24 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\grovmsg.dll
[2010/10/07 02:55:23 | 000,405,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsxp32.dll
[2010/10/07 02:55:23 | 000,398,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2010/10/07 02:55:23 | 000,398,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsxp32.dll
[2010/10/07 02:55:22 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2010/10/07 02:55:22 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxstiff.dll
[2010/10/07 02:55:22 | 000,387,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxstiff.dll
[2010/10/07 02:55:22 | 000,269,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2010/10/07 02:55:22 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2010/10/07 02:55:22 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2010/10/07 02:55:22 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsui.dll
[2010/10/07 02:55:22 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2010/10/07 02:55:22 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxswzrd.dll
[2010/10/07 02:55:22 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxswzrd.dll
[2010/10/07 02:55:22 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30p.dll
[2010/10/07 02:55:21 | 000,737,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2010/10/07 02:55:21 | 000,561,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2010/10/07 02:55:21 | 000,102,400 | ---- | C] (Installshield Software Corporation ) -- C:\WINDOWS\System32\dllcache\FXS_setup.exe
[2010/10/07 02:55:21 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2010/10/07 02:55:21 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsrtmtd.dll
[2010/10/07 02:55:21 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2010/10/07 02:55:21 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxssend.exe
[2010/10/07 02:55:21 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxssend.exe
[2010/10/07 02:55:20 | 000,737,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsres.dll
[2010/10/07 02:55:20 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2010/10/07 02:55:20 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsdrv32.dll
[2010/10/07 02:55:20 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsext32.dll
[2010/10/07 02:55:20 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2010/10/07 02:55:20 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2010/10/07 02:55:20 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsext32.dll
[2010/10/07 02:55:20 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2010/10/07 02:55:20 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\NT4_fxsdrv4.dll
[2010/10/07 02:55:20 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2010/10/07 02:55:19 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2010/10/07 02:55:19 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2010/10/07 02:55:19 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxscover.exe
[2010/10/07 02:55:19 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxscover.exe
[2010/10/07 02:55:19 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2010/10/07 02:55:18 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2010/10/07 02:55:18 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsclnt.exe
[2010/10/07 02:55:18 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsclnt.exe
[2010/10/07 02:55:18 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsclntr.dll
[2010/10/07 02:55:18 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2010/10/07 02:55:18 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsclntr.dll
[2010/10/07 02:55:18 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2010/10/07 02:55:17 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsapi.dll
[2010/10/07 02:55:17 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2010/10/07 02:55:17 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsapi.dll
[2010/10/07 02:55:17 | 000,466,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\NT4_fxsapi.dll
[2010/10/07 02:55:17 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsadmin.dll
[2010/10/07 02:55:17 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsvc2.dll
[2010/10/07 02:55:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2010/10/07 02:55:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2010/10/07 02:55:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2010/10/07 02:55:16 | 000,027,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2010/10/07 02:55:15 | 001,383,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp5awel.dll
[2010/10/07 02:55:15 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp5avss.dll
[2010/10/07 02:55:14 | 000,944,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp5autl.dll
[2010/10/07 02:55:14 | 000,142,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp5amsft.dll
[2010/10/07 02:55:13 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2010/10/07 02:55:13 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2010/10/07 02:55:13 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fcachdll.dll
[2010/10/07 02:55:13 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2010/10/07 02:55:13 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2010/10/07 02:55:10 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddrop.dll
[2010/10/07 02:55:09 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2010/10/07 02:55:08 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\complianceextensions.dll
[2010/10/07 02:55:08 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2010/10/07 02:55:07 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2010/10/07 02:55:07 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cleanri.exe
[2010/10/07 02:55:06 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2010/10/07 02:55:05 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2010/10/07 02:55:05 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2010/10/07 02:55:05 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2010/10/07 02:55:04 | 000,841,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2010/10/07 02:55:03 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2010/10/07 02:55:03 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2010/10/07 02:55:02 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certsrv.exe
[2010/10/07 02:55:02 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certdb.dll
[2010/10/07 02:55:02 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certenc.dll
[2010/10/07 02:55:02 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2010/10/07 02:55:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2010/10/07 02:55:00 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsmgr.dll
[2010/10/07 02:55:00 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitssrv.dll
[2010/10/07 02:54:58 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asfarchiver.dll
[2010/10/07 02:54:57 | 000,501,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2010/10/07 02:54:57 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqadmin.dll
[2010/10/07 02:54:57 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2010/10/07 02:54:56 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2010/10/07 02:54:56 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2010/10/07 02:54:56 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2010/10/07 02:54:56 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2010/10/07 02:54:56 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2010/10/07 02:54:56 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiisex.dll
[2010/10/07 02:54:55 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2010/10/07 02:54:53 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2010/10/07 02:54:51 | 000,254,005 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_msvcrt.dll
[2010/10/07 02:54:49 | 001,163,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_mfc42u.dll
[2010/10/07 02:54:37 | 001,160,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_mfc42.dll
[2010/10/07 02:54:33 | 000,400,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2010/10/07 02:54:33 | 000,199,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2010/10/07 02:54:32 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2010/10/07 02:54:32 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2010/10/07 02:54:32 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2010/10/07 02:54:32 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2010/10/07 02:54:32 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2010/10/07 02:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/10/07 02:46:33 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\battc.sys
[2010/10/07 02:45:44 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010/10/07 02:45:44 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010/10/07 02:27:52 | 000,421,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/10/07 02:27:27 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kerberos.dll
[2010/10/07 02:27:27 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdigest.dll
[2010/10/07 02:27:27 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\secur32.dll
[2010/10/07 02:23:23 | 002,488,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/10/07 02:23:23 | 002,340,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/10/07 02:23:23 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sc.exe
[2010/10/07 02:23:22 | 002,449,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/10/07 02:23:22 | 002,300,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/10/07 02:22:26 | 000,583,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010/10/07 02:19:15 | 002,854,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msi.dll
[2010/10/07 02:19:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/10/07 02:03:24 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2010/10/07 02:03:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/10/07 00:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/10/07 00:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn
[2010/10/06 23:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/10/06 22:41:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSVOL
[2010/10/06 22:41:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\NTDS
[2010/10/06 22:24:05 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2010/10/06 22:24:05 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2010/10/06 18:21:51 | 000,011,026 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmscsi.sys
[2010/10/06 18:21:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\$Reconfig$
[2010/10/06 03:31:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\VAMT2
[2010/10/06 01:35:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\vmware-converter-install-pgtvcuszkzkrokyd
[2010/10/05 23:30:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\vmware-converter-install-bkajscfpvizwydvg
[2010/10/05 21:27:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\vmware-converter-install-mczqxfzlwfxdqqkv
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/24 18:08:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/10/24 18:07:52 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RKUnhookerLE.EXE
[2010/10/24 17:23:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3018655958-1258357186-3169496164-500UA.job
[2010/10/24 07:03:19 | 000,000,600 | ---- | M] () -- C:\WINDOWS\PUTTY.RND
[2010/10/24 01:23:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3018655958-1258357186-3169496164-500Core.job
[2010/10/23 22:30:00 | 000,000,218 | ---- | M] () -- C:\WINDOWS\tasks\backupscript.job
[2010/10/21 19:23:47 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2010/10/21 19:23:47 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/18 01:18:04 | 000,065,536 | ---- | M] () -- C:\WINDOWS\NETLOGON.CHG
[2010/10/15 07:43:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/15 07:35:01 | 000,845,018 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/15 07:35:01 | 000,199,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/15 03:25:19 | 000,000,923 | ---- | M] () -- C:\WINDOWS\TimeForce.ini
[2010/10/15 03:24:39 | 000,000,183 | ---- | M] () -- C:\WINDOWS\ClockLinkService.ini
[2010/10/15 03:24:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/14 08:02:36 | 000,003,470 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/14 06:52:43 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/10/14 06:35:40 | 000,102,800 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/10/14 05:20:00 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/14 05:04:39 | 000,008,680 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/10/14 04:58:20 | 000,262,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/13 12:28:48 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/13 12:28:26 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe
[2010/10/13 12:27:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2010/10/07 03:38:22 | 000,421,609 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/07 03:20:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/10/07 02:59:28 | 000,000,316 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/10/07 02:54:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/10/07 02:54:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/10/07 02:54:12 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/10/07 02:54:07 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/10/07 02:54:07 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/10/07 02:54:05 | 000,004,272 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/07 02:53:25 | 000,001,411 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Security Configuration Wizard.lnk
[2010/10/07 02:51:36 | 000,022,756 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/10/07 02:50:21 | 000,000,208 | -HS- | M] () -- C:\boot.ini
[2010/10/07 02:49:23 | 000,002,492 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/10/07 02:25:18 | 000,003,672 | ---- | M] () -- C:\WINDOWS\ominstal.db
[2010/10/07 00:23:12 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/10/06 23:00:04 | 000,001,914 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VIPRE Enterprise.lnk
[2010/10/06 22:37:12 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\Administrator\.scUserPreferences43
[2010/10/06 18:21:51 | 000,011,026 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmscsi.sys
[2010/10/05 14:39:32 | 000,001,194 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
[2010/10/05 12:45:42 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll.000.bak
[2010/10/05 12:45:42 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll.000.bak
[2010/10/01 08:58:32 | 000,004,096 | -HS- | M] () -- C:\VSM000.IDX
[2010/09/27 14:50:44 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2010/09/27 14:49:18 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2010/09/27 14:49:18 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/24 18:09:04 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RKUnhookerLE.EXE
[2010/10/14 06:49:30 | 000,177,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\hcore32.sys
[2010/10/13 12:28:48 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/13 12:27:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2010/10/13 12:27:24 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/10/13 12:27:24 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/10/13 12:27:24 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/10/13 12:27:24 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/10/07 20:16:20 | 000,002,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2010/10/07 20:16:20 | 000,002,322 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/07 20:13:57 | 000,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3018655958-1258357186-3169496164-500UA.job
[2010/10/07 20:13:57 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3018655958-1258357186-3169496164-500Core.job
[2010/10/07 03:21:01 | 002,275,888 | R--- | C] () -- C:\WINDOWS\System32\vmwogl32.dll
[2010/10/07 03:18:41 | 000,001,374 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2010/10/07 02:58:18 | 001,413,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgs.imd
[2010/10/07 02:58:18 | 000,455,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgl.imd
[2010/10/07 02:58:18 | 000,171,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgc.imd
[2010/10/07 02:57:57 | 000,006,331 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rsess.vbs
[2010/10/07 02:57:56 | 000,026,417 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rfeed.vbs
[2010/10/07 02:57:56 | 000,012,400 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rgroup.vbs
[2010/10/07 02:57:56 | 000,011,781 | ---- | C] () -- C:\WINDOWS\System32\dllcache\regfilt.vbs
[2010/10/07 02:57:56 | 000,010,571 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rexpire.vbs
[2010/10/07 02:57:55 | 000,003,912 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rcancel.vbs
[2010/10/07 02:57:34 | 010,011,497 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgs.imd
[2010/10/07 02:57:34 | 000,733,292 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgr.imd
[2010/10/07 02:57:33 | 000,208,744 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgl.imd
[2010/10/07 02:57:31 | 001,004,904 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgix.imd
[2010/10/07 02:57:30 | 000,948,656 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgi.imd
[2010/10/07 02:57:28 | 000,867,242 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgdx.imd
[2010/10/07 02:57:26 | 000,825,038 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgd.imd
[2010/10/07 02:57:26 | 000,487,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsk.dic
[2010/10/07 02:57:26 | 000,188,140 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgc.imd
[2010/10/07 02:57:26 | 000,174,803 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsd.dic
[2010/10/07 02:57:25 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/10/07 02:57:08 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/10/07 02:56:57 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/10/07 02:56:11 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/10/07 02:55:24 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/10/07 02:55:16 | 000,100,936 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/10/07 02:55:07 | 000,409,168 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgu.imd
[2010/10/07 02:55:07 | 000,102,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlguc.imd
[2010/10/07 02:55:07 | 000,102,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgsi.imd
[2010/10/07 02:55:07 | 000,001,849 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IIS_clusftp.vbs
[2010/10/07 02:55:06 | 000,427,138 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgie.imd
[2010/10/07 02:55:06 | 000,279,894 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgd.imd
[2010/10/07 02:55:06 | 000,024,080 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgl.imd
[2010/10/07 02:55:06 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgs.imd
[2010/10/07 02:55:05 | 000,543,708 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgb.imd
[2010/10/07 02:55:05 | 000,462,929 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskdic.dic
[2010/10/07 02:55:05 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/10/07 02:54:15 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/10/07 02:54:15 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/10/07 02:49:23 | 000,002,492 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2010/10/07 02:45:36 | 000,314,515 | ---- | C] () -- C:\WINDOWS\System32\dllcache\WMSocm.CAT
[2010/10/07 02:45:36 | 000,112,975 | ---- | C] () -- C:\WINDOWS\System32\dllcache\UDDI.CAT
[2010/10/07 02:45:36 | 000,082,025 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sasetup.CAT
[2010/10/07 02:45:36 | 000,071,199 | ---- | C] () -- C:\WINDOWS\System32\dllcache\adminpak.CAT
[2010/10/07 02:45:36 | 000,067,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP5.CAT
[2010/10/07 02:45:36 | 000,066,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NETFX.CAT
[2010/10/07 02:45:36 | 000,064,351 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/10/07 02:45:36 | 000,030,616 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SCW.CAT
[2010/10/07 02:45:36 | 000,023,518 | ---- | C] () -- C:\WINDOWS\System32\dllcache\admt.cat
[2010/10/07 02:45:36 | 000,022,310 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FXSCAT.CAT
[2010/10/07 02:45:36 | 000,015,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\INS.CAT
[2010/10/07 02:45:36 | 000,014,610 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/10/07 02:45:36 | 000,010,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/10/07 02:45:36 | 000,008,571 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/10/07 02:45:36 | 000,007,379 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/10/07 02:45:35 | 001,994,359 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/10/07 02:45:35 | 001,402,437 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/10/07 02:45:35 | 000,682,720 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/10/01 08:58:32 | 000,004,096 | -HS- | C] () -- C:\VSM000.IDX
[2010/03/31 09:54:31 | 001,622,022 | R--- | C] () -- C:\WINDOWS\schema.ini
[2009/10/26 10:36:52 | 000,000,183 | ---- | C] () -- C:\WINDOWS\ClockLinkService.ini
[2009/10/26 10:36:20 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2008/10/27 15:08:18 | 000,000,923 | ---- | C] () -- C:\WINDOWS\TimeForce.ini
[2008/10/24 12:15:52 | 000,163,032 | RHS- | C] () -- C:\WINDOWS\System32\dwfajl.dll
[2008/10/24 10:55:13 | 000,050,666 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/10/24 10:55:13 | 000,010,793 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/10/24 10:35:25 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/04/26 00:57:33 | 000,011,597 | ---- | C] () -- C:\WINDOWS\System32\dnsperf.ini
[2007/02/18 08:00:00 | 000,179,577 | ---- | C] () -- C:\WINDOWS\System32\schema.ini
[2007/02/18 08:00:00 | 000,024,819 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini
[2007/02/18 08:00:00 | 000,020,386 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini
[2007/02/18 08:00:00 | 000,011,817 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini
[2007/02/18 08:00:00 | 000,011,030 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini
[2007/02/18 08:00:00 | 000,005,597 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini
[2004/12/02 20:13:19 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2004/11/24 15:13:01 | 000,000,079 | ---- | C] () -- C:\WINDOWS\System32\drivers\dcesmwdm.sys
[2004/11/24 13:57:17 | 000,002,360 | ---- | C] () -- C:\WINDOWS\System32\dhcpctrs.ini
[2004/11/24 13:36:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\itgcond.dll
[2004/11/24 13:36:18 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\itg_refs.dll
[2004/11/24 13:36:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\itg_sched.dll
[2004/11/24 13:36:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\itg_night.dll
[2004/11/24 13:33:18 | 000,000,280 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/04 00:21:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/11/03 23:58:16 | 000,000,499 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/01/05 13:56:22 | 000,004,272 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/02/03 10:26:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2001/07/31 10:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

========== LOP Check ==========

[2010/03/29 13:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ntr
[2010/04/17 02:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Overlook
[2010/10/13 12:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Simply Super Software
[2010/10/07 00:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/04/17 02:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Overlook
[2010/10/13 12:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/10/22 23:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/16 22:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/10/23 22:30:00 | 000,000,218 | ---- | M] () -- C:\WINDOWS\Tasks\backupscript.job
[2010/10/24 12:23:00 | 000,032,604 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9291F0D
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >

#8 iGmO

iGmO
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 24 October 2010 - 05:36 PM

Second half of OTL log and attachments of the others


========== Files Created - No Company Name ==========

[2010/10/24 18:09:04 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RKUnhookerLE.EXE
[2010/10/14 06:49:30 | 000,177,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\hcore32.sys
[2010/10/13 12:28:48 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/13 12:27:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2010/10/13 12:27:24 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/10/13 12:27:24 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/10/13 12:27:24 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/10/13 12:27:24 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/10/07 20:16:20 | 000,002,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2010/10/07 20:16:20 | 000,002,322 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/07 20:13:57 | 000,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3018655958-1258357186-3169496164-500UA.job
[2010/10/07 20:13:57 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3018655958-1258357186-3169496164-500Core.job
[2010/10/07 03:21:01 | 002,275,888 | R--- | C] () -- C:\WINDOWS\System32\vmwogl32.dll
[2010/10/07 03:18:41 | 000,001,374 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2010/10/07 02:58:18 | 001,413,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgs.imd
[2010/10/07 02:58:18 | 000,455,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgl.imd
[2010/10/07 02:58:18 | 000,171,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgc.imd
[2010/10/07 02:57:57 | 000,006,331 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rsess.vbs
[2010/10/07 02:57:56 | 000,026,417 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rfeed.vbs
[2010/10/07 02:57:56 | 000,012,400 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rgroup.vbs
[2010/10/07 02:57:56 | 000,011,781 | ---- | C] () -- C:\WINDOWS\System32\dllcache\regfilt.vbs
[2010/10/07 02:57:56 | 000,010,571 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rexpire.vbs
[2010/10/07 02:57:55 | 000,003,912 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rcancel.vbs
[2010/10/07 02:57:34 | 010,011,497 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgs.imd
[2010/10/07 02:57:34 | 000,733,292 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgr.imd
[2010/10/07 02:57:33 | 000,208,744 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgl.imd
[2010/10/07 02:57:31 | 001,004,904 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgix.imd
[2010/10/07 02:57:30 | 000,948,656 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgi.imd
[2010/10/07 02:57:28 | 000,867,242 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgdx.imd
[2010/10/07 02:57:26 | 000,825,038 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgd.imd
[2010/10/07 02:57:26 | 000,487,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsk.dic
[2010/10/07 02:57:26 | 000,188,140 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgc.imd
[2010/10/07 02:57:26 | 000,174,803 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsd.dic
[2010/10/07 02:57:25 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/10/07 02:57:08 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/10/07 02:56:57 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/10/07 02:56:11 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/10/07 02:55:24 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/10/07 02:55:16 | 000,100,936 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/10/07 02:55:07 | 000,409,168 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgu.imd
[2010/10/07 02:55:07 | 000,102,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlguc.imd
[2010/10/07 02:55:07 | 000,102,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgsi.imd
[2010/10/07 02:55:07 | 000,001,849 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IIS_clusftp.vbs
[2010/10/07 02:55:06 | 000,427,138 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgie.imd
[2010/10/07 02:55:06 | 000,279,894 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgd.imd
[2010/10/07 02:55:06 | 000,024,080 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgl.imd
[2010/10/07 02:55:06 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgs.imd
[2010/10/07 02:55:05 | 000,543,708 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgb.imd
[2010/10/07 02:55:05 | 000,462,929 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskdic.dic
[2010/10/07 02:55:05 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/10/07 02:54:15 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/10/07 02:54:15 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/10/07 02:49:23 | 000,002,492 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2010/10/07 02:45:36 | 000,314,515 | ---- | C] () -- C:\WINDOWS\System32\dllcache\WMSocm.CAT
[2010/10/07 02:45:36 | 000,112,975 | ---- | C] () -- C:\WINDOWS\System32\dllcache\UDDI.CAT
[2010/10/07 02:45:36 | 000,082,025 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sasetup.CAT
[2010/10/07 02:45:36 | 000,071,199 | ---- | C] () -- C:\WINDOWS\System32\dllcache\adminpak.CAT
[2010/10/07 02:45:36 | 000,067,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP5.CAT
[2010/10/07 02:45:36 | 000,066,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NETFX.CAT
[2010/10/07 02:45:36 | 000,064,351 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/10/07 02:45:36 | 000,030,616 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SCW.CAT
[2010/10/07 02:45:36 | 000,023,518 | ---- | C] () -- C:\WINDOWS\System32\dllcache\admt.cat
[2010/10/07 02:45:36 | 000,022,310 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FXSCAT.CAT
[2010/10/07 02:45:36 | 000,015,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\INS.CAT
[2010/10/07 02:45:36 | 000,014,610 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/10/07 02:45:36 | 000,010,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/10/07 02:45:36 | 000,008,571 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/10/07 02:45:36 | 000,007,379 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/10/07 02:45:35 | 001,994,359 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/10/07 02:45:35 | 001,402,437 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/10/07 02:45:35 | 000,682,720 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/10/01 08:58:32 | 000,004,096 | -HS- | C] () -- C:\VSM000.IDX
[2010/03/31 09:54:31 | 001,622,022 | R--- | C] () -- C:\WINDOWS\schema.ini
[2009/10/26 10:36:52 | 000,000,183 | ---- | C] () -- C:\WINDOWS\ClockLinkService.ini
[2009/10/26 10:36:20 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2008/10/27 15:08:18 | 000,000,923 | ---- | C] () -- C:\WINDOWS\TimeForce.ini
[2008/10/24 12:15:52 | 000,163,032 | RHS- | C] () -- C:\WINDOWS\System32\dwfajl.dll
[2008/10/24 10:55:13 | 000,050,666 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/10/24 10:55:13 | 000,010,793 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/10/24 10:35:25 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/04/26 00:57:33 | 000,011,597 | ---- | C] () -- C:\WINDOWS\System32\dnsperf.ini
[2007/02/18 08:00:00 | 000,179,577 | ---- | C] () -- C:\WINDOWS\System32\schema.ini
[2007/02/18 08:00:00 | 000,024,819 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini
[2007/02/18 08:00:00 | 000,020,386 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini
[2007/02/18 08:00:00 | 000,011,817 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini
[2007/02/18 08:00:00 | 000,011,030 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini
[2007/02/18 08:00:00 | 000,005,597 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini
[2004/12/02 20:13:19 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2004/11/24 15:13:01 | 000,000,079 | ---- | C] () -- C:\WINDOWS\System32\drivers\dcesmwdm.sys
[2004/11/24 13:57:17 | 000,002,360 | ---- | C] () -- C:\WINDOWS\System32\dhcpctrs.ini
[2004/11/24 13:36:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\itgcond.dll
[2004/11/24 13:36:18 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\itg_refs.dll
[2004/11/24 13:36:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\itg_sched.dll
[2004/11/24 13:36:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\itg_night.dll
[2004/11/24 13:33:18 | 000,000,280 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/04 00:21:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/11/03 23:58:16 | 000,000,499 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/01/05 13:56:22 | 000,004,272 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/02/03 10:26:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2001/07/31 10:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

========== LOP Check ==========

[2010/03/29 13:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ntr
[2010/04/17 02:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Overlook
[2010/10/13 12:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Simply Super Software
[2010/10/07 00:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/04/17 02:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Overlook
[2010/10/13 12:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/10/22 23:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/16 22:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/10/23 22:30:00 | 000,000,218 | ---- | M] () -- C:\WINDOWS\Tasks\backupscript.job
[2010/10/24 12:23:00 | 000,032,604 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9291F0D
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >
SRV - (zuxrufpg) -- File not found
SRV - (zdylnfm) -- File not found
SRV - (yknygtck) -- File not found
SRV - (xhehc) -- File not found
SRV - (WinHttpAutoProxySvc) -- File not found
SRV - (wbsfkgn) -- File not found
SRV - (uurefmihf) -- File not found
SRV - (hpqvl) -- File not found
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (SBAMSvc) -- C:\Program Files\Sunbelt Software\SBEAgent\SBAMSvc.exe (Sunbelt Software)
SRV - (SBPIMSvc) -- C:\Program Files\Sunbelt Software\SBEAgent\SBPIMSvc.exe (Sunbelt Software)
SRV - (VSNAPVSS) -- C:\WINDOWS\system32\vsnapvss.exe (StorageCraft Technology Corporation)
SRV - (ShadowProtectSvc) -- D:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe (StorageCraft Technology Corporation)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (VMUpgradeHelper) -- C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe (VMware, Inc.)
SRV - (VMTools) -- C:\Program Files\VMware\VMware Tools\vmtoolsd.exe (VMware, Inc.)
SRV - (VMware Physical Disk Helper Service) -- C:\Program Files\VMware\VMware Tools\vmacthlp.exe (VMware, Inc.)
SRV - (TPVCGateway) -- C:\Program Files\VMware\VMware Tools\TPVCGateway.exe (ThinPrint GmbH)
SRV - (TPAutoConnSvc) -- C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe (ThinPrint AG)
SRV - (Sunbelt Software Enterprise Service) -- C:\Program Files\Sunbelt Software\Enterprise\EnterpriseService.exe (Sunbelt Software)
SRV - (TFPunchProcessQueue) -- c:\Inetpub\wwwroot\qqest\Utilities\TFProcessingQueue.exe (Qqest Software Systems)
SRV - (DNS) -- C:\WINDOWS\system32\dns.exe (Microsoft Corporation)
SRV - (TFPunches) -- c:\Inetpub\wwwroot\qqest\Utilities\TimeForcePunches.exe (Qqest Software Systems)
SRV - (ServiceTimeForce) -- c:\Inetpub\wwwroot\qqest\Utilities\TimeForceServices.exe (Qqest Software Systems)
SRV - (ClockLink) -- C:\Program Files\Qqest Software Systems\TimeForce\ClockLink\ClockLinkService.exe (Qqest Software Systems)
SRV - (NtFrs) -- C:\WINDOWS\system32\ntfrs.exe (Microsoft Corporation)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (Dfs) -- C:\WINDOWS\system32\dfssvc.exe (Microsoft Corporation)
SRV - (LicenseService) -- C:\WINDOWS\system32\llssrv.exe (Microsoft Corporation)
SRV - (RSoPProv) -- C:\WINDOWS\system32\rsopprov.exe (Microsoft Corporation)
SRV - (TrkSvr) -- C:\WINDOWS\system32\trksvr.dll (Microsoft Corporation)
SRV - (IsmServ) -- C:\WINDOWS\system32\ismserv.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (sacsvr) -- C:\WINDOWS\system32\sacsvr.dll (Microsoft Corporation)
SRV - (Tssdis) -- C:\WINDOWS\system32\tssdis.exe (Microsoft Corporation)
SRV - (TermServLicensing) -- C:\WINDOWS\system32\lserver.exe (Microsoft Corporation)
SRV - (omsad) -- C:\Program Files\Dell\OpenManage\oma\bin\omsad32.exe (Dell Inc.)
SRV - (Server Administrator) -- C:\Program Files\Dell\OpenManage\iws\bin\win32\omaws32.exe (Dell Computer Corporation)
SRV - (ASANYs_VWPM) -- C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.)
SRV - (dcevt32) -- C:\Program Files\Dell\OpenManage\dataeng\bin\dcevt32.exe (Dell Inc.)
SRV - (dcstor32) -- C:\Program Files\Dell\OpenManage\dataeng\bin\dcstor32.exe (Dell Inc.)
SRV - (WinVNC4) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
SRV - (BackupExecRPCService) -- D:\Program Files\VERITAS\Backup Exec\NT\beserver.exe (VERITAS Software Corporation)
SRV - (BackupExecJobEngine) -- D:\Program Files\VERITAS\Backup Exec\NT\bengine.exe (VERITAS Software Corporation)
SRV - (BackupExecAgentAccelerator) -- D:\Program Files\VERITAS\Backup Exec\NT\beremote.exe (VERITAS Software Corporation)
SRV - (BackupExecAgentBrowser) -- D:\Program Files\VERITAS\Backup Exec\NT\benetns.exe (VERITAS Software Corporation)
SRV - (BackupExecNamingService) -- D:\Program Files\VERITAS\Backup Exec\NT\benser.exe (VERITAS Software Corporation)
SRV - (BackupExecDeviceMediaService) -- D:\Program Files\VERITAS\Backup Exec\NT\pvlsvr.exe (VERITAS Software Corporation)
SRV - (ECM Service) ExecView Communication Module (ECM) -- D:\program files\VERITAS\Backup Exec\NT\ECM\ECM.exe (VERITAS Software Corporation)
SRV - (Intel Alert Originator) -- C:\WINDOWS\system32\AMS_II\IAO.EXE (IntelŽ Corporation)
SRV - (Intel Alert Handler) -- C:\WINDOWS\system32\AMS_II\HNDLRSVC.EXE (IntelŽ Corporation)
SRV - (Intel File Transfer) -- C:\WINDOWS\system32\CBA\XFR.EXE (IntelŽ Corporation)
SRV - (VWPMRapidServices) -- F:\VWPM\srvany.exe ()


========== Driver Services (SafeList) ==========

DRV - (SDTHelper) -- C:\Documents and Settings\Administrator\Desktop\Radix\sdthlpr.sys File not found
DRV - (MEMSWEEP2) -- C:\WINDOWS\System32\4E.tmp File not found
DRV - (IpInIp) -- C:\WINDOWS\System32\DRIVERS\ipinip.sys File not found
DRV - (vmscsi) -- C:\WINDOWS\System32\DRIVERS\vmscsi.sys (VMware, Inc.)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (hcore32) -- C:\WINDOWS\System32\drivers\hcore32.sys ()
DRV - (SbTis) -- C:\WINDOWS\system32\drivers\sbtis.sys (Sunbelt Software, Inc.)
DRV - (stcvsm) -- C:\WINDOWS\System32\drivers\stcvsm.sys (StorageCraft Technology Corporation)
DRV - (sbmount) -- C:\WINDOWS\System32\drivers\sbmount.sys (StorageCraft Technology Corporation)
DRV - (sbapifs) -- C:\WINDOWS\system32\drivers\sbapifs.sys (Sunbelt Software)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (SAVRKBootTasks) -- C:\WINDOWS\system32\SAVRKBootTasks.sys (Sophos Plc)
DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREDrv.sys (Sunbelt Software)
DRV - (LGTO_Sync) -- C:\WINDOWS\system32\drivers\lgtosync.sys (VMware, Inc.)
DRV - (VMMEMCTL) -- C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys (VMware, Inc.)
DRV - (vmdebug) -- C:\WINDOWS\system32\drivers\vmdebug.sys (VMware, Inc.)
DRV - (vmxnet) -- C:\WINDOWS\system32\drivers\vmxnet.sys (VMware, Inc.)
DRV - (vmmouse) -- C:\WINDOWS\system32\drivers\vmmouse.sys (VMware, Inc.)
DRV - (vmx_svga) -- C:\WINDOWS\system32\drivers\vmx_svga.sys (VMware, Inc.)
DRV - (vmci) -- C:\WINDOWS\system32\drivers\vmci.sys (VMware, Inc.)
DRV - (ql2300) -- C:\WINDOWS\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (afcnt) -- C:\WINDOWS\system32\DRIVERS\afcnt.sys (Agilent Technologies)
DRV - (WLBS) -- C:\WINDOWS\system32\drivers\wlbs.sys (Microsoft Corporation)
DRV - (ql2200) -- C:\WINDOWS\system32\DRIVERS\ql2200.sys (QLogic Corporation)
DRV - (adpu320) -- C:\WINDOWS\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (ql2100) -- C:\WINDOWS\system32\DRIVERS\ql2100.sys (QLogic Corporation)
DRV - (lp6nds35) -- C:\WINDOWS\system32\DRIVERS\lp6nds35.sys (Emulex Corporation)
DRV - (cpqfcalm) -- C:\WINDOWS\system32\DRIVERS\cpqfcalm.sys (Hewlett-Packard Company)
DRV - (ClusDisk) -- C:\WINDOWS\system32\drivers\clusdisk.sys (Microsoft Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (symmpi) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (arc) -- C:\WINDOWS\System32\drivers\arc.sys (Adaptec, Inc.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (hpt3xx) -- C:\WINDOWS\system32\DRIVERS\hpt3xx.sys (HighPoint Technologies, Inc.)
DRV - (nfrd960) -- C:\WINDOWS\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (DfsDriver) -- C:\WINDOWS\system32\drivers\Dfs.sys (Microsoft Corporation)
DRV - (iirsp) -- C:\WINDOWS\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (ipsraidn) -- C:\WINDOWS\system32\DRIVERS\ipsraidn.sys (IBM Corporation)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (LSI Logic Corporation)
DRV - (dpti2o) -- C:\WINDOWS\system32\DRIVERS\dpti2o.sys (Adaptec, Inc.)
DRV - (hpcisss) -- C:\WINDOWS\System32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (dellcerc) -- C:\WINDOWS\system32\DRIVERS\dellcerc.sys (LSI Logic Corporation)
DRV - (cpqcissm) -- C:\WINDOWS\system32\DRIVERS\cpqcissm.sys (Hewlett-Packard Company)
DRV - (Cpqarray) -- C:\WINDOWS\system32\DRIVERS\cpqarray.sys (Hewlett-Packard Company)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (cpqarry2) -- C:\WINDOWS\system32\DRIVERS\cpqarry2.sys (Hewlett-Packard Company)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (PORTACCESSOR) -- C:\Program Files\Dell\OpenManage\oldiags\packages\portaccessor.sys (Dell Computer Corporation.)
DRV - (dcdipm) -- C:\WINDOWS\system32\drivers\dcdipm32.sys (Dell Inc.)
DRV - (dcdbas) -- C:\WINDOWS\system32\DRIVERS\dcdbas32.sys (Dell Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
DRV - (Blfp) -- C:\WINDOWS\system32\drivers\baspxp32.sys (Broadcom Corporation)
DRV - (4mmdat--VRTS) -- C:\WINDOWS\system32\drivers\04mmdat.sys (VERITAS Software)
DRV - (pvdatw2k) -- C:\WINDOWS\system32\drivers\pvdatw2k.sys (Seagate Removable Storage Solutions, LLC)
DRV - (amdagp8p) -- C:\WINDOWS\system32\DRIVERS\amdagp8p.sys (Advanced Micro Devices, Inc.)
DRV - (ati2mpad) -- C:\WINDOWS\system32\drivers\ati2mpad.sys (ATI Technologies Inc.)
DRV - (SCSIChanger) -- C:\WINDOWS\system32\drivers\SCSICHNG.SYS (VERITAS Software)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = res://shdoclc.dll/softAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.9

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/10/13 13:08:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: d:\Program Files\Mozilla Firefox\components [2010/10/06 04:03:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: d:\Program Files\Mozilla Firefox\plugins [2010/10/06 04:03:35 | 000,000,000 | ---D | M]

[2010/04/16 22:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/04/16 22:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/10/14 07:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\laru0dtt.default\extensions
[2010/10/14 07:01:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\laru0dtt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/14 07:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\laru0dtt.default\extensions\staged-xpis

O1 HOSTS File: ([2010/10/07 03:38:22 | 000,421,609 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14540 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [PRONoMgrWired] c:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [VMware Tools] C:\Program Files\VMware\VMware Tools\VMwareTray.exe (VMware, Inc.)
O4 - HKLM..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser.exe (VMware, Inc.)
O4 - HKLM..\Run: [VxTaskbarMgr] D:\program files\VERITAS\VxUpdate\VxTaskbarMgr.exe (VERITAS Software Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DBISQL9] C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe (iAnywhere Solutions, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] d:\program files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SybaseCentral43] C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe ()
O4 - HKCU..\RunOnce: [*LogMeInRescue_2004595380] C:\Documents and Settings\Administrator\WINDOWS\LMI29.tmp\lmi_rescue.exe (LogMeIn, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\program files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll (VMware, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1286431376281 (WUWebControl Class)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domain.local
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\windows\explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - C:\WINDOWS\System32\TPSvc.dll (ThinPrint AG)
O20 - Winlogon\Notify\VMUpgradeAtShutdown: DllName - VMUpgradeAtShutdownWXP.dll - C:\WINDOWS\System32\VMUpgradeAtShutdownWXP.dll (VMware, Inc.)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (pwdssp.dll) - C:\WINDOWS\System32\pwdssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/05 14:03:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\##nick#k\Shell - "" = AutoRun
O33 - MountPoints2\##nick#k\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##nick#k\Shell\AutoRun\command - "" = Z:\Get_Started_for_Win.exe -- File not found
O33 - MountPoints2\{e545845a-a1ec-11dd-9d98-0011435a73b6}\Shell - "" = AutoRun
O33 - MountPoints2\{e545845a-a1ec-11dd-9d98-0011435a73b6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e545845a-a1ec-11dd-9d98-0011435a73b6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/24 18:08:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/10/14 10:59:10 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SAVRKBootTasks.sys
[2010/10/14 08:01:18 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll
[2010/10/14 07:51:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/10/14 07:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/10/14 07:04:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pavark
[2010/10/14 06:49:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Hypersight
[2010/10/14 06:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\Hypersight
[2010/10/14 06:35:40 | 000,102,800 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/10/13 13:21:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/13 13:10:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/10/13 13:03:56 | 003,601,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/10/13 13:03:56 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dat
[2010/10/13 13:03:56 | 001,168,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/10/13 13:03:56 | 000,832,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/10/13 13:03:56 | 000,634,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2010/10/13 13:03:56 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2010/10/13 13:03:56 | 000,468,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010/10/13 13:03:56 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2010/10/13 13:03:56 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2010/10/13 13:03:56 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2010/10/13 13:03:56 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2010/10/13 13:03:56 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2010/10/13 13:03:56 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010/10/13 13:03:56 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/10/13 13:03:56 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2010/10/13 13:03:56 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2010/10/13 13:03:56 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2010/10/13 13:03:56 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010/10/13 13:03:56 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2010/10/13 13:03:56 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2010/10/13 13:03:56 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2010/10/13 13:03:56 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010/10/13 13:03:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2010/10/13 13:03:47 | 006,075,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/10/13 13:03:47 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2010/10/13 13:03:47 | 000,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2010/10/13 13:03:47 | 000,468,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/10/13 13:03:47 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2010/10/13 13:03:47 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/10/13 13:03:47 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2010/10/13 13:03:47 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/10/13 13:03:47 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2010/10/13 13:03:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/10/13 13:03:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2010/10/13 13:03:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2010/10/13 13:03:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2010/10/13 12:54:27 | 000,647,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2010/10/13 12:30:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Simply Super Software
[2010/10/13 12:27:50 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe
[2010/10/13 12:27:24 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2010/10/13 12:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/10/13 12:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/10/13 12:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Simply Super Software
[2010/10/13 12:22:18 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/10/07 23:19:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/10/07 23:19:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/07 23:19:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/07 23:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/07 23:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/07 20:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
[2010/10/07 20:13:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2010/10/07 03:21:02 | 000,016,432 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmx_mode.dll
[2010/10/07 03:21:01 | 000,218,288 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmx_fb.dll
[2010/10/07 03:21:01 | 000,061,872 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmci.sys
[2010/10/07 03:21:01 | 000,028,080 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmx_svga.sys
[2010/10/07 03:20:54 | 000,036,400 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\lgtosync.sys
[2010/10/07 03:20:54 | 000,030,000 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmxnet.sys
[2010/10/07 03:20:53 | 000,011,440 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmmouse.sys
[2010/10/07 03:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2010/10/07 03:01:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/10/07 02:58:57 | 000,174,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xenrx86.dll
[2010/10/07 02:58:56 | 000,506,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xenria64.dll
[2010/10/07 02:58:53 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmswmiproppage.dll
[2010/10/07 02:58:52 | 001,150,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmswizardres.dll
[2010/10/07 02:58:52 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmswizard.exe
[2010/10/07 02:58:51 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsunicastsinkproppage.dll
[2010/10/07 02:58:51 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmssrvmk.dll
[2010/10/07 02:58:51 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmssnmp.dll
[2010/10/07 02:58:50 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsservertypelib.dll
[2010/10/07 02:58:50 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsserverupgrade.exe
[2010/10/07 02:58:50 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsserverresourceres.dll
[2010/10/07 02:58:49 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsserverresource.dll
[2010/10/07 02:58:49 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsserverconfig.exe
[2010/10/07 02:58:44 | 003,166,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsserver.dll
[2010/10/07 02:58:44 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsscriptproppage.dll
[2010/10/07 02:58:43 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsplaylistres.dll
[2010/10/07 02:58:43 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmspluginres.dll
[2010/10/07 02:58:42 | 000,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsplaylist.dll
[2010/10/07 02:58:42 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsperfmon.exe
[2010/10/07 02:58:42 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsperf.dll
[2010/10/07 02:58:41 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsnetworkdatasourceproppage.dll
[2010/10/07 02:58:41 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsmulticastsinkproppage.dll
[2010/10/07 02:58:40 | 001,852,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsmonitorres.dll
[2010/10/07 02:58:40 | 000,546,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsmonitor.dll
[2010/10/07 02:58:39 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmslogproppages.dll
[2010/10/07 02:58:39 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsipaccessproppage.dll
[2010/10/07 02:58:39 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsiphlp.dll
[2010/10/07 02:58:39 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmslf.dll
[2010/10/07 02:58:38 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmshttpcontrolproppage.dll
[2010/10/07 02:58:38 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmshttpauthenproppage.dll
[2010/10/07 02:58:38 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsiislog.dll
[2010/10/07 02:58:38 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmshttpsyscfg.exe
[2010/10/07 02:58:35 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmserror.dll
[2010/10/07 02:58:35 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmseditor.exe
[2010/10/07 02:58:35 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmserver.exe
[2010/10/07 02:58:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmserr.dll
[2010/10/07 02:58:34 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsbrowse.dll
[2010/10/07 02:58:34 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdigestauthenproppage.dll
[2010/10/07 02:58:34 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsbrowseres.dll
[2010/10/07 02:58:33 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsadminres.dll
[2010/10/07 02:58:33 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsarchivesinkv1proppage.dll
[2010/10/07 02:58:33 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsanonauthenproppage.dll
[2010/10/07 02:58:33 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsaspadmin.dll
[2010/10/07 02:58:32 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsadmin.dll
[2010/10/07 02:58:32 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsaclcheckproppage.dll
[2010/10/07 02:58:32 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsactscrpt.dll
[2010/10/07 02:58:31 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmilistener.dll
[2010/10/07 02:58:30 | 000,651,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winssnap.dll
[2010/10/07 02:58:30 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2010/10/07 02:58:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmibridge.dll
[2010/10/07 02:58:29 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2010/10/07 02:58:29 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2010/10/07 02:58:29 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wins.exe
[2010/10/07 02:58:29 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsevnt.dll
[2010/10/07 02:58:29 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpop.exe
[2010/10/07 02:58:29 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsmib.dll
[2010/10/07 02:58:29 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsctrs.dll
[2010/10/07 02:58:28 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdsutil.exe
[2010/10/07 02:58:28 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2010/10/07 02:58:28 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2010/10/07 02:58:28 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2010/10/07 02:58:27 | 001,106,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdsmmc.dll
[2010/10/07 02:58:27 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdssrv.dll
[2010/10/07 02:58:27 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdspxe.dll
[2010/10/07 02:58:25 | 000,569,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdsmgmt.dll
[2010/10/07 02:58:24 | 000,349,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdsimage.dll
[2010/10/07 02:58:24 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdsigsv.dll
[2010/10/07 02:58:24 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdscsl.dll
[2010/10/07 02:58:22 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2010/10/07 02:58:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2010/10/07 02:58:20 | 000,197,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W98_unidrv.dll
[2010/10/07 02:58:20 | 000,197,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W95_unidrv.dll
[2010/10/07 02:58:20 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2010/10/07 02:58:20 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2010/10/07 02:58:19 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2010/10/07 02:58:19 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2010/10/07 02:58:19 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2010/10/07 02:58:18 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2010/10/07 02:58:17 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2010/10/07 02:58:17 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tftpd.exe
[2010/10/07 02:58:03 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmtest.exe
[2010/10/07 02:58:03 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2010/10/07 02:58:02 | 000,359,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2010/10/07 02:58:02 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2010/10/07 02:58:02 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2010/10/07 02:58:02 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2010/10/07 02:58:02 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2010/10/07 02:58:02 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2010/10/07 02:58:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snprfdll.dll
[2010/10/07 02:58:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2010/10/07 02:58:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2010/10/07 02:58:01 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2010/10/07 02:58:01 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2010/10/07 02:58:01 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2010/10/07 02:58:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpctrs.dll
[2010/10/07 02:58:01 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2010/10/07 02:58:01 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2010/10/07 02:58:00 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sis.sys
[2010/10/07 02:58:00 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smef.dll
[2010/10/07 02:58:00 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2010/10/07 02:57:59 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seva.dll
[2010/10/07 02:57:59 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setupcl.exe
[2010/10/07 02:57:59 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seos.dll
[2010/10/07 02:57:59 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_strap.exe
[2010/10/07 02:57:58 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwiisext.dll
[2010/10/07 02:57:58 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwengb.dll
[2010/10/07 02:57:58 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwcmd.exe
[2010/10/07 02:57:58 | 000,056,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrdx86.dll
[2010/10/07 02:57:58 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwhlp.dll
[2010/10/07 02:57:58 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwauditext.dll
[2010/10/07 02:57:58 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwsddlanalysis.dll
[2010/10/07 02:57:58 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwviewer.exe
[2010/10/07 02:57:58 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scss.exe
[2010/10/07 02:57:58 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scshost.exe
[2010/10/07 02:57:57 | 000,147,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrdia64.dll
[2010/10/07 02:57:57 | 000,067,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrdw2k.dll
[2010/10/07 02:57:57 | 000,056,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrdenrl.dll
[2010/10/07 02:57:57 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rqs.exe
[2010/10/07 02:57:57 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2010/10/07 02:57:57 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rqsinst.dll
[2010/10/07 02:57:56 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\riprep.exe
[2010/10/07 02:57:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\risetup.exe
[2010/10/07 02:57:56 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regtrace.exe
[2010/10/07 02:57:55 | 000,299,008 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\rbfg.exe
[2010/10/07 02:57:55 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2010/10/07 02:57:54 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3snap.dll
[2010/10/07 02:57:54 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2010/10/07 02:57:54 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3auth.dll
[2010/10/07 02:57:54 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3svc.exe
[2010/10/07 02:57:54 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3msg.dll
[2010/10/07 02:57:54 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3perf.dll
[2010/10/07 02:57:54 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3evt.dll
[2010/10/07 02:57:51 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2010/10/07 02:57:51 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\playlisttransformproppage.dll
[2010/10/07 02:57:33 | 000,535,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2010/10/07 02:57:26 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2010/10/07 02:57:25 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oschoice.exe
[2010/10/07 02:57:25 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\p3admin.dll
[2010/10/07 02:57:25 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2010/10/07 02:57:25 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\owsrmadm.exe
[2010/10/07 02:57:25 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\p3store.dll
[2010/10/07 02:57:25 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\owsadm.exe
[2010/10/07 02:57:25 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2010/10/07 02:57:25 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2010/10/07 02:57:25 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2010/10/07 02:57:25 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2010/10/07 02:57:23 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntfsdrv.dll
[2010/10/07 02:57:22 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nntpsvc.dll
[2010/10/07 02:57:22 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nntpfs.dll
[2010/10/07 02:57:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nntpctrs.dll
[2010/10/07 02:57:22 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsneterr.dll
[2010/10/07 02:57:21 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2010/10/07 02:57:21 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\namespace.dll
[2010/10/07 02:57:20 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_msvcp60.dll
[2010/10/07 02:57:20 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2010/10/07 02:57:20 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\muisetup.exe
[2010/10/07 02:57:18 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2010/10/07 02:57:18 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2010/10/07 02:57:17 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll
[2010/10/07 02:57:14 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2010/10/07 02:57:11 | 000,118,784 | ---- | C] ( ) -- C:\WINDOWS\System32\dllcache\microsoft.windowsmediaservices.dll
[2010/10/07 02:57:11 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mailmsg.dll
[2010/10/07 02:57:10 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2010/10/07 02:57:10 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2010/10/07 02:57:10 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2010/10/07 02:57:07 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2010/10/07 02:57:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2010/10/07 02:57:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2010/10/07 02:57:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2010/10/07 02:57:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2010/10/07 02:57:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2010/10/07 02:57:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2010/10/07 02:57:06 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2010/10/07 02:57:06 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2010/10/07 02:57:06 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2010/10/07 02:57:06 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2010/10/07 02:57:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2010/10/07 02:57:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2010/10/07 02:57:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2010/10/07 02:57:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2010/10/07 02:57:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2010/10/07 02:57:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2010/10/07 02:57:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2010/10/07 02:57:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2010/10/07 02:57:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2010/10/07 02:57:05 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2010/10/07 02:57:04 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2010/10/07 02:57:04 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isrpc.dll
[2010/10/07 02:56:58 | 001,499,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_instmsiw.exe
[2010/10/07 02:56:58 | 001,489,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_instmsia.exe
[2010/10/07 02:56:58 | 000,069,632 | ---- | C] ( ) -- C:\WINDOWS\System32\dllcache\interop_msxml.dll
[2010/10/07 02:56:57 | 000,394,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2010/10/07 02:56:57 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2010/10/07 02:56:57 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2010/10/07 02:56:57 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2010/10/07 02:56:48 | 009,206,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpzp.dic
[2010/10/07 02:56:48 | 000,854,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjptk.dic
[2010/10/07 02:56:48 | 000,234,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2010/10/07 02:56:48 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2010/10/07 02:56:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2010/10/07 02:56:27 | 014,694,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpst.dic
[2010/10/07 02:56:27 | 000,137,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpsb.dic
[2010/10/07 02:56:27 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2010/10/07 02:56:15 | 010,660,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpnm.dic
[2010/10/07 02:56:15 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2010/10/07 02:56:14 | 000,993,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpln.dic
[2010/10/07 02:56:14 | 000,815,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpgn.grm
[2010/10/07 02:56:14 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/10/07 02:56:13 | 000,695,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2010/10/07 02:56:13 | 000,647,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2010/10/07 02:56:13 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2010/10/07 02:56:13 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2010/10/07 02:56:13 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcd.dic
[2010/10/07 02:56:13 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2010/10/07 02:56:13 | 000,055,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpch.dic
[2010/10/07 02:56:13 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2010/10/07 02:56:13 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2010/10/07 02:56:12 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2010/10/07 02:56:12 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2010/10/07 02:56:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2010/10/07 02:56:11 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2010/10/07 02:56:11 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2010/10/07 02:56:11 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2010/10/07 02:56:11 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2010/10/07 02:55:56 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2010/10/07 02:55:38 | 011,091,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/10/07 02:55:25 | 010,100,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2010/10/07 02:55:24 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\grovel.exe
[2010/10/07 02:55:24 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2010/10/07 02:55:24 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2010/10/07 02:55:24 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\grovmsg.dll
[2010/10/07 02:55:23 | 000,405,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsxp32.dll
[2010/10/07 02:55:23 | 000,398,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2010/10/07 02:55:23 | 000,398,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsxp32.dll
[2010/10/07 02:55:22 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2010/10/07 02:55:22 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxstiff.dll
[2010/10/07 02:55:22 | 000,387,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxstiff.dll
[2010/10/07 02:55:22 | 000,269,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2010/10/07 02:55:22 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2010/10/07 02:55:22 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2010/10/07 02:55:22 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsui.dll
[2010/10/07 02:55:22 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2010/10/07 02:55:22 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxswzrd.dll
[2010/10/07 02:55:22 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxswzrd.dll
[2010/10/07 02:55:22 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30p.dll
[2010/10/07 02:55:21 | 000,737,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2010/10/07 02:55:21 | 000,561,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2010/10/07 02:55:21 | 000,102,400 | ---- | C] (Installshield Software Corporation ) -- C:\WINDOWS\System32\dllcache\FXS_setup.exe
[2010/10/07 02:55:21 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2010/10/07 02:55:21 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsrtmtd.dll
[2010/10/07 02:55:21 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2010/10/07 02:55:21 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxssend.exe
[2010/10/07 02:55:21 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxssend.exe
[2010/10/07 02:55:20 | 000,737,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsres.dll
[2010/10/07 02:55:20 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2010/10/07 02:55:20 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsdrv32.dll
[2010/10/07 02:55:20 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsext32.dll
[2010/10/07 02:55:20 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2010/10/07 02:55:20 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2010/10/07 02:55:20 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsext32.dll
[2010/10/07 02:55:20 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2010/10/07 02:55:20 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\NT4_fxsdrv4.dll
[2010/10/07 02:55:20 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2010/10/07 02:55:19 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2010/10/07 02:55:19 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2010/10/07 02:55:19 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxscover.exe
[2010/10/07 02:55:19 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxscover.exe
[2010/10/07 02:55:19 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2010/10/07 02:55:18 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2010/10/07 02:55:18 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsclnt.exe
[2010/10/07 02:55:18 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsclnt.exe
[2010/10/07 02:55:18 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsclntr.dll
[2010/10/07 02:55:18 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2010/10/07 02:55:18 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsclntr.dll
[2010/10/07 02:55:18 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2010/10/07 02:55:17 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsapi.dll
[2010/10/07 02:55:17 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2010/10/07 02:55:17 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsapi.dll
[2010/10/07 02:55:17 | 000,466,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\NT4_fxsapi.dll
[2010/10/07 02:55:17 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsadmin.dll
[2010/10/07 02:55:17 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsvc2.dll
[2010/10/07 02:55:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2010/10/07 02:55:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2010/10/07 02:55:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2010/10/07 02:55:16 | 000,027,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2010/10/07 02:55:15 | 001,383,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp5awel.dll
[2010/10/07 02:55:15 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp5avss.dll
[2010/10/07 02:55:14 | 000,944,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp5autl.dll
[2010/10/07 02:55:14 | 000,142,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp5amsft.dll
[2010/10/07 02:55:13 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2010/10/07 02:55:13 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2010/10/07 02:55:13 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fcachdll.dll
[2010/10/07 02:55:13 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2010/10/07 02:55:13 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2010/10/07 02:55:10 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddrop.dll
[2010/10/07 02:55:09 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2010/10/07 02:55:08 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\complianceextensions.dll
[2010/10/07 02:55:08 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2010/10/07 02:55:07 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2010/10/07 02:55:07 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cleanri.exe
[2010/10/07 02:55:06 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2010/10/07 02:55:05 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2010/10/07 02:55:05 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2010/10/07 02:55:05 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2010/10/07 02:55:04 | 000,841,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2010/10/07 02:55:03 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2010/10/07 02:55:03 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2010/10/07 02:55:02 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certsrv.exe
[2010/10/07 02:55:02 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certdb.dll
[2010/10/07 02:55:02 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certenc.dll
[2010/10/07 02:55:02 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2010/10/07 02:55:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2010/10/07 02:55:00 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsmgr.dll
[2010/10/07 02:55:00 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitssrv.dll
[2010/10/07 02:54:58 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asfarchiver.dll
[2010/10/07 02:54:57 | 000,501,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2010/10/07 02:54:57 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqadmin.dll
[2010/10/07 02:54:57 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2010/10/07 02:54:56 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2010/10/07 02:54:56 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2010/10/07 02:54:56 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2010/10/07 02:54:56 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2010/10/07 02:54:56 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2010/10/07 02:54:56 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiisex.dll
[2010/10/07 02:54:55 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2010/10/07 02:54:53 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2010/10/07 02:54:51 | 000,254,005 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_msvcrt.dll
[2010/10/07 02:54:49 | 001,163,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_mfc42u.dll
[2010/10/07 02:54:37 | 001,160,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_mfc42.dll
[2010/10/07 02:54:33 | 000,400,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2010/10/07 02:54:33 | 000,199,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2010/10/07 02:54:32 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2010/10/07 02:54:32 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2010/10/07 02:54:32 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2010/10/07 02:54:32 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2010/10/07 02:54:32 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2010/10/07 02:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/10/07 02:46:33 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\battc.sys
[2010/10/07 02:45:44 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010/10/07 02:45:44 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010/10/07 02:27:52 | 000,421,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/10/07 02:27:27 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kerberos.dll
[2010/10/07 02:27:27 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdigest.dll
[2010/10/07 02:27:27 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\secur32.dll
[2010/10/07 02:23:23 | 002,488,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/10/07 02:23:23 | 002,340,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/10/07 02:23:23 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sc.exe
[2010/10/07 02:23:22 | 002,449,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/10/07 02:23:22 | 002,300,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/10/07 02:22:26 | 000,583,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010/10/07 02:19:15 | 002,854,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msi.dll
[2010/10/07 02:19:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/10/07 02:03:24 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2010/10/07 02:03:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/10/07 00:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/10/07 00:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn
[2010/10/06 23:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/10/06 22:41:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSVOL
[2010/10/06 22:41:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\NTDS
[2010/10/06 22:24:05 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2010/10/06 22:24:05 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2010/10/06 18:21:51 | 000,011,026 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmscsi.sys
[2010/10/06 18:21:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\$Reconfig$
[2010/10/06 03:31:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\VAMT2
[2010/10/06 01:35:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\vmware-converter-install-pgtvcuszkzkrokyd
[2010/10/05 23:30:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\vmware-converter-install-bkajscfpvizwydvg
[2010/10/05 21:27:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\vmware-converter-install-mczqxfzlwfxdqqkv
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/24 18:08:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/10/24 18:07:52 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RKUnhookerLE.EXE
[2010/10/24 17:23:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3018655958-1258357186-3169496164-500UA.job
[2010/10/24 07:03:19 | 000,000,600 | ---- | M] () -- C:\WINDOWS\PUTTY.RND
[2010/10/24 01:23:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3018655958-1258357186-3169496164-500Core.job
[2010/10/23 22:30:00 | 000,000,218 | ---- | M] () -- C:\WINDOWS\tasks\backupscript.job
[2010/10/21 19:23:47 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2010/10/21 19:23:47 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/18 01:18:04 | 000,065,536 | ---- | M] () -- C:\WINDOWS\NETLOGON.CHG
[2010/10/15 07:43:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/15 07:35:01 | 000,845,018 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/15 07:35:01 | 000,199,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/15 03:25:19 | 000,000,923 | ---- | M] () -- C:\WINDOWS\TimeForce.ini
[2010/10/15 03:24:39 | 000,000,183 | ---- | M] () -- C:\WINDOWS\ClockLinkService.ini
[2010/10/15 03:24:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/14 08:02:36 | 000,003,470 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/14 06:52:43 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/10/14 06:35:40 | 000,102,800 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/10/14 05:20:00 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/14 05:04:39 | 000,008,680 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/10/14 04:58:20 | 000,262,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/13 12:28:48 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/13 12:28:26 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe
[2010/10/13 12:27:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2010/10/07 03:38:22 | 000,421,609 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/07 03:20:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/10/07 02:59:28 | 000,000,316 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/10/07 02:54:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/10/07 02:54:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/10/07 02:54:12 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/10/07 02:54:07 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/10/07 02:54:07 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/10/07 02:54:05 | 000,004,272 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/07 02:53:25 | 000,001,411 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Security Configuration Wizard.lnk
[2010/10/07 02:51:36 | 000,022,756 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/10/07 02:50:21 | 000,000,208 | -HS- | M] () -- C:\boot.ini
[2010/10/07 02:49:23 | 000,002,492 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/10/07 02:25:18 | 000,003,672 | ---- | M] () -- C:\WINDOWS\ominstal.db
[2010/10/07 00:23:12 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/10/06 23:00:04 | 000,001,914 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VIPRE Enterprise.lnk
[2010/10/06 22:37:12 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\Administrator\.scUserPreferences43
[2010/10/06 18:21:51 | 000,011,026 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmscsi.sys
[2010/10/05 14:39:32 | 000,001,194 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
[2010/10/05 12:45:42 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll.000.bak
[2010/10/05 12:45:42 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll.000.bak
[2010/10/01 08:58:32 | 000,004,096 | -HS- | M] () -- C:\VSM000.IDX
[2010/09/27 14:50:44 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2010/09/27 14:49:18 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2010/09/27 14:49:18 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/24 18:09:04 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RKUnhookerLE.EXE
[2010/10/14 06:49:30 | 000,177,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\hcore32.sys
[2010/10/13 12:28:48 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/13 12:27:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2010/10/13 12:27:24 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/10/13 12:27:24 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/10/13 12:27:24 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/10/13 12:27:24 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/10/07 20:16:20 | 000,002,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2010/10/07 20:16:20 | 000,002,322 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/07 20:13:57 | 000,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3018655958-1258357186-3169496164-500UA.job
[2010/10/07 20:13:57 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3018655958-1258357186-3169496164-500Core.job
[2010/10/07 03:21:01 | 002,275,888 | R--- | C] () -- C:\WINDOWS\System32\vmwogl32.dll
[2010/10/07 03:18:41 | 000,001,374 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2010/10/07 02:58:18 | 001,413,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgs.imd
[2010/10/07 02:58:18 | 000,455,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgl.imd
[2010/10/07 02:58:18 | 000,171,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgc.imd
[2010/10/07 02:57:57 | 000,006,331 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rsess.vbs
[2010/10/07 02:57:56 | 000,026,417 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rfeed.vbs
[2010/10/07 02:57:56 | 000,012,400 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rgroup.vbs
[2010/10/07 02:57:56 | 000,011,781 | ---- | C] () -- C:\WINDOWS\System32\dllcache\regfilt.vbs
[2010/10/07 02:57:56 | 000,010,571 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rexpire.vbs
[2010/10/07 02:57:55 | 000,003,912 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rcancel.vbs
[2010/10/07 02:57:34 | 010,011,497 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgs.imd
[2010/10/07 02:57:34 | 000,733,292 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgr.imd
[2010/10/07 02:57:33 | 000,208,744 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgl.imd
[2010/10/07 02:57:31 | 001,004,904 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgix.imd
[2010/10/07 02:57:30 | 000,948,656 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgi.imd
[2010/10/07 02:57:28 | 000,867,242 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgdx.imd
[2010/10/07 02:57:26 | 000,825,038 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgd.imd
[2010/10/07 02:57:26 | 000,487,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsk.dic
[2010/10/07 02:57:26 | 000,188,140 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgc.imd
[2010/10/07 02:57:26 | 000,174,803 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsd.dic
[2010/10/07 02:57:25 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/10/07 02:57:08 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/10/07 02:56:57 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/10/07 02:56:11 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/10/07 02:55:24 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/10/07 02:55:16 | 000,100,936 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/10/07 02:55:07 | 000,409,168 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgu.imd
[2010/10/07 02:55:07 | 000,102,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlguc.imd
[2010/10/07 02:55:07 | 000,102,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgsi.imd
[2010/10/07 02:55:07 | 000,001,849 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IIS_clusftp.vbs
[2010/10/07 02:55:06 | 000,427,138 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgie.imd
[2010/10/07 02:55:06 | 000,279,894 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgd.imd
[2010/10/07 02:55:06 | 000,024,080 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgl.imd
[2010/10/07 02:55:06 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgs.imd
[2010/10/07 02:55:05 | 000,543,708 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgb.imd
[2010/10/07 02:55:05 | 000,462,929 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskdic.dic
[2010/10/07 02:55:05 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/10/07 02:54:15 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/10/07 02:54:15 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/10/07 02:49:23 | 000,002,492 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2010/10/07 02:45:36 | 000,314,515 | ---- | C] () -- C:\WINDOWS\System32\dllcache\WMSocm.CAT
[2010/10/07 02:45:36 | 000,112,975 | ---- | C] () -- C:\WINDOWS\System32\dllcache\UDDI.CAT
[2010/10/07 02:45:36 | 000,082,025 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sasetup.CAT
[2010/10/07 02:45:36 | 000,071,199 | ---- | C] () -- C:\WINDOWS\System32\dllcache\adminpak.CAT
[2010/10/07 02:45:36 | 000,067,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP5.CAT
[2010/10/07 02:45:36 | 000,066,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NETFX.CAT
[2010/10/07 02:45:36 | 000,064,351 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/10/07 02:45:36 | 000,030,616 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SCW.CAT
[2010/10/07 02:45:36 | 000,023,518 | ---- | C] () -- C:\WINDOWS\System32\dllcache\admt.cat
[2010/10/07 02:45:36 | 000,022,310 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FXSCAT.CAT
[2010/10/07 02:45:36 | 000,015,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\INS.CAT
[2010/10/07 02:45:36 | 000,014,610 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/10/07 02:45:36 | 000,010,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/10/07 02:45:36 | 000,008,571 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/10/07 02:45:36 | 000,007,379 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/10/07 02:45:35 | 001,994,359 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/10/07 02:45:35 | 001,402,437 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/10/07 02:45:35 | 000,682,720 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/10/01 08:58:32 | 000,004,096 | -HS- | C] () -- C:\VSM000.IDX
[2010/03/31 09:54:31 | 001,622,022 | R--- | C] () -- C:\WINDOWS\schema.ini
[2009/10/26 10:36:52 | 000,000,183 | ---- | C] () -- C:\WINDOWS\ClockLinkService.ini
[2009/10/26 10:36:20 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2008/10/27 15:08:18 | 000,000,923 | ---- | C] () -- C:\WINDOWS\TimeForce.ini
[2008/10/24 12:15:52 | 000,163,032 | RHS- | C] () -- C:\WINDOWS\System32\dwfajl.dll
[2008/10/24 10:55:13 | 000,050,666 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/10/24 10:55:13 | 000,010,793 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/10/24 10:35:25 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/04/26 00:57:33 | 000,011,597 | ---- | C] () -- C:\WINDOWS\System32\dnsperf.ini
[2007/02/18 08:00:00 | 000,179,577 | ---- | C] () -- C:\WINDOWS\System32\schema.ini
[2007/02/18 08:00:00 | 000,024,819 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini
[2007/02/18 08:00:00 | 000,020,386 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini
[2007/02/18 08:00:00 | 000,011,817 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini
[2007/02/18 08:00:00 | 000,011,030 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini
[2007/02/18 08:00:00 | 000,005,597 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini
[2004/12/02 20:13:19 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2004/11/24 15:13:01 | 000,000,079 | ---- | C] () -- C:\WINDOWS\System32\drivers\dcesmwdm.sys
[2004/11/24 13:57:17 | 000,002,360 | ---- | C] () -- C:\WINDOWS\System32\dhcpctrs.ini
[2004/11/24 13:36:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\itgcond.dll
[2004/11/24 13:36:18 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\itg_refs.dll
[2004/11/24 13:36:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\itg_sched.dll
[2004/11/24 13:36:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\itg_night.dll
[2004/11/24 13:33:18 | 000,000,280 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/04 00:21:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/11/03 23:58:16 | 000,000,499 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/01/05 13:56:22 | 000,004,272 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/02/03 10:26:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2001/07/31 10:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

========== LOP Check ==========

[2010/03/29 13:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ntr
[2010/04/17 02:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Overlook
[2010/10/13 12:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Simply Super Software
[2010/10/07 00:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/04/17 02:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Overlook
[2010/10/13 12:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/10/22 23:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/16 22:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/10/23 22:30:00 | 000,000,218 | ---- | M] () -- C:\WINDOWS\Tasks\backupscript.job
[2010/10/24 12:23:00 | 000,032,604 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9291F0D
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >

Attached Files



#9 iGmO

iGmO
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 24 October 2010 - 05:48 PM

I will also say, that I JUST (less then an hour ago)took a backup of the server's state prior to running all of these reports. I can play rough with it and still be okay.

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:52 PM

Posted 24 October 2010 - 05:59 PM

There's way too many posts there. I will edit them if I get the chance.

Please rerun OTL as shown below, let's lift the problem file and see what happens.

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
SRV - (zuxrufpg) -- File not found
SRV - (zdylnfm) -- File not found
SRV - (yknygtck) -- File not found
SRV - (xhehc) -- File not found
SRV - (WinHttpAutoProxySvc) -- File not found
SRV - (wbsfkgn) -- File not found
SRV - (uurefmihf) -- File not found
SRV - (hpqvl) -- File not found
O4 - HKCU..\Run: [] File not found
@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9291F0D
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

:files
C:\windows\system32\dwfajl.dll 

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Now run OTL as scan only and post the OTL.txt post only.
Posted Image
m0le is a proud member of UNITE

#11 iGmO

iGmO
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 24 October 2010 - 06:24 PM

========== OTL ==========
Service zuxrufpg stopped successfully!
Service zuxrufpg deleted successfully!
File File not found not found.
Service zdylnfm stopped successfully!
Service zdylnfm deleted successfully!
File File not found not found.
Service yknygtck stopped successfully!
Service yknygtck deleted successfully!
File File not found not found.
Service xhehc stopped successfully!
Service xhehc deleted successfully!
File File not found not found.
Service WinHttpAutoProxySvc stopped successfully!
Service WinHttpAutoProxySvc deleted successfully!
File File not found not found.
Service wbsfkgn stopped successfully!
Service wbsfkgn deleted successfully!
File File not found not found.
Service uurefmihf stopped successfully!
Service uurefmihf deleted successfully!
File File not found not found.
Service hpqvl stopped successfully!
Service hpqvl deleted successfully!
File File not found not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C9291F0D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9 deleted successfully.
========== FILES ==========
File move failed. C:\windows\system32\dwfajl.dll scheduled to be moved on reboot.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.17.1 log created on 10242010_191402

Files\Folders moved on Reboot...
C:\windows\system32\dwfajl.dll moved successfully.

Registry entries deleted on Reboot...



What settings would you like me use on an OTL scan now for the full (post-fix) scan?

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:52 PM

Posted 24 October 2010 - 07:22 PM

The same scan as the first time:

  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.


Posted Image
m0le is a proud member of UNITE

#13 iGmO

iGmO
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 24 October 2010 - 07:34 PM

OTL logfile created on: 10/24/2010 8:29:28 PM - Run 2
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 74.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.00 Gb Total Space | 10.25 Gb Free Space | 40.98% Space Free | Partition Type: NTFS
Drive D: | 35.00 Gb Total Space | 16.77 Gb Free Space | 47.92% Space Free | Partition Type: NTFS
Drive F: | 68.36 Gb Total Space | 32.11 Gb Free Space | 46.97% Space Free | Partition Type: NTFS
Drive H: | 68.36 Gb Total Space | 32.11 Gb Free Space | 46.97% Space Free | Partition Type: NTFS

Computer Name: SERVERVW | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\WINDOWS\LMI2B.tmp\lmi_rescue.exe (LogMeIn, Inc.)
PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Sunbelt Software\SBEAgent\SBPIMSvc.exe (Sunbelt Software)
PRC - C:\WINDOWS\system32\vsnapvss.exe (StorageCraft Technology Corporation)
PRC - D:\program files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe (StorageCraft Technology Corporation)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe (VMware, Inc.)
PRC - C:\Program Files\VMware\VMware Tools\vmtoolsd.exe (VMware, Inc.)
PRC - C:\Program Files\VMware\VMware Tools\VMwareTray.exe (VMware, Inc.)
PRC - C:\Program Files\VMware\VMware Tools\VMwareUser.exe (VMware, Inc.)
PRC - C:\Program Files\VMware\VMware Tools\vmacthlp.exe (VMware, Inc.)
PRC - C:\Program Files\Sunbelt Software\Enterprise\EnterpriseService.exe (Sunbelt Software)
PRC - c:\Inetpub\wwwroot\qqest\Utilities\TFProcessingQueue.exe (Qqest Software Systems)
PRC - d:\program files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\system32\dns.exe (Microsoft Corporation)
PRC - c:\Inetpub\wwwroot\qqest\Utilities\TimeForcePunches.exe (Qqest Software Systems)
PRC - F:\VWPM\vwpmrapidservices.exe (Cerner Corporation)
PRC - c:\Inetpub\wwwroot\qqest\Utilities\TimeForceServices.exe (Qqest Software Systems)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ntfrs.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\dfssvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ismserv.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\lserver.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\OpenManage\oma\bin\omsad32.exe (Dell Inc.)
PRC - C:\Program Files\Dell\OpenManage\iws\bin\win32\omaws32.exe (Dell Computer Corporation)
PRC - C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe (iAnywhere Solutions, Inc.)
PRC - C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.)
PRC - C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe ()
PRC - C:\Program Files\Dell\OpenManage\dataeng\bin\dcevt32.exe (Dell Inc.)
PRC - C:\Program Files\Dell\OpenManage\dataeng\bin\dcstor32.exe (Dell Inc.)
PRC - C:\Program Files\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)
PRC - D:\program files\VERITAS\VxUpdate\VxTaskbarMgr.exe (VERITAS Software Corporation)
PRC - F:\VWPM\srvany.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\WINDOWS\LMI2B.tmp\rahook.dll (LogMeIn, Inc.)
MOD - C:\Documents and Settings\Administrator\WINDOWS\LMI2B.tmp\LMIRhook.000.dll (LogMeIn, Inc.)
MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.4770_x-ww_05FDF087\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\activeds.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\credui.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\adsldpc.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\iphlpapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\mprapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\tsappcmp.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\inetmib1.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rtutils.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wsock32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\snmpapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wtsapi32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rassapi.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (SBAMSvc) -- C:\Program Files\Sunbelt Software\SBEAgent\SBAMSvc.exe (Sunbelt Software)
SRV - (SBPIMSvc) -- C:\Program Files\Sunbelt Software\SBEAgent\SBPIMSvc.exe (Sunbelt Software)
SRV - (VSNAPVSS) -- C:\WINDOWS\system32\vsnapvss.exe (StorageCraft Technology Corporation)
SRV - (ShadowProtectSvc) -- D:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe (StorageCraft Technology Corporation)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (VMUpgradeHelper) -- C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe (VMware, Inc.)
SRV - (VMTools) -- C:\Program Files\VMware\VMware Tools\vmtoolsd.exe (VMware, Inc.)
SRV - (VMware Physical Disk Helper Service) -- C:\Program Files\VMware\VMware Tools\vmacthlp.exe (VMware, Inc.)
SRV - (TPVCGateway) -- C:\Program Files\VMware\VMware Tools\TPVCGateway.exe (ThinPrint GmbH)
SRV - (TPAutoConnSvc) -- C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe (ThinPrint AG)
SRV - (Sunbelt Software Enterprise Service) -- C:\Program Files\Sunbelt Software\Enterprise\EnterpriseService.exe (Sunbelt Software)
SRV - (TFPunchProcessQueue) -- c:\Inetpub\wwwroot\qqest\Utilities\TFProcessingQueue.exe (Qqest Software Systems)
SRV - (DNS) -- C:\WINDOWS\system32\dns.exe (Microsoft Corporation)
SRV - (TFPunches) -- c:\Inetpub\wwwroot\qqest\Utilities\TimeForcePunches.exe (Qqest Software Systems)
SRV - (ServiceTimeForce) -- c:\Inetpub\wwwroot\qqest\Utilities\TimeForceServices.exe (Qqest Software Systems)
SRV - (ClockLink) -- C:\Program Files\Qqest Software Systems\TimeForce\ClockLink\ClockLinkService.exe (Qqest Software Systems)
SRV - (NtFrs) -- C:\WINDOWS\system32\ntfrs.exe (Microsoft Corporation)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (Dfs) -- C:\WINDOWS\system32\dfssvc.exe (Microsoft Corporation)
SRV - (LicenseService) -- C:\WINDOWS\system32\llssrv.exe (Microsoft Corporation)
SRV - (RSoPProv) -- C:\WINDOWS\system32\rsopprov.exe (Microsoft Corporation)
SRV - (TrkSvr) -- C:\WINDOWS\system32\trksvr.dll (Microsoft Corporation)
SRV - (IsmServ) -- C:\WINDOWS\system32\ismserv.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (sacsvr) -- C:\WINDOWS\system32\sacsvr.dll (Microsoft Corporation)
SRV - (Tssdis) -- C:\WINDOWS\system32\tssdis.exe (Microsoft Corporation)
SRV - (TermServLicensing) -- C:\WINDOWS\system32\lserver.exe (Microsoft Corporation)
SRV - (omsad) -- C:\Program Files\Dell\OpenManage\oma\bin\omsad32.exe (Dell Inc.)
SRV - (Server Administrator) -- C:\Program Files\Dell\OpenManage\iws\bin\win32\omaws32.exe (Dell Computer Corporation)
SRV - (ASANYs_VWPM) -- C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.)
SRV - (dcevt32) -- C:\Program Files\Dell\OpenManage\dataeng\bin\dcevt32.exe (Dell Inc.)
SRV - (dcstor32) -- C:\Program Files\Dell\OpenManage\dataeng\bin\dcstor32.exe (Dell Inc.)
SRV - (WinVNC4) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
SRV - (BackupExecRPCService) -- D:\Program Files\VERITAS\Backup Exec\NT\beserver.exe (VERITAS Software Corporation)
SRV - (BackupExecJobEngine) -- D:\Program Files\VERITAS\Backup Exec\NT\bengine.exe (VERITAS Software Corporation)
SRV - (BackupExecAgentAccelerator) -- D:\Program Files\VERITAS\Backup Exec\NT\beremote.exe (VERITAS Software Corporation)
SRV - (BackupExecAgentBrowser) -- D:\Program Files\VERITAS\Backup Exec\NT\benetns.exe (VERITAS Software Corporation)
SRV - (BackupExecNamingService) -- D:\Program Files\VERITAS\Backup Exec\NT\benser.exe (VERITAS Software Corporation)
SRV - (BackupExecDeviceMediaService) -- D:\Program Files\VERITAS\Backup Exec\NT\pvlsvr.exe (VERITAS Software Corporation)
SRV - (ECM Service) ExecView Communication Module (ECM) -- D:\program files\VERITAS\Backup Exec\NT\ECM\ECM.exe (VERITAS Software Corporation)
SRV - (Intel Alert Originator) -- C:\WINDOWS\system32\AMS_II\IAO.EXE (IntelŽ Corporation)
SRV - (Intel Alert Handler) -- C:\WINDOWS\system32\AMS_II\HNDLRSVC.EXE (IntelŽ Corporation)
SRV - (Intel File Transfer) -- C:\WINDOWS\system32\CBA\XFR.EXE (IntelŽ Corporation)
SRV - (VWPMRapidServices) -- F:\VWPM\srvany.exe ()


========== Driver Services (SafeList) ==========

DRV - (SDTHelper) -- C:\Documents and Settings\Administrator\Desktop\Radix\sdthlpr.sys File not found
DRV - (MEMSWEEP2) -- C:\WINDOWS\System32\4E.tmp File not found
DRV - (IpInIp) -- C:\WINDOWS\System32\DRIVERS\ipinip.sys File not found
DRV - (vmscsi) -- C:\WINDOWS\System32\DRIVERS\vmscsi.sys (VMware, Inc.)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (hcore32) -- C:\WINDOWS\System32\drivers\hcore32.sys ()
DRV - (SbTis) -- C:\WINDOWS\system32\drivers\sbtis.sys (Sunbelt Software, Inc.)
DRV - (stcvsm) -- C:\WINDOWS\System32\drivers\stcvsm.sys (StorageCraft Technology Corporation)
DRV - (sbmount) -- C:\WINDOWS\System32\drivers\sbmount.sys (StorageCraft Technology Corporation)
DRV - (sbapifs) -- C:\WINDOWS\system32\drivers\sbapifs.sys (Sunbelt Software)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (SAVRKBootTasks) -- C:\WINDOWS\system32\SAVRKBootTasks.sys (Sophos Plc)
DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREDrv.sys (Sunbelt Software)
DRV - (LGTO_Sync) -- C:\WINDOWS\system32\drivers\lgtosync.sys (VMware, Inc.)
DRV - (VMMEMCTL) -- C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys (VMware, Inc.)
DRV - (vmdebug) -- C:\WINDOWS\system32\drivers\vmdebug.sys (VMware, Inc.)
DRV - (vmxnet) -- C:\WINDOWS\system32\drivers\vmxnet.sys (VMware, Inc.)
DRV - (vmmouse) -- C:\WINDOWS\system32\drivers\vmmouse.sys (VMware, Inc.)
DRV - (vmx_svga) -- C:\WINDOWS\system32\drivers\vmx_svga.sys (VMware, Inc.)
DRV - (vmci) -- C:\WINDOWS\system32\drivers\vmci.sys (VMware, Inc.)
DRV - (ql2300) -- C:\WINDOWS\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (afcnt) -- C:\WINDOWS\system32\DRIVERS\afcnt.sys (Agilent Technologies)
DRV - (WLBS) -- C:\WINDOWS\system32\drivers\wlbs.sys (Microsoft Corporation)
DRV - (ql2200) -- C:\WINDOWS\system32\DRIVERS\ql2200.sys (QLogic Corporation)
DRV - (adpu320) -- C:\WINDOWS\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (ql2100) -- C:\WINDOWS\system32\DRIVERS\ql2100.sys (QLogic Corporation)
DRV - (lp6nds35) -- C:\WINDOWS\system32\DRIVERS\lp6nds35.sys (Emulex Corporation)
DRV - (cpqfcalm) -- C:\WINDOWS\system32\DRIVERS\cpqfcalm.sys (Hewlett-Packard Company)
DRV - (ClusDisk) -- C:\WINDOWS\system32\drivers\clusdisk.sys (Microsoft Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (symmpi) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (arc) -- C:\WINDOWS\System32\drivers\arc.sys (Adaptec, Inc.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (hpt3xx) -- C:\WINDOWS\system32\DRIVERS\hpt3xx.sys (HighPoint Technologies, Inc.)
DRV - (nfrd960) -- C:\WINDOWS\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (DfsDriver) -- C:\WINDOWS\system32\drivers\Dfs.sys (Microsoft Corporation)
DRV - (iirsp) -- C:\WINDOWS\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (ipsraidn) -- C:\WINDOWS\system32\DRIVERS\ipsraidn.sys (IBM Corporation)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (LSI Logic Corporation)
DRV - (dpti2o) -- C:\WINDOWS\system32\DRIVERS\dpti2o.sys (Adaptec, Inc.)
DRV - (hpcisss) -- C:\WINDOWS\System32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (dellcerc) -- C:\WINDOWS\system32\DRIVERS\dellcerc.sys (LSI Logic Corporation)
DRV - (cpqcissm) -- C:\WINDOWS\system32\DRIVERS\cpqcissm.sys (Hewlett-Packard Company)
DRV - (Cpqarray) -- C:\WINDOWS\system32\DRIVERS\cpqarray.sys (Hewlett-Packard Company)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (cpqarry2) -- C:\WINDOWS\system32\DRIVERS\cpqarry2.sys (Hewlett-Packard Company)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (PORTACCESSOR) -- C:\Program Files\Dell\OpenManage\oldiags\packages\portaccessor.sys (Dell Computer Corporation.)
DRV - (dcdipm) -- C:\WINDOWS\system32\drivers\dcdipm32.sys (Dell Inc.)
DRV - (dcdbas) -- C:\WINDOWS\system32\DRIVERS\dcdbas32.sys (Dell Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
DRV - (Blfp) -- C:\WINDOWS\system32\drivers\baspxp32.sys (Broadcom Corporation)
DRV - (4mmdat--VRTS) -- C:\WINDOWS\system32\drivers\04mmdat.sys (VERITAS Software)
DRV - (pvdatw2k) -- C:\WINDOWS\system32\drivers\pvdatw2k.sys (Seagate Removable Storage Solutions, LLC)
DRV - (amdagp8p) -- C:\WINDOWS\system32\DRIVERS\amdagp8p.sys (Advanced Micro Devices, Inc.)
DRV - (ati2mpad) -- C:\WINDOWS\system32\drivers\ati2mpad.sys (ATI Technologies Inc.)
DRV - (SCSIChanger) -- C:\WINDOWS\system32\drivers\SCSICHNG.SYS (VERITAS Software)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = res://shdoclc.dll/softAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.9

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/10/13 13:08:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: d:\Program Files\Mozilla Firefox\components [2010/10/06 04:03:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: d:\Program Files\Mozilla Firefox\plugins [2010/10/06 04:03:35 | 000,000,000 | ---D | M]

[2010/04/16 22:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/04/16 22:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/10/24 19:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\laru0dtt.default\extensions
[2010/10/24 19:09:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\laru0dtt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

O1 HOSTS File: ([2010/10/07 03:38:22 | 000,421,609 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14540 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [PRONoMgrWired] c:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [VMware Tools] C:\Program Files\VMware\VMware Tools\VMwareTray.exe (VMware, Inc.)
O4 - HKLM..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser.exe (VMware, Inc.)
O4 - HKLM..\Run: [VxTaskbarMgr] D:\program files\VERITAS\VxUpdate\VxTaskbarMgr.exe (VERITAS Software Corporation)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DBISQL9] C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe (iAnywhere Solutions, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] d:\program files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SybaseCentral43] C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe ()
O4 - HKCU..\RunOnce: [*LogMeInRescue_3154309446] C:\Documents and Settings\Administrator\WINDOWS\LMI2B.tmp\lmi_rescue.exe (LogMeIn, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\program files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll (VMware, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1286431376281 (WUWebControl Class)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domain.local
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\windows\explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - C:\WINDOWS\System32\TPSvc.dll (ThinPrint AG)
O20 - Winlogon\Notify\VMUpgradeAtShutdown: DllName - VMUpgradeAtShutdownWXP.dll - C:\WINDOWS\System32\VMUpgradeAtShutdownWXP.dll (VMware, Inc.)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (pwdssp.dll) - C:\WINDOWS\System32\pwdssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/05 14:03:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\##nick#k\Shell - "" = AutoRun
O33 - MountPoints2\##nick#k\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##nick#k\Shell\AutoRun\command - "" = Z:\Get_Started_for_Win.exe -- File not found
O33 - MountPoints2\{e545845a-a1ec-11dd-9d98-0011435a73b6}\Shell - "" = AutoRun
O33 - MountPoints2\{e545845a-a1ec-11dd-9d98-0011435a73b6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e545845a-a1ec-11dd-9d98-0011435a73b6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/24 19:14:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/24 18:08:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/10/14 10:59:10 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SAVRKBootTasks.sys
[2010/10/14 08:01:18 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll
[2010/10/14 07:51:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/10/14 07:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/10/14 07:04:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pavark
[2010/10/14 06:49:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Hypersight
[2010/10/14 06:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\Hypersight
[2010/10/14 06:35:40 | 000,102,800 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/10/13 13:21:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/13 13:10:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/10/13 13:03:56 | 003,601,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/10/13 13:03:56 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dat
[2010/10/13 13:03:56 | 001,168,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/10/13 13:03:56 | 000,832,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/10/13 13:03:56 | 000,634,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2010/10/13 13:03:56 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2010/10/13 13:03:56 | 000,468,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010/10/13 13:03:56 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2010/10/13 13:03:56 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2010/10/13 13:03:56 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2010/10/13 13:03:56 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2010/10/13 13:03:56 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2010/10/13 13:03:56 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010/10/13 13:03:56 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/10/13 13:03:56 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2010/10/13 13:03:56 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2010/10/13 13:03:56 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2010/10/13 13:03:56 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010/10/13 13:03:56 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2010/10/13 13:03:56 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2010/10/13 13:03:56 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2010/10/13 13:03:56 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010/10/13 13:03:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2010/10/13 13:03:47 | 006,075,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/10/13 13:03:47 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2010/10/13 13:03:47 | 000,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2010/10/13 13:03:47 | 000,468,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/10/13 13:03:47 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2010/10/13 13:03:47 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/10/13 13:03:47 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2010/10/13 13:03:47 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/10/13 13:03:47 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2010/10/13 13:03:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/10/13 13:03:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2010/10/13 13:03:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2010/10/13 13:03:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2010/10/13 12:54:27 | 000,647,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2010/10/13 12:30:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Simply Super Software
[2010/10/13 12:27:50 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe
[2010/10/13 12:27:24 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2010/10/13 12:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/10/13 12:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/10/13 12:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Simply Super Software
[2010/10/13 12:22:18 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/10/07 23:19:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/10/07 23:19:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/07 23:19:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/07 23:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/07 23:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/07 20:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
[2010/10/07 20:13:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2010/10/07 03:21:02 | 000,016,432 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmx_mode.dll
[2010/10/07 03:21:01 | 000,218,288 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmx_fb.dll
[2010/10/07 03:21:01 | 000,061,872 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmci.sys
[2010/10/07 03:21:01 | 000,028,080 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmx_svga.sys
[2010/10/07 03:20:54 | 000,036,400 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\lgtosync.sys
[2010/10/07 03:20:54 | 000,030,000 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmxnet.sys
[2010/10/07 03:20:53 | 000,011,440 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmmouse.sys
[2010/10/07 03:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2010/10/07 03:01:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/10/07 02:58:57 | 000,174,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xenrx86.dll
[2010/10/07 02:58:56 | 000,506,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xenria64.dll
[2010/10/07 02:58:53 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmswmiproppage.dll
[2010/10/07 02:58:52 | 001,150,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmswizardres.dll
[2010/10/07 02:58:52 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmswizard.exe
[2010/10/07 02:58:51 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsunicastsinkproppage.dll
[2010/10/07 02:58:51 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmssrvmk.dll
[2010/10/07 02:58:51 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmssnmp.dll
[2010/10/07 02:58:50 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsservertypelib.dll
[2010/10/07 02:58:50 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsserverupgrade.exe
[2010/10/07 02:58:50 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsserverresourceres.dll
[2010/10/07 02:58:49 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsserverresource.dll
[2010/10/07 02:58:49 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsserverconfig.exe
[2010/10/07 02:58:44 | 003,166,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsserver.dll
[2010/10/07 02:58:44 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsscriptproppage.dll
[2010/10/07 02:58:43 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsplaylistres.dll
[2010/10/07 02:58:43 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmspluginres.dll
[2010/10/07 02:58:42 | 000,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsplaylist.dll
[2010/10/07 02:58:42 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsperfmon.exe
[2010/10/07 02:58:42 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsperf.dll
[2010/10/07 02:58:41 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsnetworkdatasourceproppage.dll
[2010/10/07 02:58:41 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsmulticastsinkproppage.dll
[2010/10/07 02:58:40 | 001,852,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsmonitorres.dll
[2010/10/07 02:58:40 | 000,546,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsmonitor.dll
[2010/10/07 02:58:39 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmslogproppages.dll
[2010/10/07 02:58:39 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsipaccessproppage.dll
[2010/10/07 02:58:39 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsiphlp.dll
[2010/10/07 02:58:39 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmslf.dll
[2010/10/07 02:58:38 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmshttpcontrolproppage.dll
[2010/10/07 02:58:38 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmshttpauthenproppage.dll
[2010/10/07 02:58:38 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsiislog.dll
[2010/10/07 02:58:38 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmshttpsyscfg.exe
[2010/10/07 02:58:35 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmserror.dll
[2010/10/07 02:58:35 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmseditor.exe
[2010/10/07 02:58:35 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmserver.exe
[2010/10/07 02:58:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmserr.dll
[2010/10/07 02:58:34 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsbrowse.dll
[2010/10/07 02:58:34 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdigestauthenproppage.dll
[2010/10/07 02:58:34 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsbrowseres.dll
[2010/10/07 02:58:33 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsadminres.dll
[2010/10/07 02:58:33 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsarchivesinkv1proppage.dll
[2010/10/07 02:58:33 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsanonauthenproppage.dll
[2010/10/07 02:58:33 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsaspadmin.dll
[2010/10/07 02:58:32 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsadmin.dll
[2010/10/07 02:58:32 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsaclcheckproppage.dll
[2010/10/07 02:58:32 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsactscrpt.dll
[2010/10/07 02:58:31 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmilistener.dll
[2010/10/07 02:58:30 | 000,651,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winssnap.dll
[2010/10/07 02:58:30 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2010/10/07 02:58:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmibridge.dll
[2010/10/07 02:58:29 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2010/10/07 02:58:29 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2010/10/07 02:58:29 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wins.exe
[2010/10/07 02:58:29 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsevnt.dll
[2010/10/07 02:58:29 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpop.exe
[2010/10/07 02:58:29 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsmib.dll
[2010/10/07 02:58:29 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsctrs.dll
[2010/10/07 02:58:28 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdsutil.exe
[2010/10/07 02:58:28 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2010/10/07 02:58:28 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2010/10/07 02:58:28 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2010/10/07 02:58:27 | 001,106,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdsmmc.dll
[2010/10/07 02:58:27 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdssrv.dll
[2010/10/07 02:58:27 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdspxe.dll
[2010/10/07 02:58:25 | 000,569,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdsmgmt.dll
[2010/10/07 02:58:24 | 000,349,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdsimage.dll
[2010/10/07 02:58:24 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdsigsv.dll
[2010/10/07 02:58:24 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdscsl.dll
[2010/10/07 02:58:22 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2010/10/07 02:58:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2010/10/07 02:58:20 | 000,197,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W98_unidrv.dll
[2010/10/07 02:58:20 | 000,197,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W95_unidrv.dll
[2010/10/07 02:58:20 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2010/10/07 02:58:20 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2010/10/07 02:58:19 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2010/10/07 02:58:19 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2010/10/07 02:58:19 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2010/10/07 02:58:18 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2010/10/07 02:58:17 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2010/10/07 02:58:17 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tftpd.exe
[2010/10/07 02:58:03 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmtest.exe
[2010/10/07 02:58:03 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2010/10/07 02:58:02 | 000,359,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2010/10/07 02:58:02 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2010/10/07 02:58:02 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2010/10/07 02:58:02 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2010/10/07 02:58:02 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2010/10/07 02:58:02 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2010/10/07 02:58:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snprfdll.dll
[2010/10/07 02:58:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2010/10/07 02:58:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2010/10/07 02:58:01 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2010/10/07 02:58:01 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2010/10/07 02:58:01 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2010/10/07 02:58:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpctrs.dll
[2010/10/07 02:58:01 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2010/10/07 02:58:01 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2010/10/07 02:58:00 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sis.sys
[2010/10/07 02:58:00 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smef.dll
[2010/10/07 02:58:00 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2010/10/07 02:57:59 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seva.dll
[2010/10/07 02:57:59 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setupcl.exe
[2010/10/07 02:57:59 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seos.dll
[2010/10/07 02:57:59 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_strap.exe
[2010/10/07 02:57:58 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwiisext.dll
[2010/10/07 02:57:58 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwengb.dll
[2010/10/07 02:57:58 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwcmd.exe
[2010/10/07 02:57:58 | 000,056,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrdx86.dll
[2010/10/07 02:57:58 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwhlp.dll
[2010/10/07 02:57:58 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwauditext.dll
[2010/10/07 02:57:58 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwsddlanalysis.dll
[2010/10/07 02:57:58 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scwviewer.exe
[2010/10/07 02:57:58 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scss.exe
[2010/10/07 02:57:58 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scshost.exe
[2010/10/07 02:57:57 | 000,147,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrdia64.dll
[2010/10/07 02:57:57 | 000,067,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrdw2k.dll
[2010/10/07 02:57:57 | 000,056,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrdenrl.dll
[2010/10/07 02:57:57 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rqs.exe
[2010/10/07 02:57:57 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2010/10/07 02:57:57 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rqsinst.dll
[2010/10/07 02:57:56 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\riprep.exe
[2010/10/07 02:57:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\risetup.exe
[2010/10/07 02:57:56 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regtrace.exe
[2010/10/07 02:57:55 | 000,299,008 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\rbfg.exe
[2010/10/07 02:57:55 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2010/10/07 02:57:54 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3snap.dll
[2010/10/07 02:57:54 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2010/10/07 02:57:54 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3auth.dll
[2010/10/07 02:57:54 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3svc.exe
[2010/10/07 02:57:54 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3msg.dll
[2010/10/07 02:57:54 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3perf.dll
[2010/10/07 02:57:54 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pop3evt.dll
[2010/10/07 02:57:51 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2010/10/07 02:57:51 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\playlisttransformproppage.dll
[2010/10/07 02:57:33 | 000,535,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2010/10/07 02:57:26 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2010/10/07 02:57:25 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oschoice.exe
[2010/10/07 02:57:25 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\p3admin.dll
[2010/10/07 02:57:25 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2010/10/07 02:57:25 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\owsrmadm.exe
[2010/10/07 02:57:25 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\p3store.dll
[2010/10/07 02:57:25 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\owsadm.exe
[2010/10/07 02:57:25 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2010/10/07 02:57:25 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2010/10/07 02:57:25 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2010/10/07 02:57:25 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2010/10/07 02:57:23 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntfsdrv.dll
[2010/10/07 02:57:22 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nntpsvc.dll
[2010/10/07 02:57:22 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nntpfs.dll
[2010/10/07 02:57:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nntpctrs.dll
[2010/10/07 02:57:22 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsneterr.dll
[2010/10/07 02:57:21 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2010/10/07 02:57:21 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\namespace.dll
[2010/10/07 02:57:20 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_msvcp60.dll
[2010/10/07 02:57:20 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2010/10/07 02:57:20 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\muisetup.exe
[2010/10/07 02:57:18 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2010/10/07 02:57:18 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2010/10/07 02:57:17 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll
[2010/10/07 02:57:14 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2010/10/07 02:57:11 | 000,118,784 | ---- | C] ( ) -- C:\WINDOWS\System32\dllcache\microsoft.windowsmediaservices.dll
[2010/10/07 02:57:11 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mailmsg.dll
[2010/10/07 02:57:10 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2010/10/07 02:57:10 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2010/10/07 02:57:10 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2010/10/07 02:57:07 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2010/10/07 02:57:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2010/10/07 02:57:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2010/10/07 02:57:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2010/10/07 02:57:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2010/10/07 02:57:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2010/10/07 02:57:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2010/10/07 02:57:06 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2010/10/07 02:57:06 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2010/10/07 02:57:06 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2010/10/07 02:57:06 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2010/10/07 02:57:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2010/10/07 02:57:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2010/10/07 02:57:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2010/10/07 02:57:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2010/10/07 02:57:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2010/10/07 02:57:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2010/10/07 02:57:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2010/10/07 02:57:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2010/10/07 02:57:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2010/10/07 02:57:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2010/10/07 02:57:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2010/10/07 02:57:05 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2010/10/07 02:57:04 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2010/10/07 02:57:04 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isrpc.dll
[2010/10/07 02:56:58 | 001,499,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_instmsiw.exe
[2010/10/07 02:56:58 | 001,489,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_instmsia.exe
[2010/10/07 02:56:58 | 000,069,632 | ---- | C] ( ) -- C:\WINDOWS\System32\dllcache\interop_msxml.dll
[2010/10/07 02:56:57 | 000,394,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2010/10/07 02:56:57 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2010/10/07 02:56:57 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2010/10/07 02:56:57 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2010/10/07 02:56:48 | 009,206,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpzp.dic
[2010/10/07 02:56:48 | 000,854,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjptk.dic
[2010/10/07 02:56:48 | 000,234,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2010/10/07 02:56:48 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2010/10/07 02:56:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2010/10/07 02:56:27 | 014,694,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpst.dic
[2010/10/07 02:56:27 | 000,137,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpsb.dic
[2010/10/07 02:56:27 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2010/10/07 02:56:15 | 010,660,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpnm.dic
[2010/10/07 02:56:15 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2010/10/07 02:56:14 | 000,993,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpln.dic
[2010/10/07 02:56:14 | 000,815,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpgn.grm
[2010/10/07 02:56:14 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/10/07 02:56:13 | 000,695,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2010/10/07 02:56:13 | 000,647,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2010/10/07 02:56:13 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2010/10/07 02:56:13 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2010/10/07 02:56:13 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcd.dic
[2010/10/07 02:56:13 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2010/10/07 02:56:13 | 000,055,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpch.dic
[2010/10/07 02:56:13 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2010/10/07 02:56:13 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2010/10/07 02:56:12 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2010/10/07 02:56:12 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2010/10/07 02:56:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2010/10/07 02:56:11 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2010/10/07 02:56:11 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2010/10/07 02:56:11 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2010/10/07 02:56:11 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2010/10/07 02:55:56 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2010/10/07 02:55:38 | 011,091,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/10/07 02:55:25 | 010,100,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2010/10/07 02:55:24 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\grovel.exe
[2010/10/07 02:55:24 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2010/10/07 02:55:24 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2010/10/07 02:55:24 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\grovmsg.dll
[2010/10/07 02:55:23 | 000,405,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsxp32.dll
[2010/10/07 02:55:23 | 000,398,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2010/10/07 02:55:23 | 000,398,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsxp32.dll
[2010/10/07 02:55:22 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2010/10/07 02:55:22 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxstiff.dll
[2010/10/07 02:55:22 | 000,387,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxstiff.dll
[2010/10/07 02:55:22 | 000,269,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2010/10/07 02:55:22 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2010/10/07 02:55:22 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2010/10/07 02:55:22 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsui.dll
[2010/10/07 02:55:22 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2010/10/07 02:55:22 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxswzrd.dll
[2010/10/07 02:55:22 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxswzrd.dll
[2010/10/07 02:55:22 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30p.dll
[2010/10/07 02:55:21 | 000,737,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2010/10/07 02:55:21 | 000,561,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2010/10/07 02:55:21 | 000,102,400 | ---- | C] (Installshield Software Corporation ) -- C:\WINDOWS\System32\dllcache\FXS_setup.exe
[2010/10/07 02:55:21 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2010/10/07 02:55:21 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsrtmtd.dll
[2010/10/07 02:55:21 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2010/10/07 02:55:21 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxssend.exe
[2010/10/07 02:55:21 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxssend.exe
[2010/10/07 02:55:20 | 000,737,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsres.dll
[2010/10/07 02:55:20 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2010/10/07 02:55:20 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsdrv32.dll
[2010/10/07 02:55:20 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsext32.dll
[2010/10/07 02:55:20 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2010/10/07 02:55:20 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2010/10/07 02:55:20 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsext32.dll
[2010/10/07 02:55:20 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2010/10/07 02:55:20 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\NT4_fxsdrv4.dll
[2010/10/07 02:55:20 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2010/10/07 02:55:19 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2010/10/07 02:55:19 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2010/10/07 02:55:19 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxscover.exe
[2010/10/07 02:55:19 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxscover.exe
[2010/10/07 02:55:19 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2010/10/07 02:55:18 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2010/10/07 02:55:18 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsclnt.exe
[2010/10/07 02:55:18 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsclnt.exe
[2010/10/07 02:55:18 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsclntr.dll
[2010/10/07 02:55:18 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2010/10/07 02:55:18 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsclntr.dll
[2010/10/07 02:55:18 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2010/10/07 02:55:17 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\W9X_fxsapi.dll
[2010/10/07 02:55:17 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2010/10/07 02:55:17 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_fxsapi.dll
[2010/10/07 02:55:17 | 000,466,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\NT4_fxsapi.dll
[2010/10/07 02:55:17 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsadmin.dll
[2010/10/07 02:55:17 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsvc2.dll
[2010/10/07 02:55:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2010/10/07 02:55:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2010/10/07 02:55:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2010/10/07 02:55:16 | 000,027,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2010/10/07 02:55:15 | 001,383,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp5awel.dll
[2010/10/07 02:55:15 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp5avss.dll
[2010/10/07 02:55:14 | 000,944,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp5autl.dll
[2010/10/07 02:55:14 | 000,142,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp5amsft.dll
[2010/10/07 02:55:13 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2010/10/07 02:55:13 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2010/10/07 02:55:13 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fcachdll.dll
[2010/10/07 02:55:13 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2010/10/07 02:55:13 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2010/10/07 02:55:10 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddrop.dll
[2010/10/07 02:55:09 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2010/10/07 02:55:08 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\complianceextensions.dll
[2010/10/07 02:55:08 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2010/10/07 02:55:07 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2010/10/07 02:55:07 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cleanri.exe
[2010/10/07 02:55:06 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2010/10/07 02:55:05 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2010/10/07 02:55:05 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2010/10/07 02:55:05 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2010/10/07 02:55:04 | 000,841,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2010/10/07 02:55:03 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2010/10/07 02:55:03 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2010/10/07 02:55:02 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certsrv.exe
[2010/10/07 02:55:02 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certdb.dll
[2010/10/07 02:55:02 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certenc.dll
[2010/10/07 02:55:02 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2010/10/07 02:55:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2010/10/07 02:55:00 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsmgr.dll
[2010/10/07 02:55:00 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitssrv.dll
[2010/10/07 02:54:58 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asfarchiver.dll
[2010/10/07 02:54:57 | 000,501,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2010/10/07 02:54:57 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqadmin.dll
[2010/10/07 02:54:57 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2010/10/07 02:54:56 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2010/10/07 02:54:56 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2010/10/07 02:54:56 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2010/10/07 02:54:56 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2010/10/07 02:54:56 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2010/10/07 02:54:56 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiisex.dll
[2010/10/07 02:54:55 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2010/10/07 02:54:53 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2010/10/07 02:54:51 | 000,254,005 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_msvcrt.dll
[2010/10/07 02:54:49 | 001,163,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_mfc42u.dll
[2010/10/07 02:54:37 | 001,160,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\FXS_mfc42.dll
[2010/10/07 02:54:33 | 000,400,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2010/10/07 02:54:33 | 000,199,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2010/10/07 02:54:32 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2010/10/07 02:54:32 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2010/10/07 02:54:32 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2010/10/07 02:54:32 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2010/10/07 02:54:32 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2010/10/07 02:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/10/07 02:46:33 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\battc.sys
[2010/10/07 02:45:44 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010/10/07 02:45:44 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010/10/07 02:27:52 | 000,421,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/10/07 02:27:27 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kerberos.dll
[2010/10/07 02:27:27 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdigest.dll
[2010/10/07 02:27:27 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\secur32.dll
[2010/10/07 02:23:23 | 002,488,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/10/07 02:23:23 | 002,340,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/10/07 02:23:23 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sc.exe
[2010/10/07 02:23:22 | 002,449,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/10/07 02:23:22 | 002,300,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/10/07 02:22:26 | 000,583,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010/10/07 02:19:15 | 002,854,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msi.dll
[2010/10/07 02:19:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/10/07 02:03:24 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2010/10/07 02:03:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/10/07 00:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/10/07 00:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn
[2010/10/06 23:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/10/06 22:41:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSVOL
[2010/10/06 22:41:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\NTDS
[2010/10/06 22:24:05 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2010/10/06 22:24:05 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2010/10/06 18:21:51 | 000,011,026 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmscsi.sys
[2010/10/06 18:21:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\$Reconfig$
[2010/10/06 03:31:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\VAMT2
[2010/10/06 01:35:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\vmware-converter-install-pgtvcuszkzkrokyd
[2010/10/05 23:30:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\vmware-converter-install-bkajscfpvizwydvg
[2010/10/05 21:27:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\vmware-converter-install-mczqxfzlwfxdqqkv
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/24 20:23:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3018655958-1258357186-3169496164-500UA.job
[2010/10/24 19:20:47 | 000,845,018 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/24 19:20:47 | 000,199,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/24 19:17:24 | 000,000,600 | ---- | M] () -- C:\WINDOWS\PUTTY.RND
[2010/10/24 19:17:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/24 19:16:35 | 000,000,923 | ---- | M] () -- C:\WINDOWS\TimeForce.ini
[2010/10/24 19:15:59 | 000,000,183 | ---- | M] () -- C:\WINDOWS\ClockLinkService.ini
[2010/10/24 19:15:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/24 18:08:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/10/24 18:07:52 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RKUnhookerLE.EXE
[2010/10/24 01:23:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3018655958-1258357186-3169496164-500Core.job
[2010/10/23 22:30:00 | 000,000,218 | ---- | M] () -- C:\WINDOWS\tasks\backupscript.job
[2010/10/21 19:23:47 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2010/10/21 19:23:47 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/18 01:18:04 | 000,065,536 | ---- | M] () -- C:\WINDOWS\NETLOGON.CHG
[2010/10/14 08:02:36 | 000,003,470 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/14 06:52:43 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/10/14 06:35:40 | 000,102,800 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/10/14 05:20:00 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/14 05:04:39 | 000,008,680 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/10/14 04:58:20 | 000,262,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/13 12:28:48 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/13 12:28:26 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe
[2010/10/13 12:27:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2010/10/07 03:38:22 | 000,421,609 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/07 03:20:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/10/07 02:59:28 | 000,000,316 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/10/07 02:54:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/10/07 02:54:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/10/07 02:54:12 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/10/07 02:54:07 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/10/07 02:54:07 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/10/07 02:54:05 | 000,004,272 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/07 02:53:25 | 000,001,411 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Security Configuration Wizard.lnk
[2010/10/07 02:51:36 | 000,022,756 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/10/07 02:50:21 | 000,000,208 | -HS- | M] () -- C:\boot.ini
[2010/10/07 02:49:23 | 000,002,492 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/10/07 02:25:18 | 000,003,672 | ---- | M] () -- C:\WINDOWS\ominstal.db
[2010/10/07 00:23:12 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/10/06 23:00:04 | 000,001,914 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VIPRE Enterprise.lnk
[2010/10/06 22:37:12 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\Administrator\.scUserPreferences43
[2010/10/06 18:21:51 | 000,011,026 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmscsi.sys
[2010/10/05 14:39:32 | 000,001,194 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
[2010/10/05 12:45:42 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll.000.bak
[2010/10/05 12:45:42 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll.000.bak
[2010/10/01 08:58:32 | 000,004,096 | -HS- | M] () -- C:\VSM000.IDX
[2010/09/27 14:50:44 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2010/09/27 14:49:18 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2010/09/27 14:49:18 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/24 18:09:04 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RKUnhookerLE.EXE
[2010/10/14 06:49:30 | 000,177,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\hcore32.sys
[2010/10/13 12:28:48 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/13 12:27:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2010/10/13 12:27:24 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/10/13 12:27:24 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/10/13 12:27:24 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/10/13 12:27:24 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/10/07 20:16:20 | 000,002,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2010/10/07 20:16:20 | 000,002,322 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/07 20:13:57 | 000,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3018655958-1258357186-3169496164-500UA.job
[2010/10/07 20:13:57 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3018655958-1258357186-3169496164-500Core.job
[2010/10/07 03:21:01 | 002,275,888 | R--- | C] () -- C:\WINDOWS\System32\vmwogl32.dll
[2010/10/07 03:18:41 | 000,001,374 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2010/10/07 02:58:18 | 001,413,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgs.imd
[2010/10/07 02:58:18 | 000,455,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgl.imd
[2010/10/07 02:58:18 | 000,171,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgc.imd
[2010/10/07 02:57:57 | 000,006,331 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rsess.vbs
[2010/10/07 02:57:56 | 000,026,417 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rfeed.vbs
[2010/10/07 02:57:56 | 000,012,400 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rgroup.vbs
[2010/10/07 02:57:56 | 000,011,781 | ---- | C] () -- C:\WINDOWS\System32\dllcache\regfilt.vbs
[2010/10/07 02:57:56 | 000,010,571 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rexpire.vbs
[2010/10/07 02:57:55 | 000,003,912 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rcancel.vbs
[2010/10/07 02:57:34 | 010,011,497 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgs.imd
[2010/10/07 02:57:34 | 000,733,292 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgr.imd
[2010/10/07 02:57:33 | 000,208,744 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgl.imd
[2010/10/07 02:57:31 | 001,004,904 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgix.imd
[2010/10/07 02:57:30 | 000,948,656 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgi.imd
[2010/10/07 02:57:28 | 000,867,242 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgdx.imd
[2010/10/07 02:57:26 | 000,825,038 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgd.imd
[2010/10/07 02:57:26 | 000,487,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsk.dic
[2010/10/07 02:57:26 | 000,188,140 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgc.imd
[2010/10/07 02:57:26 | 000,174,803 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsd.dic
[2010/10/07 02:57:25 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/10/07 02:57:08 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/10/07 02:56:57 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/10/07 02:56:11 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/10/07 02:55:24 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/10/07 02:55:16 | 000,100,936 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/10/07 02:55:07 | 000,409,168 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgu.imd
[2010/10/07 02:55:07 | 000,102,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlguc.imd
[2010/10/07 02:55:07 | 000,102,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgsi.imd
[2010/10/07 02:55:07 | 000,001,849 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IIS_clusftp.vbs
[2010/10/07 02:55:06 | 000,427,138 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgie.imd
[2010/10/07 02:55:06 | 000,279,894 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgd.imd
[2010/10/07 02:55:06 | 000,024,080 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgl.imd
[2010/10/07 02:55:06 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgs.imd
[2010/10/07 02:55:05 | 000,543,708 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgb.imd
[2010/10/07 02:55:05 | 000,462,929 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskdic.dic
[2010/10/07 02:55:05 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/10/07 02:54:15 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/10/07 02:54:15 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/10/07 02:49:23 | 000,002,492 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2010/10/07 02:45:36 | 000,314,515 | ---- | C] () -- C:\WINDOWS\System32\dllcache\WMSocm.CAT
[2010/10/07 02:45:36 | 000,112,975 | ---- | C] () -- C:\WINDOWS\System32\dllcache\UDDI.CAT
[2010/10/07 02:45:36 | 000,082,025 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sasetup.CAT
[2010/10/07 02:45:36 | 000,071,199 | ---- | C] () -- C:\WINDOWS\System32\dllcache\adminpak.CAT
[2010/10/07 02:45:36 | 000,067,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP5.CAT
[2010/10/07 02:45:36 | 000,066,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NETFX.CAT
[2010/10/07 02:45:36 | 000,064,351 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/10/07 02:45:36 | 000,030,616 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SCW.CAT
[2010/10/07 02:45:36 | 000,023,518 | ---- | C] () -- C:\WINDOWS\System32\dllcache\admt.cat
[2010/10/07 02:45:36 | 000,022,310 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FXSCAT.CAT
[2010/10/07 02:45:36 | 000,015,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\INS.CAT
[2010/10/07 02:45:36 | 000,014,610 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/10/07 02:45:36 | 000,010,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/10/07 02:45:36 | 000,008,571 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/10/07 02:45:36 | 000,007,379 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/10/07 02:45:35 | 001,994,359 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/10/07 02:45:35 | 001,402,437 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/10/07 02:45:35 | 000,682,720 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/10/01 08:58:32 | 000,004,096 | -HS- | C] () -- C:\VSM000.IDX
[2010/03/31 09:54:31 | 001,622,022 | R--- | C] () -- C:\WINDOWS\schema.ini
[2009/10/26 10:36:52 | 000,000,183 | ---- | C] () -- C:\WINDOWS\ClockLinkService.ini
[2009/10/26 10:36:20 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2008/10/27 15:08:18 | 000,000,923 | ---- | C] () -- C:\WINDOWS\TimeForce.ini
[2008/10/24 12:15:52 | 000,163,032 | RHS- | C] () -- C:\WINDOWS\System32\dwfajl.dll
[2008/10/24 10:55:13 | 000,050,666 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/10/24 10:55:13 | 000,010,793 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/10/24 10:35:25 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/04/26 00:57:33 | 000,011,597 | ---- | C] () -- C:\WINDOWS\System32\dnsperf.ini
[2007/02/18 08:00:00 | 000,179,577 | ---- | C] () -- C:\WINDOWS\System32\schema.ini
[2007/02/18 08:00:00 | 000,024,819 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini
[2007/02/18 08:00:00 | 000,020,386 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini
[2007/02/18 08:00:00 | 000,011,817 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini
[2007/02/18 08:00:00 | 000,011,030 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini
[2007/02/18 08:00:00 | 000,005,597 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini
[2004/12/02 20:13:19 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2004/11/24 15:13:01 | 000,000,079 | ---- | C] () -- C:\WINDOWS\System32\drivers\dcesmwdm.sys
[2004/11/24 13:57:17 | 000,002,360 | ---- | C] () -- C:\WINDOWS\System32\dhcpctrs.ini
[2004/11/24 13:36:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\itgcond.dll
[2004/11/24 13:36:18 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\itg_refs.dll
[2004/11/24 13:36:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\itg_sched.dll
[2004/11/24 13:36:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\itg_night.dll
[2004/11/24 13:33:18 | 000,000,280 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/04 00:21:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/11/03 23:58:16 | 000,000,499 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/01/05 13:56:22 | 000,004,272 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/02/03 10:26:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2001/07/31 10:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

========== LOP Check ==========

[2010/03/29 13:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ntr
[2010/04/17 02:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Overlook
[2010/10/13 12:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Simply Super Software
[2010/10/07 00:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/04/17 02:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Overlook
[2010/10/13 12:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/10/24 19:17:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/16 22:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/10/23 22:30:00 | 000,000,218 | ---- | M] () -- C:\WINDOWS\Tasks\backupscript.job
[2010/10/24 12:23:00 | 000,032,604 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9291F0D

< End of report >

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:52 PM

Posted 25 October 2010 - 05:11 PM

That seems to have removed it.

Please run ESET's online scanner

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Leave the top box checked and then check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:52 PM

Posted 27 October 2010 - 07:50 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users