Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit problem, appreciate any help


  • This topic is locked This topic is locked
2 replies to this topic

#1 what a life

what a life

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 14 November 2010 - 06:27 PM

I have had a problem and thought it was removed, I have reformatted the hard drive, and reinstalled windows xp, but it will not go away.

These logs were done a hour or so ago, I believe it restores on reboot.


DDS blue screen, and nothing...

Defogger is on "disabled"




GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-14 09:49:55
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST9808210A rev.3.02
Running: thd8c3g3.exe; Driver: C:\WINDOWS\TEMP\kgnyyaoc.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Norman\Ngs\Bin\nprosec.sys (Norman Process Security Driver/Norman ASA) ZwCreateEvent [0xAAF3C99A]
SSDT \??\C:\Program Files\Norman\Ngs\Bin\nprosec.sys (Norman Process Security Driver/Norman ASA) ZwCreateFile [0xAAF3C3B8]
SSDT \??\C:\Program Files\Norman\Ngs\Bin\nprosec.sys (Norman Process Security Driver/Norman ASA) ZwCreateProcess [0xAAF3B83E]
SSDT \??\C:\Program Files\Norman\Ngs\Bin\nprosec.sys (Norman Process Security Driver/Norman ASA) ZwCreateProcessEx [0xAAF3B86E]
SSDT \??\C:\Program Files\Norman\Ngs\Bin\nprosec.sys (Norman Process Security Driver/Norman ASA) ZwCreateThread [0xAAF3B89E]
SSDT \??\C:\Program Files\Norman\Ngs\Bin\nprosec.sys (Norman Process Security Driver/Norman ASA) ZwSetSystemInformation [0xAAF3C4C2]
SSDT \??\C:\Program Files\Norman\Ngs\Bin\nprosec.sys (Norman Process Security Driver/Norman ASA) ZwTerminateProcess [0xAAF3C0C4]
SSDT \??\C:\Program Files\Norman\Ngs\Bin\nprosec.sys (Norman Process Security Driver/Norman ASA) ZwWriteVirtualMemory [0xAAF3C1B6]

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF7FC2F80]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[200] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 012B0001
.text C:\Program Files\Apoint2K\Apoint.exe[264] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00D80001
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[536] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 003C0001
.text C:\WINDOWS\system32\igfxtray.exe[700] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00E50001
.text C:\WINDOWS\system32\hkcmd.exe[1028] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00E40001
.text ...
.text C:\Program Files\Opera\opera.exe[2340] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes CALL 7170003D
.text C:\Program Files\Opera\opera.exe[2340] WS2_32.dll!htons 71AB2B66 6 Bytes JMP 5F150F5A
.text C:\Program Files\Opera\opera.exe[2340] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F070F5A
.text C:\Program Files\Opera\opera.exe[2340] WS2_32.dll!WSAEventSelect 71AB4573 6 Bytes JMP 5F280F5A
.text C:\Program Files\Opera\opera.exe[2340] WS2_32.dll!WSAGetLastError + 2 71AB94DE 4 Bytes [1E, 00, 1B, 5F] {PUSH DS; ADD [EBX], BL; POP EDI}
.text C:\Program Files\Opera\opera.exe[2340] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F1E0F5A
.text C:\Program Files\Opera\opera.exe[2340] WS2_32.dll!WSAAsyncSelect 71AC0979 6 Bytes JMP 5F100F5A
.text C:\Program Files\Opera\opera.exe[2340] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F0C0F5A
.text C:\Program Files\Opera\opera.exe[2340] WS2_32.dll!WSAAccept 71AC0DA9 6 Bytes JMP 5F250F5A
.text C:\Program Files\Opera\opera.exe[2340] WS2_32.dll!accept 71AC1028 6 Bytes JMP 5F220F5A
.text C:\Program Files\Norman\nig\bin\niguser.exe[2728] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00A20001
.text C:\Program Files\Norman\nig\bin\niguser.exe[2728] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes CALL 7170003D
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Opera\Opera\temporary_downloads\thd8c3g3.exe[2800] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 003C0001
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Opera\Opera\temporary_downloads\thd8c3g3.exe[2800] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes CALL 7170003D
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Opera\Opera\temporary_downloads\thd8c3g3.exe[3156] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 003C0001
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Opera\Opera\temporary_downloads\thd8c3g3.exe[3156] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes CALL 7170003D

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

The one above was a few hours ago, this one I did now, and also, it is prompting me to use chkdsk as this gmer file is corrupt!

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-14 15:32:25
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST9808210A rev.3.02
Running: gmer.exe; Driver: C:\WINDOWS\TEMP\kgnyyaoc.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Norman\Ngs\Bin\nprosec.sys (Norman Process Security Driver/Norman ASA) ZwCreateEvent [0xAAF3C99A]
SSDT \??\C:\Program Files\Norman\Ngs\Bin\nprosec.sys (Norman Process Security Driver/Norman ASA) ZwCreateFile [0xAAF3C3B8]
SSDT \??\C:\Program Files\Norman\Ngs\Bin\nprosec.sys (Norman Process Security Driver/Norman ASA) ZwCreateProcess [0xAAF3B83E]
SSDT \??\C:\Program Files\Norman\Ngs\Bin\nprosec.sys (Norman Process Security Driver/Norman ASA) ZwCreateProcessEx [0xAAF3B86E]
SSDT \??\C:\Program Files\Norman\Ngs\Bin\nprosec.sys (Norman Process Security Driver/Norman ASA) ZwCreateThread [0xAAF3B89E]
SSDT \??\C:\Program Files\Norman\Ngs\Bin\nprosec.sys (Norman Process Security Driver/Norman ASA) ZwSetSystemInformation [0xAAF3C4C2]
SSDT \??\C:\Program Files\Norman\Ngs\Bin\nprosec.sys (Norman Process Security Driver/Norman ASA) ZwTerminateProcess [0xAAF3C0C4]
SSDT \??\C:\Program Files\Norman\Ngs\Bin\nprosec.sys (Norman Process Security Driver/Norman ASA) ZwWriteVirtualMemory [0xAAF3C1B6]

---- Kernel code sections - GMER 1.0.15 ----

? 36845542.sys The system cannot find the file specified. !
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF7FB0F80]
? system32\DRIVERS\3684554.sys The system cannot find the path specified. !
? system32\DRIVERS\36845541.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Norman\nsc\bin\noelauncher.exe[164] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00C30001
.text C:\Documents and Settings\Owner\Desktop\Defogger.exe[356] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00AB0001
.text C:\Documents and Settings\Owner\Desktop\Defogger.exe[356] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes CALL 7170003D
.text C:\Program Files\Apoint2K\Apntex.exe[560] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00D00001
.text C:\WINDOWS\system32\wscntfy.exe[1300] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00A20001
.text C:\Program Files\Norman\nig\bin\niguser.exe[1612] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01220001
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[1824] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00EB0001
.text C:\WINDOWS\system32\igfxtray.exe[1844] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00E60001
.text ...
.text C:\Program Files\Internet Explorer\iexplore.exe[2896] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes CALL 7170003D
.text C:\Program Files\Internet Explorer\iexplore.exe[2896] USER32.dll!CallNextHookEx 77D4ED6E 5 Bytes JMP 0122DD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2896] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 01234832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2896] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 01159315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2896] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 0134DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2896] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 0134E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2896] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 0134DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2896] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 0122DBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2896] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 01191CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2896] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 0134DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2896] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 0134DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2896] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 0134E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2896] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 0134DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2896] ole32.dll!CoCreateInstance 77500326 5 Bytes JMP 0123488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2964] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes CALL 7170003D
.text C:\Program Files\Internet Explorer\iexplore.exe[2964] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 01234832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2964] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 01159315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2964] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 0134DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2964] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 0134E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2964] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 0134DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2964] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 0134DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2964] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 0134DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2964] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 0134E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2964] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 0134DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\TEMP\Temporary Directory 1 for gmer[1].zip\gmer.exe[3164] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 003C0001
.text C:\WINDOWS\TEMP\Temporary Directory 1 for gmer[1].zip\gmer.exe[3164] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes CALL 7170003D
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes CALL 7170003D
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!CallNextHookEx 77D4ED6E 5 Bytes JMP 0122DD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 01234832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 01159315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 0134DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 0134E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 0134DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 0122DBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 01191CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 0134DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 0134DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 0134E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 0134DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ole32.dll!CoCreateInstance 77500326 5 Bytes JMP 0123488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\setup_9.0.0.722_14.11.2010_16-17drv \FileSystem\Filters\setup_9.0.0.722_14.11.2010_16-17drv 3684554.sys

---- EOF - GMER 1.0.15 ----

DDS ran, looks not good at all




DDS (Ver_10-11-10.01) - FAT32x86
Run by Owner at 15:36:27.51 on Sun 11/14/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.55 [GMT -8:00]

AV: Norman Security Suite *On-access scanning enabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}

============== Running Processes ===============

C:\Program Files\Norman\Npm\Bin\elogsvc.exe
C:\Program Files\Norman\Ngs\Bin\Nnf.exe
C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Program Files\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norman\Npt\Bin\Npsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norman\Npm\Bin\scheduler.exe
C:\Program Files\Norman\Npm\Bin\Njeeves.exe
C:\Program Files\Norman\nig\bin\nigsvc32.exe
C:\Program Files\Norman\nsc\bin\nassvc32.exe
C:\Program Files\Norman\Nse\Bin\NSESVC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Norman\Npm\Bin\ZLH.EXE
C:\Program Files\Norman\nsc\bin\noelauncher.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Norman\Nvc\Bin\nvcoas.exe
C:\Program Files\Norman\nig\bin\niguser.exe
C:\Program Files\Norman\Nvc\Bin\Nip.exe
C:\Program Files\Norman\Nvc\Bin\cclaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\Defogger.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\HF22LBPC\dds[1].scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Norman ZANDA] "c:\program files\norman\npm\bin\ZLH.EXE" /LOAD /SPLASH
mRun: [NOELauncher] c:\program files\norman\nsc\bin\noelauncher.exe /load
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\_unins~1.lnk - c:\windows\temp\_uninst_setup_9.0.0.722_14.11.2010_16-17.exe.bat
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289739327031
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxsrvc.dll

============= SERVICES / DRIVERS ===============

R1 NGS;Norman General Security Driver;c:\program files\norman\ngs\bin\ngs.sys [2010-11-14 26744]
R1 NPROSEC;Norman Security driver;c:\program files\norman\ngs\bin\nprosec.sys [2010-11-14 72392]
R2 Ndiskio;Ndiskio;c:\program files\norman\nse\bin\Ndiskio.sys [2010-11-14 22880]
R2 NNFSVC;Norman Network Filtering service;c:\program files\norman\ngs\bin\nnf.exe [2010-11-14 219904]
R2 Norman ZANDA;Norman ZANDA;c:\program files\norman\npm\bin\Zanda.exe [2010-5-18 301192]
R2 NPROSECSVC;Norman Security service;c:\program files\norman\ngs\bin\nprosec.exe [2010-11-14 103016]
R2 npsvc32;Norman Privacy Service;c:\program files\norman\npt\bin\npsvc32.exe [2010-11-14 99416]
R2 nregsec;Norman Registry Security driver;c:\program files\norman\ngs\bin\nregsec.sys [2010-11-14 40384]
R2 NVOY;Norman Resource Provider;c:\program files\norman\npm\bin\nvoy.exe [2010-11-14 98776]
R3 NASS;Norman Anti Spam Service;c:\program files\norman\nsc\bin\nassvc32.exe [2010-11-14 135880]
R3 NIG;Norman Intrusion Guard;c:\program files\norman\nig\bin\nigsvc32.exe [2010-11-14 328576]
R3 nsesvc;Norman Scanner Engine Service;c:\program files\norman\nse\bin\Nsesvc.exe [2010-11-14 282624]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2010-11-14 21832]
R3 nvcoas;Norman Virus Control on-access component;c:\program files\norman\nvc\bin\Nvcoas.exe [2010-11-14 210248]
R3 Scheduler;Norman Scheduler Service;c:\program files\norman\npm\bin\scheduler.exe [2010-11-14 133272]
R4 36845541;36845541;c:\windows\system32\drivers\36845541.sys --> c:\windows\system32\drivers\36845541.sys [?]
RUnknown 36845542;36845542; [x]
RUnknown setup_9.0.0.722_14.11.2010_16-17drv;setup_9.0.0.722_14.11.2010_16-17drv; [x]

=============== Created Last 30 ================

2010-11-14 20:30:31 -------- d-----w- c:\windows\system32\PreInstall
2010-11-14 20:29:25 -------- d-sh--w- c:\documents and settings\owner\IECompatCache
2010-11-14 20:29:03 -------- d-----w- c:\windows\LastGood.Tmp
2010-11-14 20:21:26 -------- d-sh--w- c:\documents and settings\owner\PrivacIE
2010-11-14 20:19:52 -------- d-sh--w- c:\documents and settings\owner\IETldCache
2010-11-14 20:18:01 614400 ----a-w- c:\documents and settings\owner\ntuser.tmp
2010-11-14 20:13:41 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-11-14 20:12:27 -------- d--h--w- c:\windows\ie8
2010-11-14 17:38:18 -------- d--h--w- c:\windows\PIF
2010-11-14 15:19:45 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Opera
2010-11-14 15:15:09 -------- d-----w- c:\docume~1\owner\applic~1\SlimBrowser
2010-11-14 14:30:37 68176 ----a-w- c:\windows\system32\drivers\ale_nf64.sys
2010-11-14 14:30:37 61472 ----a-w- c:\windows\system32\drivers\ale_nf.sys
2010-11-14 14:30:37 48272 ----a-w- c:\windows\system32\drivers\nnetsec.sys
2010-11-14 14:30:37 376136 ----a-w- c:\windows\system32\drivers\tdi_nf.sys
2010-11-14 14:30:37 34192 ----a-w- c:\windows\system32\drivers\nnetsecl64.sys
2010-11-14 14:30:37 30584 ----a-w- c:\windows\system32\drivers\nnetsecl.sys
2010-11-14 14:30:37 21832 ----a-w- c:\windows\system32\drivers\nvcw32mf.sys
2010-11-14 14:30:37 214344 ----a-w- c:\windows\system32\nscrnsav.scr
2010-11-14 14:29:54 -------- d-----w- c:\program files\Norman
2010-11-14 13:42:36 -------- d-----w- c:\program files\CCleaner
2010-11-14 12:56:07 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2010-11-14 12:56:07 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2010-11-14 12:56:06 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2010-11-14 12:56:06 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2010-11-14 12:56:06 -------- d-----w- c:\windows\system32\SoftwareDistribution
2010-11-14 12:55:09 -------- d-sh--w- c:\documents and settings\owner\UserData
2010-11-14 12:48:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-11-14 12:45:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-14 12:40:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-14 12:32:27 -------- d-----w- c:\program files\msn gaming zone
2010-11-14 12:26:41 -------- d-sh--w- C:\Recycled
2010-11-14 12:12:10 163840 ----a-r- c:\windows\system32\igfxres.dll

==================== Find3M ====================


=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x815F0E88]<<
_asm { PUSH EBP; CALL 0x6; }
1 ntkrnlpa!IofCallDriver[0x804EDE00] -> \Device\Harddisk0\DR0[0x821AFAB8]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!

============= FINISH: 15:47:52.46 ===============

Merged 3 posts. ~ OB

http://www.bleepingcomputer.com/forums/topic360561.html/page__gopid__2017847#entry2017847
Please select an option


and this is where my post is...


OTL logfile created on: 11/14/2010 4:27:00 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 100.00 Mb Available Physical Memory | 20.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.28 Gb Total Space | 25.91 Gb Free Space | 88.49% Space Free | Partition Type: FAT32

Computer Name: J-41BA0A67LOJH9 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Owner\Desktop\Defogger.exe ()
PRC - C:\Program Files\Norman\Nvc\Bin\Nvcoas.exe (Norman ASA)
PRC - C:\Program Files\Norman\Ngs\Bin\nnf.exe (Norman ASA)
PRC - C:\Program Files\Norman\Nse\Bin\Nsesvc.exe (Norman ASA)
PRC - C:\Program Files\Norman\Nsc\Bin\nassvc32.exe (Norman ASA)
PRC - C:\Program Files\Norman\Nsc\Bin\NOELauncher.exe (Norman ASA)
PRC - C:\Program Files\Norman\Npm\Bin\Zanda.exe (Norman ASA)
PRC - C:\Program Files\Norman\Nig\Bin\niguser.exe (Norman ASA)
PRC - C:\Program Files\Norman\Nig\Bin\nigsvc32.exe (Norman ASA)
PRC - C:\Program Files\Norman\Ngs\Bin\nprosec.exe (Norman ASA)
PRC - C:\Program Files\Norman\Npt\Bin\npsvc32.exe (Norman ASA)
PRC - C:\Program Files\Norman\Nvc\Bin\CClaw.exe (Norman ASA)
PRC - C:\Program Files\Norman\Npm\Bin\nvoy.exe (Norman ASA)
PRC - C:\Program Files\Norman\Npm\Bin\Zlh.exe (Norman ASA)
PRC - C:\Program Files\Norman\Nvc\Bin\Nip.exe (Norman ASA)
PRC - C:\Program Files\Norman\Npm\Bin\scheduler.exe (Norman ASA)
PRC - C:\Program Files\Norman\Npm\Bin\elogsvc.exe (Norman ASA)
PRC - C:\Program Files\Norman\Npm\Bin\Njeeves.exe (Norman ASA)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Norman\Nsc\Bin\oehook.dll (Norman A.S.A.)
MOD - C:\Program Files\Norman\Nvc\Bin\Niphk.dll (Norman ASA)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (nvcoas) -- C:\Program Files\Norman\Nvc\Bin\nvcoas.exe (Norman ASA)
SRV - (NNFSVC) -- C:\Program Files\Norman\Ngs\Bin\Nnf.exe (Norman ASA)
SRV - (nsesvc) -- C:\Program Files\Norman\Nse\Bin\NSESVC.EXE (Norman ASA)
SRV - (NASS) -- C:\Program Files\Norman\nsc\bin\nassvc32.exe (Norman ASA)
SRV - (Norman ZANDA) -- C:\Program Files\Norman\Npm\Bin\Zanda.exe (Norman ASA)
SRV - (NIG) -- C:\Program Files\Norman\nig\bin\nigsvc32.exe (Norman ASA)
SRV - (NPROSECSVC) -- C:\Program Files\Norman\Ngs\Bin\Nprosec.exe (Norman ASA)
SRV - (npsvc32) -- C:\Program Files\Norman\Npt\Bin\Npsvc32.exe (Norman ASA)
SRV - (NVOY) -- C:\Program Files\Norman\npm\bin\nvoy.exe (Norman ASA)
SRV - (Scheduler) -- C:\Program Files\Norman\Npm\Bin\scheduler.exe (Norman ASA)
SRV - (eLoggerSvc6) -- C:\Program Files\Norman\Npm\Bin\elogsvc.exe (Norman ASA)
SRV - (Norman NJeeves) -- C:\Program Files\Norman\Npm\Bin\Njeeves.exe (Norman ASA)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Driver Services (SafeList) ==========

DRV - (setup_9.0.0.722_14.11.2010_16-17drv) -- File not found
DRV - (eabfiltr) -- C:\WINDOWS\System32\drivers\EABFiltr.sys File not found
DRV - (36845542) -- File not found
DRV - (36845541) -- C:\WINDOWS\System32\DRIVERS\36845541.sys File not found
DRV - (nregsec) -- C:\Program Files\Norman\Ngs\Bin\nregsec.sys (Norman ASA)
DRV - (NPROSEC) -- C:\Program Files\Norman\Ngs\Bin\nprosec.sys (Norman ASA)
DRV - (NGS) -- c:\Program Files\Norman\Ngs\Bin\ngs.sys (Norman ASA)
DRV - (Ndiskio) -- C:\Program Files\Norman\Nse\Bin\Ndiskio.sys (Norman ASA)
DRV - (NvcMFlt) -- C:\WINDOWS\system32\drivers\nvcw32mf.sys (Norman ASA)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (MidiSyn) -- C:\WINDOWS\system32\drivers\MidiSyn.sys (Analog Devices Inc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = https://www.login.live.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2004/08/04 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NOELauncher] C:\Program Files\Norman\nsc\bin\noelauncher.exe (Norman ASA)
O4 - HKLM..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\Bin\ZLH.EXE (Norman ASA)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\_uninst_setup_9.0.0.722_14.11.2010_16-17.exe.lnk = C:\WINDOWS\Temp\_uninst_setup_9.0.0.722_14.11.2010_16-17.exe.bat ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289739327031 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.6.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/14 00:11:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/14 15:58:50 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/11/14 15:46:49 | 001,330,776 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2010/11/14 14:49:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/11/14 12:30:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/11/14 12:29:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010/11/14 12:29:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IECompatCache
[2010/11/14 12:29:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2010/11/14 12:21:26 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\PrivacIE
[2010/11/14 12:19:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IETldCache
[2010/11/14 12:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\backups
[2010/11/14 12:14:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/11/14 12:13:41 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2010/11/14 12:12:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/11/14 12:12:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/11/14 12:00:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\Cookies
[2010/11/14 11:15:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/11/14 11:09:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/14 09:38:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/11/14 09:00:02 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HijackThis.exe
[2010/11/14 08:28:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\LOG
[2010/11/14 08:26:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Quarantine
[2010/11/14 07:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Opera
[2010/11/14 07:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Opera
[2010/11/14 07:15:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SlimBrowser
[2010/11/14 07:12:10 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/11/14 06:30:37 | 000,376,136 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\tdi_nf.sys
[2010/11/14 06:30:37 | 000,068,176 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\ale_nf64.sys
[2010/11/14 06:30:37 | 000,061,472 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\ale_nf.sys
[2010/11/14 06:30:37 | 000,048,272 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\nnetsec.sys
[2010/11/14 06:30:37 | 000,034,192 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\nnetsecl64.sys
[2010/11/14 06:30:37 | 000,030,584 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\nnetsecl.sys
[2010/11/14 06:30:37 | 000,021,832 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\nvcw32mf.sys
[2010/11/14 06:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\Norman
[2010/11/14 06:23:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Virus Removal Tool
[2010/11/14 06:18:10 | 083,218,656 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\setup_9.0.0.722_14.11.2010_16-17.exe
[2010/11/14 05:42:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/14 04:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Adobe
[2010/11/14 04:56:07 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2010/11/14 04:56:07 | 000,021,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2010/11/14 04:56:06 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2010/11/14 04:56:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/11/14 04:55:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\UserData
[2010/11/14 04:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2010/11/14 04:48:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/11/14 04:45:24 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/11/14 04:40:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/11/14 04:40:41 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/11/14 04:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2010/11/14 04:26:41 | 000,000,000 | -HSD | C] -- C:\Recycled
[2010/11/14 04:17:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/11/14 04:16:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Sun
[2010/11/14 04:12:10 | 000,163,840 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2010/11/14 00:47:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/11/14 00:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/11/14 00:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory
[2010/11/14 00:43:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010/11/14 00:40:14 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/14 00:40:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/14 00:40:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/14 00:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/11/14 00:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/11/14 00:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150020}
[2010/11/14 00:39:10 | 000,032,356 | ---- | C] (Phoenix Technologies K.K.) -- C:\WINDOWS\System32\pusbfd1.sys
[2010/11/14 00:39:10 | 000,000,000 | ---D | C] -- C:\swsetup
[2010/11/14 00:38:33 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/11/14 00:37:57 | 000,425,984 | ---- | C] (Hewlett-Packard ) -- C:\WINDOWS\System32\hpqPres.dll
[2010/11/14 00:37:57 | 000,225,280 | ---- | C] (Hewlett-Packard ) -- C:\WINDOWS\System32\cpqinfo.dll
[2010/11/14 00:37:57 | 000,065,536 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpqactn.dll
[2010/11/14 00:37:57 | 000,032,768 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\eabhbrn8.dll
[2010/11/14 00:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\HPQ
[2010/11/14 00:37:19 | 000,000,000 | ---D | C] -- C:\Program Files\InterVideo
[2010/11/14 00:36:10 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/11/14 00:36:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2010/11/14 00:36:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/11/14 00:35:45 | 000,176,128 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\bcmwlu00.EXE
[2010/11/14 00:35:45 | 000,069,632 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\bcmwlD2K.EXE
[2010/11/14 00:35:44 | 000,371,712 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\BCMWL5.SYS
[2010/11/14 00:35:12 | 002,289,664 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmgicd.dll
[2010/11/14 00:35:12 | 000,512,000 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmgdev.dll
[2010/11/14 00:35:12 | 000,172,032 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrell.lrc
[2010/11/14 00:35:12 | 000,167,936 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrhun.lrc
[2010/11/14 00:35:12 | 000,167,936 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcsy.lrc
[2010/11/14 00:35:12 | 000,163,840 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtrk.lrc
[2010/11/14 00:35:12 | 000,106,496 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxext.exe
[2010/11/14 00:35:12 | 000,061,440 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\iAlmCoIn_v3984.dll
[2010/11/14 00:35:12 | 000,049,152 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmrem.dll
[2010/11/14 00:35:12 | 000,036,864 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxexps.dll
[2010/11/14 00:35:11 | 000,172,032 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxresp.lrc
[2010/11/14 00:35:11 | 000,167,936 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrrus.lrc
[2010/11/14 00:35:11 | 000,167,936 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptg.lrc
[2010/11/14 00:35:11 | 000,167,936 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptb.lrc
[2010/11/14 00:35:11 | 000,167,936 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrplk.lrc
[2010/11/14 00:35:11 | 000,167,936 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnld.lrc
[2010/11/14 00:35:11 | 000,167,936 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrita.lrc
[2010/11/14 00:35:11 | 000,167,936 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfrc.lrc
[2010/11/14 00:35:11 | 000,167,936 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfra.lrc
[2010/11/14 00:35:11 | 000,167,936 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdeu.lrc
[2010/11/14 00:35:11 | 000,163,840 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtha.lrc
[2010/11/14 00:35:11 | 000,163,840 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsve.lrc
[2010/11/14 00:35:11 | 000,163,840 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnor.lrc
[2010/11/14 00:35:11 | 000,163,840 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfin.lrc
[2010/11/14 00:35:11 | 000,163,840 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdan.lrc
[2010/11/14 00:35:11 | 000,159,744 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrheb.lrc
[2010/11/14 00:35:11 | 000,159,744 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxreng.lrc
[2010/11/14 00:35:11 | 000,159,744 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrarb.lrc
[2010/11/14 00:35:11 | 000,159,744 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrara.lrc
[2010/11/14 00:35:11 | 000,151,552 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrjpn.lrc
[2010/11/14 00:35:11 | 000,147,456 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrkor.lrc
[2010/11/14 00:35:11 | 000,143,360 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcht.lrc
[2010/11/14 00:35:11 | 000,143,360 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrchs.lrc
[2010/11/14 00:35:10 | 001,245,184 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxress.dll
[2010/11/14 00:35:10 | 000,503,808 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcfg.exe
[2010/11/14 00:35:10 | 000,225,280 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxpph.dll
[2010/11/14 00:35:10 | 000,225,280 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxeud.dll
[2010/11/14 00:35:10 | 000,163,840 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrenu.lrc
[2010/11/14 00:35:10 | 000,151,552 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdiag.exe
[2010/11/14 00:35:10 | 000,139,264 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdev.dll
[2010/11/14 00:35:10 | 000,126,976 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxhk.dll
[2010/11/14 00:35:10 | 000,114,688 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxzoom.exe
[2010/11/14 00:35:10 | 000,094,208 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl
[2010/11/14 00:35:10 | 000,086,016 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdo.dll
[2010/11/14 00:35:10 | 000,045,056 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdgps.dll
[2010/11/14 00:35:09 | 000,821,819 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdd5.dll
[2010/11/14 00:35:09 | 000,348,160 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.dll
[2010/11/14 00:35:09 | 000,165,595 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdev5.dll
[2010/11/14 00:35:09 | 000,118,784 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\hccutils.dll
[2010/11/14 00:35:09 | 000,100,924 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdnt5.dll
[2010/11/14 00:35:09 | 000,069,632 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\oemdspif.dll
[2010/11/14 00:35:09 | 000,037,951 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmrnt5.dll
[2010/11/14 00:34:38 | 000,109,319 | R--- | C] (Alps Electric Co., Ltd.) -- C:\WINDOWS\System32\drivers\Apfiltr.sys
[2010/11/14 00:34:38 | 000,094,247 | R--- | C] (Alps Electric Co., Ltd.) -- C:\WINDOWS\System32\Vxdif.dll
[2010/11/14 00:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\Apoint2K
[2010/11/14 00:34:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/11/14 00:34:16 | 000,069,760 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\Rtlnicxp.sys
[2010/11/14 00:34:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS
[2010/11/14 00:33:45 | 000,235,100 | R--- | C] (Analog Devices Inc) -- C:\WINDOWS\System32\drivers\MidiSyn.sys
[2010/11/14 00:33:30 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys
[2010/11/14 00:33:29 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys
[2010/11/14 00:33:27 | 000,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys
[2010/11/14 00:33:20 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys
[2010/11/14 00:33:19 | 000,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys
[2010/11/14 00:33:17 | 000,171,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys
[2010/11/14 00:33:16 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmkaud.sys
[2010/11/14 00:33:15 | 000,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysaudio.sys
[2010/11/14 00:33:13 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mskssrv.sys
[2010/11/14 00:33:12 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspqm.sys
[2010/11/14 00:33:09 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspclock.sys
[2010/11/14 00:33:05 | 000,381,056 | R--- | C] (Sensaura) -- C:\WINDOWS\System32\drivers\senfilt.sys
[2010/11/14 00:33:05 | 000,065,536 | R--- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\a3d.dll
[2010/11/14 00:33:05 | 000,065,536 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2010/11/14 00:33:04 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2010/11/14 00:33:04 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys
[2010/11/14 00:33:04 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2010/11/14 00:33:04 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll
[2010/11/14 00:33:03 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2010/11/14 00:33:03 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2010/11/14 00:33:03 | 000,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2010/11/14 00:33:03 | 000,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2010/11/14 00:32:58 | 001,285,632 | ---- | C] (Analog Devices) -- C:\WINDOWS\System32\SMMedia.dll
[2010/11/14 00:32:58 | 000,030,208 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\wdmioctl.dll
[2010/11/14 00:32:55 | 000,991,232 | ---- | C] (Sensaura) -- C:\WINDOWS\System32\virtear.dll
[2010/11/14 00:32:55 | 000,765,952 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System\crlds3d.dll
[2010/11/14 00:32:55 | 000,065,536 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\Audio3d.dll
[2010/11/14 00:32:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\VirtualEar
[2010/11/14 00:32:54 | 000,049,152 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\DSndUp.exe
[2010/11/14 00:32:54 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2010/11/14 00:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2010/11/14 00:32:53 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/11/14 00:32:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/11/14 00:30:54 | 000,000,000 | ---D | C] -- C:\SYSTEM.SAV
[2010/11/14 00:23:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Identities
[2010/11/14 00:23:17 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/11/14 00:23:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/11/14 00:23:04 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/11/14 00:23:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Music
[2010/11/14 00:23:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Pictures
[2010/11/14 00:23:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/11/14 00:23:01 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/11/14 00:22:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Owner\Application Data\Microsoft
[2010/11/14 00:22:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\SendTo
[2010/11/14 00:22:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Application Data
[2010/11/14 00:22:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu
[2010/11/14 00:22:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents
[2010/11/14 00:22:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Favorites
[2010/11/14 00:22:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\Templates
[2010/11/14 00:22:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\PrintHood
[2010/11/14 00:22:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\NetHood
[2010/11/14 00:22:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\Local Settings
[2010/11/14 00:22:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft
[2010/11/14 00:22:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop
[2010/11/14 00:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/11/14 00:22:54 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/11/14 00:22:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/11/14 00:22:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/11/14 00:22:30 | 000,000,000 | -HSD | C] -- C:\FOUND.000
[2010/11/14 00:14:17 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2010/11/14 00:14:16 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2010/11/14 00:14:15 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2010/11/14 00:14:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2010/11/14 00:14:11 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2010/11/14 00:14:10 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2010/11/14 00:14:10 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2010/11/14 00:14:09 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2010/11/14 00:14:08 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2010/11/14 00:14:06 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2010/11/14 00:14:05 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2010/11/14 00:14:05 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2010/11/14 00:14:04 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2010/11/14 00:14:04 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2010/11/14 00:14:04 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2010/11/14 00:14:03 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2010/11/14 00:14:03 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2010/11/14 00:14:02 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2010/11/14 00:14:02 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2010/11/14 00:14:01 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2010/11/14 00:14:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2010/11/14 00:14:00 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2010/11/14 00:14:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2010/11/14 00:13:59 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2010/11/14 00:13:59 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2010/11/14 00:13:58 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2010/11/14 00:13:58 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2010/11/14 00:13:58 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2010/11/14 00:13:57 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2010/11/14 00:13:57 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2010/11/14 00:13:56 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2010/11/14 00:13:56 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2010/11/14 00:13:55 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2010/11/14 00:13:55 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2010/11/14 00:13:55 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2010/11/14 00:13:54 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2010/11/14 00:13:54 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2010/11/14 00:13:53 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2010/11/14 00:13:50 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2010/11/14 00:13:49 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2010/11/14 00:13:48 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/11/14 00:13:48 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/11/14 00:13:47 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/11/14 00:13:47 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2010/11/14 00:13:45 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2010/11/14 00:13:45 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2010/11/14 00:13:44 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2010/11/14 00:13:43 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2010/11/14 00:13:42 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2010/11/14 00:13:34 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2010/11/14 00:13:33 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2010/11/14 00:13:33 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2010/11/14 00:13:30 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2010/11/14 00:13:26 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2010/11/14 00:13:23 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiregmv.exe
[2010/11/14 00:13:15 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2010/11/14 00:13:15 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2010/11/14 00:13:14 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2010/11/14 00:13:13 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2010/11/14 00:13:13 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2010/11/14 00:13:12 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2010/11/14 00:13:12 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2010/11/14 00:13:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2010/11/14 00:13:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2010/11/14 00:13:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2010/11/14 00:13:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2010/11/14 00:13:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2010/11/14 00:13:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2010/11/14 00:13:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2010/11/14 00:13:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2010/11/14 00:13:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2010/11/14 00:13:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2010/11/14 00:13:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2010/11/14 00:13:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2010/11/14 00:13:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmal.dll
[2010/11/14 00:13:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2010/11/14 00:13:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2010/11/14 00:13:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2010/11/14 00:13:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2010/11/14 00:13:03 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinben.dll
[2010/11/14 00:13:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2010/11/14 00:13:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinbe1.dll
[2010/11/14 00:13:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2010/11/14 00:13:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2010/11/14 00:13:01 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2010/11/14 00:13:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2010/11/14 00:13:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2010/11/14 00:12:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2010/11/14 00:12:59 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2010/11/14 00:12:59 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2010/11/14 00:12:58 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2010/11/14 00:12:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2010/11/14 00:12:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2010/11/14 00:12:57 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2010/11/14 00:12:47 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2010/11/14 00:12:45 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2010/11/14 00:12:45 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2010/11/14 00:12:44 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2010/11/14 00:12:44 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2010/11/14 00:12:43 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2010/11/14 00:12:43 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2010/11/14 00:12:42 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2010/11/14 00:12:42 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2010/11/14 00:12:41 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2010/11/14 00:12:41 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2010/11/14 00:12:41 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2010/11/14 00:12:40 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2010/11/14 00:12:40 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2010/11/14 00:12:39 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2010/11/14 00:12:39 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2010/11/14 00:12:39 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2010/11/14 00:12:38 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2010/11/14 00:12:38 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2010/11/14 00:12:37 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2010/11/14 00:12:37 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2010/11/14 00:12:36 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2010/11/14 00:12:36 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2010/11/14 00:12:35 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2010/11/14 00:12:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2010/11/14 00:12:34 | 000,618,605 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4autl.dll
[2010/11/14 00:12:34 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2010/11/14 00:12:34 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2010/11/14 00:12:33 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2010/11/14 00:12:32 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2010/11/14 00:12:32 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2010/11/14 00:12:31 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2010/11/14 00:12:31 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2010/11/14 00:12:30 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010/11/14 00:12:30 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010/11/14 00:12:29 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010/11/14 00:12:28 | 000,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
[2010/11/14 00:12:20 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2010/11/14 00:12:17 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2010/11/14 00:12:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2010/11/14 00:12:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2010/11/14 00:12:16 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2010/11/14 00:12:15 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/11/14 00:11:56 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2010/11/14 00:11:55 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2010/11/14 00:11:55 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2010/11/14 00:11:54 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2010/11/14 00:11:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2010/11/14 00:11:48 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2010/11/14 00:11:48 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2010/11/14 00:11:47 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2010/11/14 00:11:47 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2010/11/14 00:11:43 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2010/11/14 00:11:41 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2010/11/14 00:11:41 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2010/11/14 00:11:41 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2010/11/14 00:11:41 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2010/11/14 00:11:40 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2010/11/14 00:11:40 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2010/11/14 00:11:39 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2010/11/14 00:11:39 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2010/11/14 00:11:39 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2010/11/14 00:11:39 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2010/11/14 00:11:38 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2010/11/14 00:11:38 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2010/11/14 00:11:38 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2010/11/14 00:11:37 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2010/11/14 00:11:37 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2010/11/14 00:11:36 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2010/11/14 00:11:36 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2010/11/14 00:11:36 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2010/11/14 00:11:35 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2010/11/14 00:11:34 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2010/11/14 00:11:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/11/14 00:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/11/14 00:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/11/14 00:11:00 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2010/11/14 00:10:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/11/14 00:10:08 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/11/14 00:10:08 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/11/14 00:09:56 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010/11/14 00:09:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010/11/14 00:09:15 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoobe.exe
[2010/11/14 00:09:14 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notiflag.exe
[2010/11/14 00:09:14 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atrace.dll
[2010/11/14 00:09:14 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2010/11/14 00:09:13 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe
[2010/11/14 00:09:13 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brpinfo.dll
[2010/11/14 00:09:13 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hcappres.dll
[2010/11/14 00:09:04 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe
[2010/11/14 00:09:04 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2010/11/14 00:09:04 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmevtmsg.dll
[2010/11/14 00:09:03 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe
[2010/11/14 00:09:03 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wb32.exe
[2010/11/14 00:09:03 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cb32.exe
[2010/11/14 00:09:02 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acctres.dll
[2010/11/14 00:09:02 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2010/11/14 00:09:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/11/14 00:08:59 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2010/11/14 00:08:59 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2010/11/14 00:08:59 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll
[2010/11/14 00:08:59 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2010/11/14 00:08:59 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2010/11/14 00:08:59 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icfgnt5.dll
[2010/11/14 00:08:59 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/11/14 00:08:58 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoap1.dll
[2010/11/14 00:08:58 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wisc10.dll
[2010/11/14 00:08:58 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoapr.dll
[2010/11/14 00:08:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/11/14 00:08:57 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieinfo5.ocx
[2010/11/14 00:08:55 | 000,725,566 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srchui.dll
[2010/11/14 00:08:54 | 003,166,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgr3en.dll
[2010/11/14 00:08:54 | 000,058,434 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srchctls.dll
[2010/11/14 00:08:53 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\VGX.dll
[2010/11/14 00:08:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/11/14 00:08:52 | 000,819,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe
[2010/11/14 00:08:52 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpband.dll
[2010/11/14 00:08:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/11/14 00:08:51 | 000,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migrate.exe
[2010/11/14 00:08:51 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpvis.dll
[2010/11/14 00:08:51 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2010/11/14 00:08:51 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2010/11/14 00:08:51 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll
[2010/11/14 00:08:50 | 000,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2010/11/14 00:08:50 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2010/11/14 00:08:50 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2010/11/14 00:08:49 | 001,929,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2010/11/14 00:08:49 | 000,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2010/11/14 00:08:49 | 000,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2010/11/14 00:08:49 | 000,217,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2010/11/14 00:08:49 | 000,209,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2010/11/14 00:08:49 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2010/11/14 00:08:49 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng1.dll
[2010/11/14 00:08:49 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2010/11/14 00:08:49 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2010/11/14 00:08:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauserv.dll
[2010/11/14 00:08:48 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2010/11/14 00:08:48 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2010/11/14 00:08:48 | 000,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgr.dll
[2010/11/14 00:08:48 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2010/11/14 00:08:48 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt1.exe
[2010/11/14 00:08:48 | 000,053,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2010/11/14 00:08:48 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2010/11/14 00:08:48 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgrprxy.dll
[2010/11/14 00:08:48 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx2.dll
[2010/11/14 00:08:48 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2010/11/14 00:08:48 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx3.dll
[2010/11/14 00:08:48 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2010/11/14 00:08:46 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res2.dll
[2010/11/14 00:08:46 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2eres.dll
[2010/11/14 00:08:45 | 004,256,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res.dll
[2010/11/14 00:08:45 | 000,502,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxa.dll
[2010/11/14 00:08:45 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxb.dll
[2010/11/14 00:08:44 | 000,402,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2filt.dll
[2010/11/14 00:08:44 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ae.dll
[2010/11/14 00:08:44 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ext.dll
[2010/11/14 00:08:43 | 003,555,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/11/14 00:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010/11/14 00:08:42 | 000,563,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobmain.dll
[2010/11/14 00:08:42 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobshel.dll
[2010/11/14 00:08:42 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobdl.dll
[2010/11/14 00:08:41 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobcomm.dll
[2010/11/14 00:08:41 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oobebaln.exe
[2010/11/14 00:08:41 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobweb.dll
[2010/11/14 00:08:39 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uploadm.exe
[2010/11/14 00:08:39 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pchshell.dll
[2010/11/14 00:08:39 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2010/11/14 00:08:39 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrslv.dll
[2010/11/14 00:08:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2010/11/14 00:08:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrcdlg.dll
[2010/11/14 00:08:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2010/11/14 00:08:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\racpldlg.dll
[2010/11/14 00:08:39 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pchsvc.dll
[2010/11/14 00:08:39 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2010/11/14 00:08:39 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrdm.dll
[2010/11/14 00:08:36 | 000,743,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/11/14 00:08:36 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconfig.exe
[2010/11/14 00:08:36 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hscupd.exe
[2010/11/14 00:08:35 | 000,768,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpctr.exe
[2010/11/14 00:08:35 | 000,380,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rstrui.exe
[2010/11/14 00:08:35 | 000,124,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmgr.sys
[2010/11/14 00:08:35 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltMc.exe
[2010/11/14 00:08:35 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmc.exe
[2010/11/14 00:08:35 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltlib.dll
[2010/11/14 00:08:34 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2010/11/14 00:08:34 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srrstr.dll
[2010/11/14 00:08:34 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srsvc.dll
[2010/11/14 00:08:34 | 000,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sr.sys
[2010/11/14 00:08:34 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srclient.dll
[2010/11/14 00:08:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/11/14 00:08:33 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2010/11/14 00:08:33 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ils.dll
[2010/11/14 00:08:33 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2010/11/14 00:08:33 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconf.dll
[2010/11/14 00:08:33 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcap32.dll
[2010/11/14 00:08:33 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2010/11/14 00:08:33 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmdd.dll
[2010/11/14 00:08:33 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmsrvc.exe
[2010/11/14 00:08:33 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2010/11/14 00:08:33 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\isrdbg32.dll
[2010/11/14 00:08:33 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2010/11/14 00:08:33 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmmkcert.dll
[2010/11/14 00:08:32 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\callcont.dll
[2010/11/14 00:08:32 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmas.dll
[2010/11/14 00:08:32 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nac.dll
[2010/11/14 00:08:32 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rrcm.dll
[2010/11/14 00:08:32 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\h323cc.dll
[2010/11/14 00:08:32 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmasnt.dll
[2010/11/14 00:08:31 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst120.dll
[2010/11/14 00:08:31 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmwb.dll
[2010/11/14 00:08:31 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmoldwb.dll
[2010/11/14 00:08:31 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmft.dll
[2010/11/14 00:08:31 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmchat.dll
[2010/11/14 00:08:31 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmcom.dll
[2010/11/14 00:08:31 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst123.dll
[2010/11/14 00:08:31 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\confmrsl.dll
[2010/11/14 00:08:30 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\conf.exe
[2010/11/14 00:08:30 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2010/11/14 00:08:30 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoeacct.dll
[2010/11/14 00:08:30 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2010/11/14 00:08:30 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoert2.dll
[2010/11/14 00:08:30 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/11/14 00:08:30 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabmig.exe
[2010/11/14 00:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010/11/14 00:08:29 | 000,504,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32.dll
[2010/11/14 00:08:29 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32res.dll
[2010/11/14 00:08:29 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabimp.dll
[2010/11/14 00:08:29 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\directdb.dll
[2010/11/14 00:08:29 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2010/11/14 00:08:29 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetres.dll
[2010/11/14 00:08:29 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabfind.dll
[2010/11/14 00:08:28 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2010/11/14 00:08:28 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oeimport.dll
[2010/11/14 00:08:28 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msimn.exe
[2010/11/14 00:08:27 | 002,479,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoeres.dll
[2010/11/14 00:08:26 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstask.dll
[2010/11/14 00:08:26 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schedsvc.dll
[2010/11/14 00:08:26 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup50.exe
[2010/11/14 00:08:26 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemig50.exe
[2010/11/14 00:08:26 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemiglib.dll
[2010/11/14 00:08:26 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2010/11/14 00:08:26 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstinit.exe
[2010/11/14 00:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010/11/14 00:08:25 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2010/11/14 00:08:25 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcfg.dll
[2010/11/14 00:08:25 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2010/11/14 00:08:25 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll
[2010/11/14 00:08:25 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2010/11/14 00:08:25 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdial.dll
[2010/11/14 00:08:25 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2010/11/14 00:08:25 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwphbk.dll
[2010/11/14 00:08:24 | 000,561,179 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dao360.dll
[2010/11/14 00:08:24 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn1.exe
[2010/11/14 00:08:24 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwhelp.dll
[2010/11/14 00:08:24 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn2.exe
[2010/11/14 00:08:24 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn.dll
[2010/11/14 00:08:24 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwutil.dll
[2010/11/14 00:08:24 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdl.dll
[2010/11/14 00:08:24 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwrmind.exe
[2010/11/14 00:08:24 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetwiz.exe
[2010/11/14 00:08:23 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32.dll
[2010/11/14 00:08:23 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqlxmlx.dll
[2010/11/14 00:08:23 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32r.dll
[2010/11/14 00:08:22 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasql.dll
[2010/11/14 00:08:22 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaora.dll
[2010/11/14 00:08:22 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaps.dll
[2010/11/14 00:08:22 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll
[2010/11/14 00:08:22 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatl3.dll
[2010/11/14 00:08:22 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaosp.dll
[2010/11/14 00:08:22 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxactps.dll
[2010/11/14 00:08:22 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatt.dll
[2010/11/14 00:08:22 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasqlr.dll
[2010/11/14 00:08:22 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaorar.dll
[2010/11/14 00:08:22 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaurl.dll
[2010/11/14 00:08:22 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasc.dll
[2010/11/14 00:08:22 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaer.dll
[2010/11/14 00:08:22 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaenum.dll
[2010/11/14 00:08:22 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdadc.dll
[2010/11/14 00:08:21 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2010/11/14 00:08:21 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll
[2010/11/14 00:08:21 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll
[2010/11/14 00:08:21 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdarem.dll
[2010/11/14 00:08:21 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado27.tlb
[2010/11/14 00:08:21 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado26.tlb
[2010/11/14 00:08:21 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado25.tlb
[2010/11/14 00:08:21 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado21.tlb
[2010/11/14 00:08:21 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado20.tlb
[2010/11/14 00:08:21 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadrh15.dll
[2010/11/14 00:08:21 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msador15.dll
[2010/11/14 00:08:21 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msader15.dll
[2010/11/14 00:08:21 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaremr.dll
[2010/11/14 00:08:20 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2010/11/14 00:08:20 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprst.dll
[2010/11/14 00:08:20 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadds.dll
[2010/11/14 00:08:20 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadco.dll
[2010/11/14 00:08:20 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcf.dll
[2010/11/14 00:08:20 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcs.dll
[2010/11/14 00:08:20 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdfmap.dll
[2010/11/14 00:08:20 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaddsr.dll
[2010/11/14 00:08:20 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcer.dll
[2010/11/14 00:08:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprsr.dll
[2010/11/14 00:08:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcor.dll
[2010/11/14 00:08:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcfr.dll
[2010/11/14 00:08:19 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hmmapi.dll
[2010/11/14 00:08:19 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedw.exe
[2010/11/14 00:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/11/14 00:08:18 | 000,638,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2010/11/14 00:08:13 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/11/14 00:08:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/11/14 00:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/11/14 00:07:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/11/14 00:07:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/11/14 00:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010/11/14 00:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/11/14 00:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/11/14 00:07:00 | 001,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2010/11/14 00:07:00 | 000,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2010/11/14 00:07:00 | 000,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2010/11/14 00:07:00 | 000,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2010/11/14 00:07:00 | 000,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2010/11/14 00:07:00 | 000,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2010/11/14 00:06:59 | 002,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2010/11/14 00:06:59 | 001,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2010/11/14 00:06:59 | 000,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2010/11/14 00:06:59 | 000,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2010/11/14 00:06:59 | 000,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2010/11/14 00:06:59 | 000,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2010/11/14 00:06:59 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2010/11/14 00:06:59 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2010/11/14 00:06:59 | 000,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2010/11/14 00:06:59 | 000,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2010/11/14 00:06:58 | 001,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2010/11/14 00:06:58 | 000,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2010/11/14 00:06:58 | 000,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2010/11/14 00:06:58 | 000,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2010/11/14 00:06:58 | 000,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2010/11/14 00:06:57 | 000,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2010/11/14 00:06:57 | 000,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2010/11/14 00:06:57 | 000,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2010/11/14 00:06:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2010/11/14 00:06:48 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2010/11/14 00:06:48 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2010/11/14 00:06:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2010/11/14 00:06:48 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2010/11/14 00:06:48 | 000,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll
[2010/11/14 00:06:47 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2010/11/14 00:06:41 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2010/11/14 00:06:40 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2010/11/14 00:06:40 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2010/11/14 00:06:40 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2010/11/14 00:06:39 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2010/11/14 00:06:39 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2010/11/14 00:06:39 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2010/11/14 00:06:39 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2010/11/14 00:06:39 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe
[2010/11/14 00:06:39 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2010/11/14 00:06:39 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe
[2010/11/14 00:06:39 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2010/11/14 00:06:39 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe
[2010/11/14 00:06:39 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2010/11/14 00:06:39 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe
[2010/11/14 00:06:39 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2010/11/14 00:06:39 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe
[2010/11/14 00:06:38 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2010/11/14 00:06:38 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe
[2010/11/14 00:06:38 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2010/11/14 00:06:38 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qwinsta.exe
[2010/11/14 00:06:38 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2010/11/14 00:06:38 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msg.exe
[2010/11/14 00:06:38 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2010/11/14 00:06:38 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qappsrv.exe
[2010/11/14 00:06:38 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2010/11/14 00:06:38 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe
[2010/11/14 00:06:38 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdmodem.dll
[2010/11/14 00:06:38 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2010/11/14 00:06:38 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2010/11/14 00:06:38 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe
[2010/11/14 00:06:38 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2010/11/14 00:06:38 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe
[2010/11/14 00:06:38 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2010/11/14 00:06:38 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcfgex.dll
[2010/11/14 00:06:37 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtsadmin.tlb
[2010/11/14 00:06:37 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcomcnfg.exe
[2010/11/14 00:06:37 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2010/11/14 00:06:37 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrereg.exe
[2010/11/14 00:06:36 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsnap.dll
[2010/11/14 00:06:36 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2010/11/14 00:06:36 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.dll
[2010/11/14 00:06:36 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2010/11/14 00:06:36 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2010/11/14 00:06:36 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stclient.dll
[2010/11/14 00:06:36 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmi2xml.dll
[2010/11/14 00:06:36 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comaddin.dll
[2010/11/14 00:06:36 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2010/11/14 00:06:36 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2010/11/14 00:06:36 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxlegih.dll
[2010/11/14 00:06:36 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2010/11/14 00:06:36 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxdm.dll
[2010/11/14 00:06:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2010/11/14 00:06:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxex.dll
[2010/11/14 00:06:33 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipicmp.dll
[2010/11/14 00:06:33 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmimsg.dll
[2010/11/14 00:06:33 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmitimep.dll
[2010/11/14 00:06:33 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmtr.dll
[2010/11/14 00:06:32 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll
[2010/11/14 00:06:32 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\updprov.dll
[2010/11/14 00:06:32 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmplprov.dll
[2010/11/14 00:06:32 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.tlb
[2010/11/14 00:06:32 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trnsprov.dll
[2010/11/14 00:06:32 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpcons.dll
[2010/11/14 00:06:32 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.tlb
[2010/11/14 00:06:32 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unsecapp.exe
[2010/11/14 00:06:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmt.exe
[2010/11/14 00:06:32 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.dll
[2010/11/14 00:06:31 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprov.dll
[2010/11/14 00:06:31 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fwdprov.dll
[2010/11/14 00:06:16 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010/11/14 00:06:15 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2010/11/14 00:06:15 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\accwiz.exe
[2010/11/14 00:06:15 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndrec32.exe
[2010/11/14 00:06:15 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2010/11/14 00:06:15 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\access.cpl
[2010/11/14 00:06:14 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dialer.exe
[2010/11/14 00:06:14 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2010/11/14 00:06:14 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clipbrd.exe
[2010/11/14 00:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2010/11/14 00:06:13 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spider.exe
[2010/11/14 00:06:13 | 000,139,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2010/11/14 00:06:13 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2010/11/14 00:06:13 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscfgwmi.dll
[2010/11/14 00:06:13 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdtcp.sys
[2010/11/14 00:06:13 | 000,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdpipe.sys
[2010/11/14 00:06:12 | 000,655,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2010/11/14 00:06:12 | 000,407,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstsc.exe
[2010/11/14 00:06:12 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2010/11/14 00:06:12 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdchost.dll
[2010/11/14 00:06:12 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sessmgr.exe
[2010/11/14 00:06:12 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2010/11/14 00:06:12 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdshost.exe
[2010/11/14 00:06:12 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\remotepg.dll
[2010/11/14 00:06:12 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2010/11/14 00:06:12 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdsaddin.exe
[2010/11/14 00:06:11 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\termsrv.dll
[2010/11/14 00:06:11 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2010/11/14 00:06:11 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwsx.dll
[2010/11/14 00:06:11 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2010/11/14 00:06:11 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpclip.exe
[2010/11/14 00:06:11 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2010/11/14 00:06:11 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscupgrd.exe
[2010/11/14 00:06:11 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgbkend.dll
[2010/11/14 00:06:11 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2010/11/14 00:06:11 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2010/11/14 00:06:11 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qprocess.exe
[2010/11/14 00:06:11 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2010/11/14 00:06:11 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpsnd.dll
[2010/11/14 00:06:11 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2010/11/14 00:06:11 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icaapi.dll
[2010/11/14 00:06:10 | 000,949,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2010/11/14 00:06:10 | 000,949,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtctm.dll
[2010/11/14 00:06:10 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2010/11/14 00:06:10 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcprx.dll
[2010/11/14 00:06:10 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2010/11/14 00:06:10 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcuiu.dll
[2010/11/14 00:06:10 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2010/11/14 00:06:10 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxoci.dll
[2010/11/14 00:06:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010/11/14 00:06:09 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2010/11/14 00:06:09 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtclog.dll
[2010/11/14 00:06:09 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2010/11/14 00:06:09 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xolehlp.dll
[2010/11/14 00:06:09 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.exe
[2010/11/14 00:06:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtc.exe
[2010/11/14 00:06:08 | 000,628,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrvut.dll
[2010/11/14 00:06:08 | 000,628,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2010/11/14 00:06:08 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrv.dll
[2010/11/14 00:06:08 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2010/11/14 00:06:08 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comadmin.dll
[2010/11/14 00:06:08 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clbcatex.dll
[2010/11/14 00:06:08 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2010/11/14 00:06:08 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrvps.dll
[2010/11/14 00:06:08 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2010/11/14 00:06:08 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2010/11/14 00:06:08 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2010/11/14 00:06:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010/11/14 00:06:07 | 001,251,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsvcs.dll
[2010/11/14 00:06:07 | 001,251,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2010/11/14 00:06:07 | 000,540,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comuid.dll
[2010/11/14 00:06:07 | 000,540,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2010/11/14 00:06:07 | 000,501,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clbcatq.dll
[2010/11/14 00:06:05 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiadap.exe
[2010/11/14 00:06:05 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipcima.dll
[2010/11/14 00:06:05 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmisvc.dll
[2010/11/14 00:06:05 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprov.dll
[2010/11/14 00:06:05 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmidcprv.dll
[2010/11/14 00:06:05 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipdskq.dll
[2010/11/14 00:06:05 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiapsrv.exe
[2010/11/14 00:06:05 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiutils.dll
[2010/11/14 00:06:05 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiaprpl.dll
[2010/11/14 00:06:05 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipjobj.dll
[2010/11/14 00:06:05 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipiprt.dll
[2010/11/14 00:06:05 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmicookr.dll
[2010/11/14 00:06:05 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipsess.dll
[2010/11/14 00:06:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiapres.dll
[2010/11/14 00:06:04 | 000,530,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcore.dll
[2010/11/14 00:06:04 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemess.dll
[2010/11/14 00:06:04 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcomn.dll
[2010/11/14 00:06:04 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemupgd.dll
[2010/11/14 00:06:04 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcntl.dll
[2010/11/14 00:06:04 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.dll
[2010/11/14 00:06:04 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viewprov.dll
[2010/11/14 00:06:04 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemtest.exe
[2010/11/14 00:06:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcons.dll
[2010/11/14 00:06:04 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemsvc.dll
[2010/11/14 00:06:04 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemprox.dll
[2010/11/14 00:06:03 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\provthrd.dll
[2010/11/14 00:06:03 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntevt.dll
[2010/11/14 00:06:03 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\repdrvfs.dll
[2010/11/14 00:06:03 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofd.dll
[2010/11/14 00:06:03 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stdprov.dll
[2010/11/14 00:06:03 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ncprov.dll
[2010/11/14 00:06:03 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrcons.exe
[2010/11/14 00:06:02 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\esscli.dll
[2010/11/14 00:06:02 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\framedyn.dll
[2010/11/14 00:06:02 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\krnlprov.dll
[2010/11/14 00:06:02 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofcomp.exe
[2010/11/14 00:06:01 | 001,352,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cimwin32.dll
[2010/11/14 00:06:01 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2010/11/14 00:06:01 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licwmi.dll
[2010/11/14 00:06:01 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2010/11/14 00:06:01 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\servdeps.dll
[2010/11/14 00:06:01 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2010/11/14 00:06:01 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mmfutil.dll
[2010/11/14 00:06:00 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmprops.dll
[2010/11/14 00:06:00 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2010/11/13 23:58:47 | 000,014,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\battc.sys
[2010/11/13 23:58:25 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTL8139.sys
[2010/11/13 23:58:17 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\intelide.sys
[2010/11/13 23:58:05 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2010/11/13 23:58:05 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbui.dll
[2010/11/13 23:57:02 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/11/13 23:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/11/13 23:57:00 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll
[2010/11/13 23:57:00 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll
[2010/11/13 23:56:59 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spttseng.dll
[2010/11/13 23:56:58 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.cpl
[2010/11/13 23:56:58 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2010/11/13 23:56:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010/11/13 23:56:57 | 000,741,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.dll
[2010/11/13 23:56:57 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/11/13 23:56:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010/11/13 23:56:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2010/11/13 23:56:54 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TINTLGNT.IME
[2010/11/13 23:56:54 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2010/11/13 23:56:54 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2010/11/13 23:56:54 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2010/11/13 23:56:54 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2010/11/13 23:56:54 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2010/11/13 23:56:54 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2010/11/13 23:56:54 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2010/11/13 23:56:54 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2010/11/13 23:56:54 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CINTLGNT.IME
[2010/11/13 23:56:54 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2010/11/13 23:56:54 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2010/11/13 23:56:53 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winar30.ime
[2010/11/13 23:56:53 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2010/11/13 23:56:53 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\phon.ime
[2010/11/13 23:56:53 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2010/11/13 23:56:53 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2010/11/13 23:56:53 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dayi.ime
[2010/11/13 23:56:53 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2010/11/13 23:56:53 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chajei.ime
[2010/11/13 23:56:53 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\quick.ime
[2010/11/13 23:56:53 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2010/11/13 23:56:53 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uniime.dll
[2010/11/13 23:56:53 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2010/11/13 23:56:53 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winime.ime
[2010/11/13 23:56:53 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2010/11/13 23:56:53 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicdime.ime
[2010/11/13 23:56:53 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2010/11/13 23:56:53 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\romanime.ime
[2010/11/13 23:56:53 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2010/11/13 23:56:53 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\miniime.tpl
[2010/11/13 23:56:52 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2010/11/13 23:56:52 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2010/11/13 23:56:45 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2010/11/13 23:56:45 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2010/11/13 23:56:44 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PINTLGNT.IME
[2010/11/13 23:56:44 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2010/11/13 23:56:44 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINZM.IME
[2010/11/13 23:56:44 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2010/11/13 23:56:44 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINSP.IME
[2010/11/13 23:56:44 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2010/11/13 23:56:44 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINPY.IME
[2010/11/13 23:56:44 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2010/11/13 23:56:44 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2010/11/13 23:56:44 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2010/11/13 23:56:44 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2010/11/13 23:56:44 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2010/11/13 23:56:43 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81k.dll
[2010/11/13 23:56:43 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2010/11/13 23:56:43 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2010/11/13 23:56:43 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81.ime
[2010/11/13 23:56:43 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2010/11/13 23:56:43 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2010/11/13 23:56:43 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2010/11/13 23:56:43 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2010/11/13 23:56:42 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2010/11/13 23:56:42 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2010/11/13 23:56:42 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2010/11/13 23:56:42 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2010/11/13 23:56:42 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2010/11/13 23:56:42 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2010/11/13 23:56:42 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2010/11/13 23:56:41 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2010/11/13 23:56:41 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2010/11/13 23:56:41 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_iscii.dll
[2010/11/13 23:56:30 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2010/11/13 23:56:30 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chsbrkr.dll
[2010/11/13 23:56:30 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2010/11/13 23:56:30 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chtbrkr.dll
[2010/11/13 23:56:29 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.lex
[2010/11/13 23:56:29 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2010/11/13 23:56:29 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.dll
[2010/11/13 23:56:29 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2010/11/13 23:56:29 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\korwbrkr.dll
[2010/11/13 23:56:29 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2010/11/13 23:56:28 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2010/11/13 23:56:22 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2010/11/13 23:56:15 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2010/11/13 23:56:06 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINGB.IME
[2010/11/13 23:56:06 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2010/11/13 23:56:05 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2010/11/13 23:56:05 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_g18030.dll
[2010/11/13 23:56:04 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2010/11/13 23:56:04 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101a.dll
[2010/11/13 23:56:04 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2010/11/13 23:56:00 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2010/11/13 23:56:00 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2010/11/13 23:55:59 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2010/11/13 23:55:59 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2010/11/13 23:55:59 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2010/11/13 23:55:50 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2010/11/13 23:55:50 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2010/11/13 23:55:50 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2010/11/13 23:55:50 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2010/11/13 23:55:50 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecAT.dll
[2010/11/13 23:55:50 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2010/11/13 23:55:50 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecNT.dll
[2010/11/13 23:55:50 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2010/11/13 23:55:50 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec95.dll
[2010/11/13 23:55:50 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2010/11/13 23:55:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41a.dll
[2010/11/13 23:55:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2010/11/13 23:55:50 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41j.dll
[2010/11/13 23:55:50 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2010/11/13 23:55:49 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2010/11/13 23:55:49 | 000,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2010/11/13 23:55:49 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2010/11/13 23:55:49 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2010/11/13 23:55:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdibm02.dll
[2010/11/13 23:55:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2010/11/13 23:55:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\f3ahvoas.dll
[2010/11/13 23:55:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2010/11/13 23:55:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdax2.dll
[2010/11/13 23:55:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2010/11/13 23:55:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106n.dll
[2010/11/13 23:55:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2010/11/13 23:55:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101.dll
[2010/11/13 23:55:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2010/11/13 23:55:21 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2010/11/13 23:55:21 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2010/11/13 23:55:15 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2010/11/13 23:55:15 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_is2022.dll
[2010/11/13 23:55:14 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2010/11/13 23:55:14 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2010/11/13 23:55:14 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2010/11/13 23:55:14 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2010/11/13 23:55:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2010/11/13 23:55:11 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2010/11/13 23:55:10 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt041f.dll
[2010/11/13 23:55:09 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0419.dll
[2010/11/13 23:55:09 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2010/11/13 23:55:09 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2010/11/13 23:55:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuq.dll
[2010/11/13 23:55:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuf.dll
[2010/11/13 23:55:09 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2010/11/13 23:55:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdazel.dll
[2010/11/13 23:55:07 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2010/11/13 23:55:07 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2010/11/13 23:55:07 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2010/11/13 23:55:07 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2010/11/13 23:55:07 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2010/11/13 23:55:07 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2010/11/13 23:55:07 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2010/11/13 23:55:07 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2010/11/13 23:55:07 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2010/11/13 23:55:07 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2010/11/13 23:55:07 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2010/11/13 23:55:07 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2010/11/13 23:55:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycc.dll
[2010/11/13 23:55:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbduzb.dll
[2010/11/13 23:55:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdur.dll
[2010/11/13 23:55:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtat.dll
[2010/11/13 23:55:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru1.dll
[2010/11/13 23:55:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru.dll
[2010/11/13 23:55:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmon.dll
[2010/11/13 23:55:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkyr.dll
[2010/11/13 23:55:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkaz.dll
[2010/11/13 23:55:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbu.dll
[2010/11/13 23:55:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdblr.dll
[2010/11/13 23:55:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdaze.dll
[2010/11/13 23:55:06 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0408.dll
[2010/11/13 23:55:05 | 000,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2010/11/13 23:55:05 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhept.dll
[2010/11/13 23:55:05 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2010/11/13 23:55:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela3.dll
[2010/11/13 23:55:05 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2010/11/13 23:55:05 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2010/11/13 23:55:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela2.dll
[2010/11/13 23:55:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgkl.dll
[2010/11/13 23:55:05 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2010/11/13 23:55:05 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2010/11/13 23:55:05 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2010/11/13 23:55:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe319.dll
[2010/11/13 23:55:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe220.dll
[2010/11/13 23:55:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe.dll
[2010/11/13 23:55:03 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040e.dll
[2010/11/13 23:55:03 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0415.dll
[2010/11/13 23:55:03 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0405.dll
[2010/11/13 23:55:03 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2010/11/13 23:55:03 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2010/11/13 23:55:03 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2010/11/13 23:55:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv1.dll
[2010/11/13 23:55:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv.dll
[2010/11/13 23:55:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdest.dll
[2010/11/13 23:55:03 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2010/11/13 23:55:03 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2010/11/13 23:55:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt1.dll
[2010/11/13 23:55:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt.dll
[2010/11/13 23:55:01 | 000,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2010/11/13 23:55:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz.dll
[2010/11/13 23:55:01 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2010/11/13 23:55:01 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2010/11/13 23:55:01 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2010/11/13 23:55:01 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2010/11/13 23:55:01 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2010/11/13 23:55:01 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2010/11/13 23:55:01 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2010/11/13 23:55:01 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2010/11/13 23:55:01 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2010/11/13 23:55:01 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycl.dll
[2010/11/13 23:55:01 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl1.dll
[2010/11/13 23:55:01 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl.dll
[2010/11/13 23:55:01 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl.dll
[2010/11/13 23:55:01 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu.dll
[2010/11/13 23:55:01 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz2.dll
[2010/11/13 23:55:01 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz1.dll
[2010/11/13 23:55:01 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcr.dll
[2010/11/13 23:55:01 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdal.dll
[2010/11/13 23:55:01 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2010/11/13 23:55:01 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2010/11/13 23:55:01 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2010/11/13 23:55:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdro.dll
[2010/11/13 23:55:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl1.dll
[2010/11/13 23:55:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu1.dll
[2010/11/13 23:54:59 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\dgrpsetu.dll
[2010/11/13 23:54:59 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll
[2010/11/13 23:54:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010/11/13 23:54:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2010/11/13 23:54:58 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll
[2010/11/13 23:54:58 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnclass.dll
[2010/11/13 23:54:58 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgsetup.dll
[2010/11/13 23:54:58 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll
[2010/11/13 23:54:58 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010/11/13 23:54:58 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2010/11/13 23:54:58 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2010/11/13 23:54:58 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2010/11/13 23:54:58 | 000,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2010/11/13 23:54:58 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2010/11/13 23:54:58 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2010/11/13 23:54:58 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2010/11/13 23:54:57 | 000,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2010/11/13 23:54:57 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2010/11/13 23:54:57 | 000,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2010/11/13 23:54:57 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2010/11/13 23:54:57 | 000,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2010/11/13 23:54:57 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2010/11/13 23:54:57 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2010/11/13 23:54:57 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2010/11/13 23:54:57 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2010/11/13 23:54:57 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2010/11/13 23:54:57 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2010/11/13 23:54:56 | 000,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2010/11/13 23:54:56 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2010/11/13 23:54:56 | 000,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2010/11/13 23:54:56 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2010/11/13 23:54:56 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskman.exe
[2010/11/13 23:54:56 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2010/11/13 23:54:55 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINSPOOL.DRV
[2010/11/13 23:54:55 | 000,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL
[2010/11/13 23:54:55 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irenum.sys
[2010/11/13 23:54:55 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\batt.dll
[2010/11/13 23:54:55 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2010/11/13 23:54:52 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2010/11/13 23:54:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/11/13 23:54:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/11/13 23:54:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2010/11/13 23:54:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2010/11/13 23:54:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2010/11/13 23:54:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/11/13 23:54:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010/11/13 23:54:20 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/11/13 23:54:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/11/13 23:53:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010/11/13 23:45:30 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010/11/13 23:45:30 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/11/13 23:45:30 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010/11/13 23:45:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010/11/13 23:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/14 15:58:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/11/14 15:46:50 | 001,330,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2010/11/14 15:46:08 | 001,215,581 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2010/11/14 15:19:02 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/11/14 15:18:54 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2010/11/14 14:50:42 | 000,000,764 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\_uninst_setup_9.0.0.722_14.11.2010_16-17.exe.lnk
[2010/11/14 14:49:36 | 000,305,556 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/14 14:49:36 | 000,037,958 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/14 14:44:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/14 12:30:12 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/14 12:20:12 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/14 09:00:56 | 002,457,600 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\avz_mini (1).exe
[2010/11/14 09:00:06 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HijackThis.exe
[2010/11/14 08:58:48 | 000,075,908 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\avz_mini.exe
[2010/11/14 08:24:00 | 002,457,600 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\avz_mini.exe
[2010/11/14 07:14:08 | 002,354,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sbsetup.exe
[2010/11/14 06:18:12 | 083,218,656 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Desktop\setup_9.0.0.722_14.11.2010_16-17.exe
[2010/11/14 05:43:30 | 044,500,584 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NormanSecuritySuite_800x86_ENG_R06.msi
[2010/11/14 05:42:38 | 000,000,586 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/11/14 04:45:18 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/11/14 04:45:18 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/14 04:45:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/14 04:45:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/14 04:45:18 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/11/14 00:44:16 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/11/14 00:44:16 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/11/14 00:43:52 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/11/14 00:39:22 | 000,001,667 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_NTBK_Pavilion dv4000 (EP369UA#ABA)_YN_0Pavi_Q2CE6070PCM_EU_46_I308C_SHP_V35.30_BF.16_T050727_WXH2_L409_M503_J80_7Intel_8Celeron M_91.4_#101114_N10EC8139_(EP369UA#ABA)_XMOBILE_CN10_Z_2_G80862592.MRK
[2010/11/14 00:29:52 | 000,000,212 | RHS- | M] () -- C:\boot.ini
[2010/11/14 00:23:30 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/11/14 00:22:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/14 00:22:46 | 000,083,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/14 00:15:28 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/11/14 00:14:38 | 000,000,287 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/11/14 00:11:22 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/11/14 00:11:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/11/14 00:11:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/11/14 00:11:22 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/11/14 00:11:22 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/11/14 00:11:02 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/14 00:08:08 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/14 15:45:53 | 001,215,581 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2010/11/14 15:19:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/11/14 15:18:51 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2010/11/14 14:50:40 | 000,000,764 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\_uninst_setup_9.0.0.722_14.11.2010_16-17.exe.lnk
[2010/11/14 12:14:45 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/11/14 08:59:18 | 002,457,600 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\avz_mini (1).exe
[2010/11/14 08:58:46 | 000,075,908 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\avz_mini.exe
[2010/11/14 08:23:08 | 002,457,600 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\avz_mini.exe
[2010/11/14 07:14:08 | 002,354,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sbsetup.exe
[2010/11/14 06:30:37 | 000,214,344 | ---- | C] () -- C:\WINDOWS\System32\nscrnsav.scr
[2010/11/14 05:43:28 | 044,500,584 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NormanSecuritySuite_800x86_ENG_R06.msi
[2010/11/14 05:42:37 | 000,000,586 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/11/14 00:39:18 | 000,001,667 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_NTBK_Pavilion dv4000 (EP369UA#ABA)_YN_0Pavi_Q2CE6070PCM_EU_46_I308C_SHP_V35.30_BF.16_T050727_WXH2_L409_M503_J80_7Intel_8Celeron M_91.4_#101114_N10EC8139_(EP369UA#ABA)_XMOBILE_CN10_Z_2_G80862592.MRK
[2010/11/14 00:39:10 | 000,026,629 | ---- | C] () -- C:\WINDOWS\System32\pusbfd2.vxd
[2010/11/14 00:37:26 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/11/14 00:37:26 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/11/14 00:37:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/11/14 00:37:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/11/14 00:37:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/11/14 00:37:26 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/11/14 00:35:11 | 000,068,112 | R--- | C] () -- C:\WINDOWS\System32\igfxhhun.lhp
[2010/11/14 00:35:11 | 000,066,013 | R--- | C] () -- C:\WINDOWS\System32\igfxhkor.lhp
[2010/11/14 00:35:11 | 000,064,513 | R--- | C] () -- C:\WINDOWS\System32\igfxhtrk.lhp
[2010/11/14 00:35:11 | 000,063,269 | R--- | C] () -- C:\WINDOWS\System32\igfxhsve.lhp
[2010/11/14 00:35:11 | 000,063,208 | R--- | C] () -- C:\WINDOWS\System32\igfxhplk.lhp
[2010/11/14 00:35:11 | 000,062,836 | R--- | C] () -- C:\WINDOWS\System32\igfxhtha.lhp
[2010/11/14 00:35:11 | 000,062,770 | R--- | C] () -- C:\WINDOWS\System32\igfxhfin.lhp
[2010/11/14 00:35:11 | 000,062,740 | R--- | C] () -- C:\WINDOWS\System32\igfxhfrc.lhp
[2010/11/14 00:35:11 | 000,062,578 | R--- | C] () -- C:\WINDOWS\System32\igfxhjpn.lhp
[2010/11/14 00:35:11 | 000,062,465 | R--- | C] () -- C:\WINDOWS\System32\igfxhptg.lhp
[2010/11/14 00:35:11 | 000,062,454 | R--- | C] () -- C:\WINDOWS\System32\igfxhfra.lhp
[2010/11/14 00:35:11 | 000,062,339 | R--- | C] () -- C:\WINDOWS\System32\igfxhdeu.lhp
[2010/11/14 00:35:11 | 000,061,839 | R--- | C] () -- C:\WINDOWS\System32\igfxhptb.lhp
[2010/11/14 00:35:11 | 000,061,831 | R--- | C] () -- C:\WINDOWS\System32\igfxhell.lhp
[2010/11/14 00:35:11 | 000,061,414 | R--- | C] () -- C:\WINDOWS\System32\igfxhrus.lhp
[2010/11/14 00:35:11 | 000,060,786 | R--- | C] () -- C:\WINDOWS\System32\igfxhesp.lhp
[2010/11/14 00:35:11 | 000,060,659 | R--- | C] () -- C:\WINDOWS\System32\igfxhcsy.lhp
[2010/11/14 00:35:11 | 000,060,244 | R--- | C] () -- C:\WINDOWS\System32\igfxhdan.lhp
[2010/11/14 00:35:11 | 000,060,141 | R--- | C] () -- C:\WINDOWS\System32\igfxhnld.lhp
[2010/11/14 00:35:11 | 000,060,085 | R--- | C] () -- C:\WINDOWS\System32\igfxhnor.lhp
[2010/11/14 00:35:11 | 000,059,687 | R--- | C] () -- C:\WINDOWS\System32\igfxhita.lhp
[2010/11/14 00:35:11 | 000,059,471 | R--- | C] () -- C:\WINDOWS\System32\igfxhheb.lhp
[2010/11/14 00:35:11 | 000,059,354 | R--- | C] () -- C:\WINDOWS\System32\igfxhcht.lhp
[2010/11/14 00:35:11 | 000,058,623 | R--- | C] () -- C:\WINDOWS\System32\igfxheng.lhp
[2010/11/14 00:35:11 | 000,058,430 | R--- | C] () -- C:\WINDOWS\System32\igfxhchs.lhp
[2010/11/14 00:35:10 | 000,059,200 | R--- | C] () -- C:\WINDOWS\System32\igfxharb.lhp
[2010/11/14 00:35:10 | 000,059,200 | R--- | C] () -- C:\WINDOWS\System32\igfxhara.lhp
[2010/11/14 00:35:10 | 000,057,801 | R--- | C] () -- C:\WINDOWS\System32\igfxhenu.lhp
[2010/11/14 00:23:28 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/11/14 00:23:17 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/14 00:15:26 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/11/14 00:14:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/11/14 00:12:35 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/11/14 00:11:20 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/11/14 00:11:20 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/11/14 00:11:20 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/11/14 00:11:20 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010/11/14 00:11:20 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010/11/14 00:11:10 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/11/14 00:11:10 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/11/14 00:11:09 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/11/14 00:09:43 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2010/11/14 00:09:11 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010/11/14 00:09:11 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010/11/14 00:09:04 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2010/11/14 00:08:50 | 000,004,639 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2010/11/14 00:08:37 | 000,376,320 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2010/11/14 00:08:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/11/14 00:06:39 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010/11/14 00:06:39 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010/11/14 00:06:37 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010/11/14 00:06:31 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2010/11/13 23:57:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/13 23:56:59 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2010/11/13 23:56:59 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2010/11/13 23:56:59 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2010/11/13 23:56:58 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2010/11/13 23:56:54 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/11/13 23:56:52 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/11/13 23:56:45 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/11/13 23:56:42 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/11/13 23:56:30 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2010/11/13 23:56:29 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2010/11/13 23:56:29 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/11/13 23:56:29 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2010/11/13 23:56:16 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2010/11/13 23:56:16 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2010/11/13 23:56:16 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2010/11/13 23:56:16 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2010/11/13 23:56:16 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2010/11/13 23:56:16 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2010/11/13 23:56:16 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2010/11/13 23:56:16 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2010/11/13 23:56:16 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2010/11/13 23:56:16 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2010/11/13 23:56:16 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2010/11/13 23:56:16 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2010/11/13 23:56:16 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2010/11/13 23:56:16 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2010/11/13 23:56:16 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2010/11/13 23:56:06 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2010/11/13 23:56:06 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2010/11/13 23:56:06 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2010/11/13 23:56:00 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/11/13 23:56:00 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/11/13 23:55:42 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/11/13 23:54:56 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/11/13 23:54:45 | 000,168,806 | ---- | C] () -- C:\WINDOWS\System32\dllcache\startoc.cat
[2010/11/13 23:54:45 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/11/13 23:54:45 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/11/13 23:54:45 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/11/13 23:54:45 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/11/13 23:54:45 | 000,007,029 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/11/13 23:54:44 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/11/13 23:54:44 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/11/13 23:54:44 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/11/13 23:54:44 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/11/13 23:54:44 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/11/13 23:54:44 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/11/13 23:54:44 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/11/13 23:54:44 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/11/13 23:54:44 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/11/13 23:54:44 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/11/13 23:54:43 | 000,382,952 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/11/13 23:53:50 | 000,083,928 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/13 23:53:07 | 000,000,212 | RHS- | C] () -- C:\boot.ini
[2010/11/13 23:53:00 | 000,000,287 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2004/08/04 12:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

< End of report >


OTL Extras logfile created on: 11/14/2010 4:27:00 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 100.00 Mb Available Physical Memory | 20.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.28 Gb Total Space | 25.91 Gb Free Space | 88.49% Space Free | Partition Type: FAT32

Computer Name: J-41BA0A67LOJH9 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{79214B92-A439-4841-B160-0896E977A383}" = Norman Security Suite
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"ie8" = Windows Internet Explorer 8
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/14/2010 4:29:07 AM | Computer Name = J-41BA0A67LOJH9 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 11/14/2010 4:29:07 AM | Computer Name = J-41BA0A67LOJH9 | Source = PerfNet | ID = 2002
Description = Unable to open the Redirector service. Redirector performance data
will
not be returned. Error code returned is in data DWORD 0.

Error - 11/14/2010 10:51:18 AM | Computer Name = J-41BA0A67LOJH9 | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/11/14 06:51:18] --------------------------------------------------------
Application:
Norman Internet Update Node address: 192.168.6.5 --------------------------------------------------------

Error
message: Unable to resolve product server name: normanasa.vo.llnwd.net

Error - 11/14/2010 10:51:29 AM | Computer Name = J-41BA0A67LOJH9 | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/11/14 06:51:29] --------------------------------------------------------
Application:
Norman Internet Update Node address: 192.168.6.5 --------------------------------------------------------

Error
message: Unable to resolve product server name: normanasa.vo.llnwd.net WinSock error
11004 WSANO_DATA The requested name is valid and was found in the database, but
it does not have the correct associated data being resolved for.

[ System Events ]
Error - 11/14/2010 10:37:33 AM | Computer Name = J-41BA0A67LOJH9 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 11/14/2010 11:04:03 AM | Computer Name = J-41BA0A67LOJH9 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 11/14/2010 12:39:11 PM | Computer Name = J-41BA0A67LOJH9 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 11/14/2010 1:29:55 PM | Computer Name = J-41BA0A67LOJH9 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 11/14/2010 3:59:45 PM | Computer Name = J-41BA0A67LOJH9 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 11/14/2010 3:59:46 PM | Computer Name = J-41BA0A67LOJH9 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eabfiltr

Error - 11/14/2010 4:19:02 PM | Computer Name = J-41BA0A67LOJH9 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 11/14/2010 4:19:04 PM | Computer Name = J-41BA0A67LOJH9 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eabfiltr

Error - 11/14/2010 6:44:59 PM | Computer Name = J-41BA0A67LOJH9 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 11/14/2010 6:45:02 PM | Computer Name = J-41BA0A67LOJH9 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eabfiltr


< End of report >

Merged posts again. ~ OB

Edited by Orange Blossom, 14 November 2010 - 08:09 PM.


BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:45 AM

Posted 22 November 2010 - 04:46 PM

Hello and welcome to Bleeping Computer! :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:45 PM

Posted 28 November 2010 - 09:18 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users