Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown rootkit


  • This topic is locked This topic is locked
17 replies to this topic

#1 Nathaniyelu

Nathaniyelu

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:INDIA
  • Local time:12:43 PM

Posted 30 November 2010 - 11:37 AM

Hi:) this is Nathaniel from INDIA.
My computer infected with unknown rootkit combofix has found this..iam sorry to say this ran combofix by myself. while running combofix i had followed ur instructions.second one is already my computer infected with Win32/Vitro.May be due to this combofix didnt generate complete log..iam sending that log file plz help me..this rootkit infected through Win XP bootable CD..now my computer booting very slowly..and also after this installation i didnt notice Winxp in Control Panel's ADD/REMOVE programmes..!!later i got a good Win XP cd with this also same problem..while installing windows..at the time of registering components A BLACK COMMAND PROMT like blinkig!!third one is while installing any programme..temp folder{Where setup file will be saved temporarily}..Appearing DOCUME~1 folder insteed of Documents and Settings..I have been using AVAST 5 free AV,asquared free4.5.0027,IObit security,Agitum firewall..Plz help me..Thanks in advance..


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:43 PM

Posted 07 December 2010 - 05:35 AM

Hello and welcome to Bleeping Computer :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log



Regards,
Georgi :hello:

cXfZ4wS.png


#3 Nathaniyelu

Nathaniyelu
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:INDIA
  • Local time:12:43 PM

Posted 10 December 2010 - 11:29 AM

Hi Georgi, thank u for ur kind reply .Recently once again i reformatted my computer and intstalled Win xp
after that i installed UnHackme and then once again repaired Winxp..at the time of registering components Unhackme has come and displayed 50 malicious files..i deleted all the files after that Command prompt like black screen didn’t come!!Windows repair was over..still I have doubts..
1.whenever installing programmes..”temp” location appearing as
C:\DOCUME~1\ADMINI~1.WIP\LOCALS~1\Temp
2.Win XP installation is not appearing in the control panel’s ADD/REMOVE programmes!!
and
3.Iam suspecting this rootkit as Trojan.Win32\Alureon.CT..
becoz few weeks back IOBit 360 detected two trojans
C:\Windows\System32\8.Tmp
C:\Windows\System32\9.Tmp
Iam sending DDS logs..iam not able to run GMER..BSOD has come..after renaming the GMER also same problem..Thanks in advance..

---------------------------------------------''''''-----------------------------------------------

DDS (Ver_10-12-05.01) - NTFSx86
Run by Administrator at 12:10:35.78 on Fri 12/10/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2010.1469 [GMT 5.5:30]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.orbitdownloader.com
uInternet Settings,ProxyOverride = <local>
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
uRun: [UnHackMe Monitor] c:\pro\unhackme\hackmon.exe
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [AntiLogger] "c:\program files\antilogger\AntiLogger.exe" /minimized
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\idmmbc.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1.wip\applic~1\mozilla\firefox\profiles\y7bpvn2j.default\
FF - component: c:\documents and settings\administrator.wipro-0ce5894d7\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\documents and settings\administrator.wipro-0ce5894d7\application data\idm\idmmzcc3

============= SERVICES / DRIVERS ===============

R1 AntiLog32;AntiLog32;c:\program files\antilogger\AntiLog32.sys [2010-9-1 120168]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-12-8 340048]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-8 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2010-12-8 1858144]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-8 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-8 40384]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-12-8 233472]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-8 363344]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-12-8 36608]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-8 20952]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2010-12-8 35816]
S2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-12-8 312152]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-8 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-8 40384]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-12-8 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-12-8 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-12-8 121856]

=============== Created Last 30 ================

2010-12-10 05:50:46 -------- d-----w- c:\docume~1\admini~1.wip\applic~1\Uniblue
2010-12-09 15:23:27 -------- d-----w- c:\docume~1\admini~1.wip\locals~1\applic~1\WinZip
2010-12-09 08:22:08 -------- dc-h--w- c:\docume~1\alluse~1.win\applic~1\{680651BD-F2C0-418E-81A1-6F3DEB958964}
2010-12-09 08:22:07 -------- d-----w- c:\program files\AntiLogger
2010-12-09 08:09:00 -------- d-----w- c:\program files\Sophos
2010-12-09 07:49:02 -------- d-----w- c:\docume~1\admini~1.wip\locals~1\applic~1\Help
2010-12-09 06:09:41 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-12-09 06:08:55 -------- d-----w- c:\windows\ShellNew
2010-12-09 06:01:01 -------- d-----w- c:\docume~1\admini~1.wip\locals~1\applic~1\Power2Go
2010-12-09 05:59:08 -------- d-----w- c:\docume~1\admini~1.wip\applic~1\IDM
2010-12-09 05:59:08 -------- d-----w- c:\docume~1\admini~1.wip\applic~1\DMCache
2010-12-09 05:59:02 -------- d-----w- c:\program files\Internet Download Manager
2010-12-09 05:44:56 -------- d-----w- c:\program files\common files\CyberLink
2010-12-09 05:44:24 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-12-09 05:35:13 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-12-08 16:30:15 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2010-12-08 16:29:49 57472 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-12-08 16:27:54 -------- d-----r- c:\documents and settings\all users.windows\Documents
2010-12-08 16:27:51 13753 ----a-r- c:\windows\SET8.tmp
2010-12-08 16:27:49 1086058 ----a-r- c:\windows\SET4.tmp
2010-12-08 16:27:47 1042903 ----a-r- c:\windows\SET3.tmp
2010-12-08 15:49:38 340048 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-12-08 15:49:37 38848 ----a-w- c:\windows\avastSS.scr
2010-12-08 13:54:38 -------- d-----w- c:\docume~1\admini~1.wip\locals~1\applic~1\Adobe
2010-12-08 13:37:04 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com
2010-12-08 13:36:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-08 13:36:58 -------- d-----w- c:\docume~1\admini~1.wip\applic~1\SUPERAntiSpyware.com
2010-12-08 13:32:12 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2010-12-08 13:22:33 -------- d-----w- c:\docume~1\admini~1.wip\applic~1\IObit
2010-12-08 13:22:32 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\IObit
2010-12-08 13:22:25 -------- d-----w- c:\program files\IObit
2010-12-08 13:13:08 -------- d-----w- c:\windows\Internet Logs
2010-12-08 13:11:02 -------- d-----w- C:\downloads
2010-12-08 13:11:02 -------- d-----w- c:\docume~1\admini~1.wip\applic~1\GrabPro
2010-12-08 13:11:01 -------- d-----w- c:\program files\Orbitdownloader
2010-12-08 13:09:48 -------- d-----w- c:\docume~1\admini~1.wip\locals~1\applic~1\Google
2010-12-08 13:04:08 -------- d-----w- c:\docume~1\admini~1.wip\locals~1\applic~1\Downloaded Installations
2010-12-08 12:56:23 27648 ----a-r- c:\windows\system32\RtNicProp32.dll
2010-12-08 12:56:23 119552 ----a-r- c:\windows\system32\drivers\Rtenicxp.sys
2010-12-08 12:52:36 6400 -c--a-w- c:\windows\system32\dllcache\splitter.sys
2010-12-08 12:51:56 77824 ----a-w- c:\windows\SOUNDMAN.EXE
2010-12-08 12:48:53 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-12-08 12:44:38 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Alwil Software
2010-12-08 12:25:26 -------- d-----w- c:\docume~1\admini~1.wip\applic~1\Malwarebytes
2010-12-08 12:25:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-08 12:25:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-08 12:25:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-08 12:25:07 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2010-12-08 11:39:59 85504 -c--a-w- c:\windows\system32\dllcache\metada51.dll
2010-12-08 11:26:30 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-12-08 11:26:30 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-12-08 11:26:30 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-12-08 11:26:30 13312 ----a-w- c:\windows\system32\irclass.dll
2010-12-08 11:26:18 13753 ----a-r- c:\windows\SET2B.tmp
2010-12-08 11:26:16 1086058 ----a-r- c:\windows\SET1F.tmp
2010-12-08 11:26:15 1042903 ----a-r- c:\windows\SET1C.tmp
2010-12-08 11:15:33 2 --shatr- c:\windows\winstart.bat
2010-12-08 11:15:30 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-12-08 11:15:30 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-12-08 11:15:23 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-12-08 11:04:58 -------- d--h--w- c:\windows\msdownld.tmp
2010-12-08 11:04:08 -------- d-sh--w- c:\documents and settings\all users.windows\DRM
2010-12-08 11:03:12 28160 -c--a-w- c:\windows\system32\dllcache\msoobe.exe
2010-12-08 11:03:10 99840 -c--a-w- c:\windows\system32\dllcache\helphost.exe
2010-12-08 11:03:10 6656 -c--a-w- c:\windows\system32\dllcache\hcappres.dll
2010-12-08 11:03:10 35328 -c--a-w- c:\windows\system32\dllcache\notiflag.exe
2010-12-08 11:03:10 21504 -c--a-w- c:\windows\system32\dllcache\brpinfo.dll
2010-12-08 11:03:10 11264 -c--a-w- c:\windows\system32\dllcache\atrace.dll
2010-12-08 11:03:10 11264 ----a-w- c:\windows\system32\atrace.dll
2010-12-08 11:03:00 47104 -c--a-w- c:\windows\system32\dllcache\srdiag.exe
2010-12-08 11:01:55 28672 ----a-w- c:\program files\messenger\custsat.dll
2010-12-07 12:44:01 -------- d-----w- c:\windows\system32\appmgmt
2010-12-07 08:29:13 819200 ----a-w- c:\program files\windows media player\wmsetsdk.exe
2010-12-07 08:29:13 47616 ----a-w- c:\program files\windows media player\msoobci.dll
2010-12-07 08:28:58 -------- d-----w- c:\windows\RegisteredPackages
2010-12-07 05:04:52 -------- d-----w- c:\windows\pss

==================== Find3M ====================

2010-12-09 05:44:19 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-12-09 05:44:19 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-09-29 19:31:28 210272 ----a-w- c:\windows\system32\idmmbc.dll

============= FINISH: 12:10:48.90 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-05.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/8/2010 5:10:33 PM
System Uptime: 12/10/2010 11:27:40 AM (1 hours ago)

Motherboard: Intel Corporation | | DG41RQ
Processor: Intel Pentium III Xeon processor | LGA775 | 2999/333mhz
Processor: Intel Pentium III Xeon processor | LGA775 | 2999/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 44 GiB total, 37.535 GiB free.
D: is FIXED (NTFS) - 54 GiB total, 52.728 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 12/8/2010 5:12:15 PM - System Checkpoint
RP2: 12/8/2010 6:10:29 PM - Installed Adobe Reader 9.3.
RP3: 12/8/2010 6:12:50 PM - Installed WinZip 14.0
RP4: 12/8/2010 6:14:38 PM - avast! Free Antivirus Setup
RP5: 12/8/2010 6:18:39 PM - Intel Express Installer
RP6: 12/8/2010 6:18:46 PM - Intel ® Express Installer CD Installation - Before
RP7: 12/8/2010 6:21:19 PM - RegRun Virus Scan
RP8: 12/8/2010 6:21:31 PM - Intel Express Installer
RP9: 12/8/2010 6:21:43 PM - Installed Realtek High Definition Audio Driver
RP10: 12/8/2010 6:22:02 PM - Installed Windows XP KB888111WXPSP2.
RP11: 12/8/2010 6:26:13 PM - Installed REALTEK GbE & FE Ethernet PCI-E NIC Driver
RP12: 12/8/2010 6:29:03 PM - Intel Express Installer
RP13: 12/8/2010 6:29:04 PM - Intel ® Express Installer CD Installation - After
RP14: 12/8/2010 6:35:39 PM - Installed Samsung New PC Studio
RP15: 12/8/2010 6:44:16 PM - Installed Windows XP KB943232.
RP16: 12/8/2010 7:06:58 PM - Installed SUPERAntiSpyware Free Edition
RP17: 12/9/2010 11:11:23 AM - Installed Suite
RP18: 12/9/2010 11:38:48 AM - Installed Microsoft Office XP Professional
RP19: 12/9/2010 1:26:11 PM - RegRun Virus Scan
RP20: 12/9/2010 1:46:29 PM - RegRun Virus Scan
RP21: 12/10/2010 11:26:15 AM - Uniblue RegistryBooster

==== Installed Programs ======================

a-squared Free 4.5
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Adobe Shockwave Player 11.5
AntiLogger
avast! Pro Antivirus
CCleaner
Google Chrome
High Definition Audio Driver Package - KB888111
Hotfix for Windows XP (KB943232)
Intel® Graphics Media Accelerator Driver
Internet Download Manager
IObit Security 360
LG CyberLink Power2Go
LG CyberLink PowerDVD
LG Power Tools
Malwarebytes' Anti-Malware
Microsoft Office XP Professional
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.12)
MSXML 4.0 SP2 Parser and SDK
Orbit Downloader
PC Connectivity Solution
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver
Sophos Anti-Rootkit 1.5.4
SUPERAntiSpyware Free Edition
UnHackMe 5.99 release
Uniblue RegistryBooster 2
WebFldrs XP
Winamp
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
WinZip 14.0

==== Event Viewer Messages From Past Week ========

12/9/2010 11:20:03 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSnx aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
12/9/2010 11:14:29 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\msxml3r.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 8.20.8730.1, the version of the system file is 8.20.8730.1.
12/9/2010 11:14:29 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\msxml3.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 8.50.2162.0, the version of the system file is 8.50.2162.0.
12/8/2010 7:03:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/8/2010 7:02:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
12/8/2010 6:59:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service ImapiService with arguments "-Service" in order to run the server: {520CCA63-51A5-11D3-9144-00104BA11C5E}
12/8/2010 6:56:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/8/2010 6:48:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
12/8/2010 6:48:07 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/8/2010 6:48:07 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/8/2010 6:48:07 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/8/2010 6:48:07 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/8/2010 5:26:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
12/8/2010 5:01:54 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
12/8/2010 11:08:25 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
12/10/2010 11:17:34 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSnx aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip WS2IFSL

==== End Of File ===========================
Attached File  Attach.txt   7.13KB   0 downloads

Attached Files

  • Attached File  DDS.txt   13.28KB   0 downloads


#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:43 PM

Posted 11 December 2010 - 09:55 AM

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Watch this topic. Click on this then choose Immediate E-Mail notification and then Proceed then you will be advised by email when I respond to your topic.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

==========

Scan With RKUnHooker

  • Please download http://www.kernelmode.info/ARKs/RKUnhookerLE.EXE
  • Save it to your desktop.
  • Double-click it to run.
  • Click the Reporttab and then click Scan.
  • Check Drivers & Stealth and Uncheck the rest then Click OK.
  • Wait till the scanner has finished and then click File --> Save Report.
  • Save the report to your desktop and click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore it

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


==========

Please download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (With Vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • A log named MBRcheck will be on your desktop
  • Copy and paste that log in your next reply

==========

With your next post please provide:

  • OTL.txt
  • Extra.txt
  • RKU log
  • MbrCheck log
  • You will likely need to post the logs over several posts.

Kind regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 Nathaniyelu

Nathaniyelu
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:INDIA
  • Local time:12:43 PM

Posted 12 December 2010 - 07:16 AM

Hi the bytes, Thank u for ur help..iam sending logs what u asked.. just by mistake i ran RK Unhooker twice is there any problem??
i would like to re anable Defogger(CD drivers).or other wise may i wait until completion of this Malware removal process?/.Thanks in advance..
Attached File  MBRCheck_12.12.10_16.50.57.txt   8.53KB   1 downloads

Attached Files



#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:43 PM

Posted 12 December 2010 - 02:36 PM

I will post the logs for you. Please do not attach the logs in the future. I will post instructions after I review these logs.

OTL logfile created on: 12/12/2010 1:15:04 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 43.95 Gb Total Space | 37.42 Gb Free Space | 85.14% Space Free | Partition Type: NTFS
Drive D: | 53.71 Gb Total Space | 52.68 Gb Free Space | 98.07% Space Free | Partition Type: NTFS

Computer Name: WIPRO-0CE5894D7 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/11 21:26:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Desktop\OTL.exe
PRC - [2010/11/29 17:42:16 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/09/07 20:42:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 20:41:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/05/25 20:58:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2009/10/01 16:03:14 | 001,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2009/06/03 20:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 23:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Cyberlink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/03/31 09:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2004/08/04 04:26:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/12/11 21:26:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Desktop\OTL.exe
MOD - [2010/11/03 20:09:40 | 000,034,208 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\idmmkb.dll
MOD - [2004/08/04 04:27:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/11/29 17:42:16 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/09/07 20:41:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 20:41:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 20:41:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/10/01 16:03:14 | 001,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/03/31 09:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\B.tmp -- (MEMSWEEP2)
DRV - [2010/12/08 16:45:30 | 000,035,816 | ---- | M] (Greatis Software) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\Partizan.sys -- (Partizan)
DRV - [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/09/07 20:23:58 | 000,340,048 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010/09/07 20:22:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 20:22:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 20:17:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 20:17:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 20:17:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 20:16:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/09/01 15:50:36 | 000,120,168 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Program Files\AntiLogger\AntiLog32.sys -- (AntiLog32)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/03/31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009/01/21 09:12:56 | 006,278,560 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/12/23 15:42:56 | 004,967,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/12/17 21:39:12 | 000,119,552 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:7.1.8

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/09 11:35:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/09 11:35:12 | 000,000,000 | ---D | M]

[2010/12/09 11:35:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Application Data\Mozilla\Extensions
[2010/12/09 11:35:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Application Data\Mozilla\Firefox\Profiles\y7bpvn2j.default\extensions
[2010/12/09 11:35:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/10/08 15:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AntiLogger] C:\Program Files\AntiLogger\AntiLogger.exe (Zemana Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [UnHackMe Monitor] C:\Pro\UnHackMe\hackmon.exe (Greatis Software)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/06 07:21:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/12/06 08:06:33 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (prestrt) - File not found
O34 - HKLM BootExecute: (Partizan) - C:\WINDOWS\System32\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (te settings...) - File not found
O34 - HKLM BootExecute: (on\Explorer\MountPoi) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/12 13:13:19 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Desktop\OTL.exe
[2010/12/11 11:16:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Recent
[2010/12/10 12:15:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/12/10 11:20:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Application Data\Uniblue
[2010/12/09 20:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Local Settings\Application Data\WinZip
[2010/12/09 17:52:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\My Documents\CyberLink
[2010/12/09 17:52:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Application Data\CyberLink
[2010/12/09 13:52:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{680651BD-F2C0-418E-81A1-6F3DEB958964}
[2010/12/09 13:52:07 | 000,000,000 | ---D | C] -- C:\Program Files\AntiLogger
[2010/12/09 13:39:00 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/12/09 13:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Local Settings\Application Data\Help
[2010/12/09 13:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Application Data\Help
[2010/12/09 11:39:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2010/12/09 11:39:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2010/12/09 11:38:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2010/12/09 11:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/12/09 11:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Local Settings\Application Data\Mozilla
[2010/12/09 11:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Application Data\Mozilla
[2010/12/09 11:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/12/09 11:31:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Local Settings\Application Data\Power2Go
[2010/12/09 11:29:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Application Data\IDM
[2010/12/09 11:29:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Application Data\DMCache
[2010/12/09 11:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2010/12/09 11:14:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CyberLink
[2010/12/09 11:14:24 | 000,029,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2010/12/09 11:11:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
[2010/12/09 11:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Temp
[2010/12/09 11:05:13 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2010/12/09 00:04:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\My Documents\My Videos
[2010/12/09 00:04:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\My Documents\My Art
[2010/12/08 21:58:16 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt041f.dll
[2010/12/08 21:58:14 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0419.dll
[2010/12/08 21:58:12 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0408.dll
[2010/12/08 21:58:08 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0415.dll
[2010/12/08 21:58:07 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040e.dll
[2010/12/08 21:58:07 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0405.dll
[2010/12/08 21:58:04 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\dgrpsetu.dll
[2010/12/08 21:58:04 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll
[2010/12/08 21:58:03 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll
[2010/12/08 21:58:03 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnclass.dll
[2010/12/08 21:58:03 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2010/12/08 21:58:03 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2010/12/08 21:58:03 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2010/12/08 21:58:03 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2010/12/08 21:58:03 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2010/12/08 21:58:02 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2010/12/08 21:58:02 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2010/12/08 21:58:01 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2010/12/08 21:58:01 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irenum.sys
[2010/12/08 21:58:00 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINSPOOL.DRV
[2010/12/08 21:58:00 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2010/12/08 21:57:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu
[2010/12/08 21:57:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents
[2010/12/08 21:57:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Templates
[2010/12/08 21:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Favorites
[2010/12/08 21:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Desktop
[2010/12/08 21:57:37 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
[2010/12/08 21:57:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data
[2010/12/08 21:19:38 | 000,340,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010/12/08 21:19:37 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/12/08 19:24:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Local Settings\Application Data\Adobe
[2010/12/08 19:07:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
[2010/12/08 19:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Application Data\SUPERAntiSpyware.com
[2010/12/08 19:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/12/08 19:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/12/08 19:01:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\My Documents\a-squared Free
[2010/12/08 18:56:23 | 001,858,032 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2010/12/08 18:56:23 | 000,670,192 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2010/12/08 18:56:23 | 000,551,408 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2010/12/08 18:56:23 | 000,436,720 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2010/12/08 18:56:23 | 000,219,632 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2010/12/08 18:56:23 | 000,129,520 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2010/12/08 18:56:23 | 000,096,752 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2010/12/08 18:56:23 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2010/12/08 18:56:23 | 000,066,544 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2010/12/08 18:56:23 | 000,066,032 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2010/12/08 18:56:23 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2010/12/08 18:56:23 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2010/12/08 18:56:22 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2010/12/08 18:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Application Data\Winamp
[2010/12/08 18:52:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Application Data\IObit
[2010/12/08 18:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit
[2010/12/08 18:52:25 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/12/08 18:44:16 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/12/08 18:43:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/12/08 18:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Application Data\GrabPro
[2010/12/08 18:41:02 | 000,000,000 | ---D | C] -- C:\downloads
[2010/12/08 18:41:01 | 000,000,000 | ---D | C] -- C:\Program Files\Orbitdownloader
[2010/12/08 18:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Application Data\Orbit
[2010/12/08 18:40:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\My Documents\Downloads
[2010/12/08 18:39:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Local Settings\Application Data\Google
[2010/12/08 18:37:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
[2010/12/08 18:37:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Application Data\PC Suite
[2010/12/08 18:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Application Data\Macromedia
[2010/12/08 18:37:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Application Data\Adobe
[2010/12/08 18:36:47 | 000,090,624 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2010/12/08 18:36:44 | 000,021,632 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/12/08 18:36:33 | 000,121,856 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bmdm.sys
[2010/12/08 18:36:33 | 000,090,112 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_bbus.sys
[2010/12/08 18:36:33 | 000,014,976 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bmdfl.sys
[2010/12/08 18:36:33 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bwhnt.sys
[2010/12/08 18:36:33 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bwh.sys
[2010/12/08 18:36:33 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bcmnt.sys
[2010/12/08 18:36:33 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bcm.sys
[2010/12/08 18:36:24 | 000,233,472 | ---- | C] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe
[2010/12/08 18:36:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\My Documents\My NPS Files
[2010/12/08 18:36:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Application Data\Samsung
[2010/12/08 18:34:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Local Settings\Application Data\Downloaded Installations
[2010/12/08 18:26:23 | 000,119,552 | R--- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\Rtenicxp.sys
[2010/12/08 18:26:23 | 000,027,648 | R--- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/12/08 18:25:53 | 005,702,656 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxress.dll
[2010/12/08 18:25:53 | 004,112,384 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\ig4icd32.dll
[2010/12/08 18:25:53 | 002,600,960 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\ig4dev32.dll
[2010/12/08 18:25:53 | 000,645,632 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcfg.exe
[2010/12/08 18:25:53 | 000,310,784 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrell.lrc
[2010/12/08 18:25:53 | 000,304,640 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrita.lrc
[2010/12/08 18:25:53 | 000,303,616 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdeu.lrc
[2010/12/08 18:25:53 | 000,303,104 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfra.lrc
[2010/12/08 18:25:53 | 000,303,104 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxresp.lrc
[2010/12/08 18:25:53 | 000,299,008 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnld.lrc
[2010/12/08 18:25:53 | 000,294,912 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptg.lrc
[2010/12/08 18:25:53 | 000,291,328 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrrus.lrc
[2010/12/08 18:25:53 | 000,289,280 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptb.lrc
[2010/12/08 18:25:53 | 000,288,256 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrhun.lrc
[2010/12/08 18:25:53 | 000,287,744 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrplk.lrc
[2010/12/08 18:25:53 | 000,282,624 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsve.lrc
[2010/12/08 18:25:53 | 000,282,624 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsky.lrc
[2010/12/08 18:25:53 | 000,282,624 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcsy.lrc
[2010/12/08 18:25:53 | 000,281,088 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfin.lrc
[2010/12/08 18:25:53 | 000,280,576 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdan.lrc
[2010/12/08 18:25:53 | 000,279,552 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnor.lrc
[2010/12/08 18:25:53 | 000,279,040 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtrk.lrc
[2010/12/08 18:25:53 | 000,277,504 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrslv.lrc
[2010/12/08 18:25:53 | 000,275,968 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrenu.lrc
[2010/12/08 18:25:53 | 000,262,656 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtha.lrc
[2010/12/08 18:25:53 | 000,252,416 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrara.lrc
[2010/12/08 18:25:53 | 000,249,856 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrheb.lrc
[2010/12/08 18:25:53 | 000,206,848 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrjpn.lrc
[2010/12/08 18:25:53 | 000,205,824 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdev.dll
[2010/12/08 18:25:53 | 000,205,312 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrkor.lrc
[2010/12/08 18:25:53 | 000,199,168 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxpph.dll
[2010/12/08 18:25:53 | 000,179,712 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcht.lrc
[2010/12/08 18:25:53 | 000,178,176 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrchs.lrc
[2010/12/08 18:25:53 | 000,165,888 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxext.exe
[2010/12/08 18:25:53 | 000,155,648 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxCoIn_v5029.dll
[2010/12/08 18:25:53 | 000,130,048 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdo.dll
[2010/12/08 18:25:53 | 000,119,296 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl
[2010/12/08 18:25:53 | 000,023,552 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxexps.dll
[2010/12/08 18:25:52 | 006,278,560 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\igxpmp32.sys
[2010/12/08 18:25:52 | 003,773,440 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpdx32.dll
[2010/12/08 18:25:52 | 002,686,368 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpdv32.dll
[2010/12/08 18:25:52 | 000,183,808 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpgd32.dll
[2010/12/08 18:25:52 | 000,093,696 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\hccutils.dll
[2010/12/08 18:25:52 | 000,057,344 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxprd32.dll
[2010/12/08 18:25:52 | 000,051,712 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.dll
[2010/12/08 18:25:38 | 000,993,816 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpun.exe
[2010/12/08 18:25:38 | 000,319,456 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2010/12/08 18:22:36 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys
[2010/12/08 18:22:35 | 000,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys
[2010/12/08 18:22:33 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mskssrv.sys
[2010/12/08 18:22:32 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspqm.sys
[2010/12/08 18:22:31 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspclock.sys
[2010/12/08 18:22:24 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2010/12/08 18:22:24 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2010/12/08 18:22:24 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2010/12/08 18:22:24 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll
[2010/12/08 18:22:01 | 000,022,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2010/12/08 18:21:56 | 001,826,816 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.exe
[2010/12/08 18:21:56 | 000,290,816 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2010/12/08 18:21:56 | 000,077,824 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2010/12/08 18:21:55 | 001,200,128 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe
[2010/12/08 18:21:55 | 000,266,240 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.CPL
[2010/12/08 18:21:55 | 000,104,992 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2010/12/08 18:21:55 | 000,034,816 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoInstXP.dll
[2010/12/08 18:21:53 | 009,715,200 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.EXE
[2010/12/08 18:21:53 | 004,967,424 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys
[2010/12/08 18:21:48 | 002,168,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe
[2010/12/08 18:21:48 | 001,389,056 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\Monfilt.sys
[2010/12/08 18:21:46 | 002,808,832 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2010/12/08 18:21:46 | 000,057,344 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
[2010/12/08 18:21:45 | 001,684,736 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2010/12/08 18:21:45 | 000,278,528 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSNDMGR.CPL
[2010/12/08 18:21:39 | 000,528,384 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2010/12/08 18:18:53 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2010/12/08 18:14:50 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/12/08 18:14:50 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/12/08 18:14:49 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/12/08 18:14:49 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/12/08 18:14:48 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/12/08 18:14:48 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/12/08 18:14:47 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/12/08 18:14:41 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/12/08 18:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/12/08 18:14:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2010/12/08 18:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
[2010/12/08 18:10:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
[2010/12/08 17:55:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Application Data\Malwarebytes
[2010/12/08 17:55:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/08 17:55:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/08 17:55:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/08 17:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/12/08 17:11:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/12/08 17:10:27 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2010/12/08 17:10:27 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2010/12/08 17:10:27 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2010/12/08 17:10:26 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2010/12/08 17:10:26 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2010/12/08 17:10:26 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2010/12/08 17:10:26 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2010/12/08 17:10:26 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2010/12/08 17:10:25 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2010/12/08 17:10:25 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2010/12/08 17:10:25 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2010/12/08 17:10:25 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2010/12/08 17:10:25 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2010/12/08 17:10:25 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2010/12/08 17:10:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2010/12/08 17:10:25 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2010/12/08 17:10:24 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2010/12/08 17:10:24 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2010/12/08 17:10:23 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2010/12/08 17:10:23 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2010/12/08 17:10:23 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2010/12/08 17:10:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2010/12/08 17:10:22 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2010/12/08 17:10:22 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2010/12/08 17:10:22 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2010/12/08 17:10:22 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2010/12/08 17:10:22 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2010/12/08 17:10:21 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2010/12/08 17:10:21 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2010/12/08 17:10:21 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2010/12/08 17:10:21 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2010/12/08 17:10:20 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2010/12/08 17:10:20 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2010/12/08 17:10:20 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2010/12/08 17:10:20 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2010/12/08 17:10:19 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2010/12/08 17:10:19 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2010/12/08 17:10:18 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2010/12/08 17:10:18 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2010/12/08 17:10:18 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2010/12/08 17:10:18 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2010/12/08 17:10:18 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2010/12/08 17:10:18 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2010/12/08 17:10:18 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2010/12/08 17:10:18 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2010/12/08 17:10:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2010/12/08 17:10:17 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2010/12/08 17:10:17 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2010/12/08 17:10:17 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2010/12/08 17:10:17 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2010/12/08 17:10:17 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpapi.dll
[2010/12/08 17:10:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2010/12/08 17:10:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2010/12/08 17:10:16 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2010/12/08 17:10:16 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2010/12/08 17:10:16 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2010/12/08 17:10:16 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2010/12/08 17:10:16 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2010/12/08 17:10:16 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2010/12/08 17:10:16 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2010/12/08 17:10:16 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2010/12/08 17:10:16 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2010/12/08 17:10:16 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2010/12/08 17:10:16 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2010/12/08 17:10:16 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2010/12/08 17:10:16 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2010/12/08 17:10:15 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2010/12/08 17:10:14 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seo.dll
[2010/12/08 17:10:14 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2010/12/08 17:10:13 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/12/08 17:10:13 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/12/08 17:10:13 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2010/12/08 17:10:13 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/12/08 17:10:13 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2010/12/08 17:10:13 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwnh.dll
[2010/12/08 17:10:13 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2010/12/08 17:10:12 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2010/12/08 17:10:12 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2010/12/08 17:10:12 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2010/12/08 17:10:12 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2010/12/08 17:10:11 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2010/12/08 17:10:11 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2010/12/08 17:10:11 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2010/12/08 17:10:11 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2010/12/08 17:10:10 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2010/12/08 17:10:10 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2010/12/08 17:10:10 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2010/12/08 17:10:10 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2010/12/08 17:10:10 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2010/12/08 17:10:09 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2010/12/08 17:10:09 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2010/12/08 17:10:09 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2010/12/08 17:10:09 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2010/12/08 17:10:08 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2010/12/08 17:10:08 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2010/12/08 17:10:08 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2010/12/08 17:10:08 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2010/12/08 17:10:08 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2010/12/08 17:10:07 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2010/12/08 17:10:06 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2010/12/08 17:10:06 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2010/12/08 17:10:05 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2010/12/08 17:10:05 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2010/12/08 17:10:03 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2010/12/08 17:10:03 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2010/12/08 17:10:00 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2010/12/08 17:10:00 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2010/12/08 17:10:00 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2010/12/08 17:09:59 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2010/12/08 17:09:59 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2010/12/08 17:09:59 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2010/12/08 17:09:58 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2010/12/08 17:09:58 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2010/12/08 17:09:58 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2010/12/08 17:09:58 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2010/12/08 17:09:58 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2010/12/08 17:09:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2010/12/08 17:09:57 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2010/12/08 17:09:56 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2010/12/08 17:09:56 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2010/12/08 17:09:56 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2010/12/08 17:09:56 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2010/12/08 17:09:56 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2010/12/08 17:09:56 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2010/12/08 17:09:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2010/12/08 17:09:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2010/12/08 17:09:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2010/12/08 17:09:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2010/12/08 17:09:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2010/12/08 17:09:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2010/12/08 17:09:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2010/12/08 17:09:55 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2010/12/08 17:09:55 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2010/12/08 17:09:55 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2010/12/08 17:09:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2010/12/08 17:09:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2010/12/08 17:09:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2010/12/08 17:09:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2010/12/08 17:09:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2010/12/08 17:09:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2010/12/08 17:09:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2010/12/08 17:09:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2010/12/08 17:09:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2010/12/08 17:09:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2010/12/08 17:09:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2010/12/08 17:09:55 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2010/12/08 17:09:54 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2010/12/08 17:09:54 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2010/12/08 17:09:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2010/12/08 17:09:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2010/12/08 17:09:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2010/12/08 17:09:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2010/12/08 17:09:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2010/12/08 17:09:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2010/12/08 17:09:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2010/12/08 17:09:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2010/12/08 17:09:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2010/12/08 17:09:53 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2010/12/08 17:09:53 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2010/12/08 17:09:53 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2010/12/08 17:09:52 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2010/12/08 17:09:52 | 000,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2010/12/08 17:09:52 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2010/12/08 17:09:52 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2010/12/08 17:09:52 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2010/12/08 17:09:51 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2010/12/08 17:09:51 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2010/12/08 17:09:51 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2010/12/08 17:09:51 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2010/12/08 17:09:51 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2010/12/08 17:09:51 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2010/12/08 17:09:51 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2010/12/08 17:09:51 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2010/12/08 17:09:50 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2010/12/08 17:09:50 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2010/12/08 17:09:50 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2010/12/08 17:09:50 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2010/12/08 17:09:50 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2010/12/08 17:09:50 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2010/12/08 17:09:50 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2010/12/08 17:09:49 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2010/12/08 17:09:49 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2010/12/08 17:09:49 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2010/12/08 17:09:49 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2010/12/08 17:09:49 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2010/12/08 17:09:49 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2010/12/08 17:09:49 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2010/12/08 17:09:49 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2010/12/08 17:09:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2010/12/08 17:09:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2010/12/08 17:09:49 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2010/12/08 17:09:48 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2010/12/08 17:09:48 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2010/12/08 17:09:48 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2010/12/08 17:09:45 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2010/12/08 17:09:37 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2010/12/08 17:09:37 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2010/12/08 17:09:37 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2010/12/08 17:09:37 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2010/12/08 17:09:36 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2010/12/08 17:09:36 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2010/12/08 17:09:36 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2010/12/08 17:09:35 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2010/12/08 17:09:35 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2010/12/08 17:09:35 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2010/12/08 17:09:35 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2010/12/08 17:09:35 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2010/12/08 17:09:35 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2010/12/08 17:09:35 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2010/12/08 17:09:35 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2010/12/08 17:09:34 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2010/12/08 17:09:34 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2010/12/08 17:09:34 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2010/12/08 17:09:34 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2010/12/08 17:09:34 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2010/12/08 17:09:34 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2010/12/08 17:09:34 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2010/12/08 17:09:34 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2010/12/08 17:09:34 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2010/12/08 17:09:34 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2010/12/08 17:09:34 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2010/12/08 17:09:34 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2010/12/08 17:09:34 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2010/12/08 17:09:34 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2010/12/08 17:09:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2010/12/08 17:09:33 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2010/12/08 17:09:33 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2010/12/08 17:09:33 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2010/12/08 17:09:33 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2010/12/08 17:09:33 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2010/12/08 17:09:33 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2010/12/08 17:09:32 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2010/12/08 17:09:32 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2010/12/08 17:09:32 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2010/12/08 17:09:32 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2010/12/08 17:09:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2010/12/08 17:09:32 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2010/12/08 17:09:31 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010/12/08 17:09:31 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010/12/08 17:09:31 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010/12/08 17:09:31 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2010/12/08 17:09:28 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2010/12/08 17:09:28 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2010/12/08 17:09:27 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2010/12/08 17:09:27 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2010/12/08 17:09:27 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2010/12/08 17:09:27 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2010/12/08 17:09:27 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2010/12/08 17:09:26 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2010/12/08 17:09:26 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2010/12/08 17:09:26 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2010/12/08 17:09:25 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2010/12/08 17:09:25 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2010/12/08 17:09:25 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2010/12/08 17:09:25 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2010/12/08 17:09:24 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2010/12/08 17:09:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2010/12/08 17:09:24 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2010/12/08 17:09:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2010/12/08 17:09:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2010/12/08 17:09:24 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2010/12/08 17:09:23 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2010/12/08 17:09:23 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/12/08 17:09:23 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2010/12/08 17:09:23 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2010/12/08 17:09:18 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2010/12/08 17:09:17 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2010/12/08 17:09:17 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2010/12/08 17:09:17 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2010/12/08 17:09:16 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2010/12/08 17:09:16 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2010/12/08 17:09:16 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2010/12/08 17:09:16 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2010/12/08 17:09:15 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2010/12/08 17:09:15 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2010/12/08 17:09:15 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2010/12/08 17:09:15 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2010/12/08 17:09:15 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2010/12/08 17:09:15 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2010/12/08 17:09:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2010/12/08 17:09:14 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2010/12/08 17:09:14 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2010/12/08 17:09:14 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2010/12/08 17:09:12 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2010/12/08 17:09:12 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2010/12/08 17:09:12 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2010/12/08 17:09:12 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2010/12/08 17:09:11 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsnap.dll
[2010/12/08 17:09:11 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpadm.dll
[2010/12/08 17:09:11 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2010/12/08 17:09:11 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2010/12/08 17:09:09 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2010/12/08 17:09:09 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2010/12/08 17:09:08 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2010/12/08 17:09:08 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2010/12/08 17:09:08 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2010/12/08 17:09:08 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2010/12/08 17:09:08 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2010/12/08 17:09:08 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2010/12/08 17:09:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2010/12/08 17:09:08 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2010/12/08 17:09:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2010/12/08 17:09:07 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2010/12/08 17:09:07 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2010/12/08 17:09:07 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2010/12/08 17:09:07 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2010/12/08 17:09:07 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2010/12/08 17:09:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2010/12/08 17:09:06 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2010/12/08 17:09:06 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2010/12/08 17:09:06 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2010/12/08 17:09:06 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2010/12/08 17:09:06 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2010/12/08 17:09:06 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2010/12/08 17:09:06 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2010/12/08 17:09:06 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2010/12/08 17:09:06 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2010/12/08 17:09:06 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2010/12/08 17:09:06 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2010/12/08 17:09:06 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2010/12/08 17:09:05 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2010/12/08 17:09:05 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2010/12/08 17:09:05 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2010/12/08 17:09:05 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2010/12/08 17:09:05 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2010/12/08 17:09:05 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2010/12/08 17:09:04 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2010/12/08 17:09:04 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2010/12/08 17:09:04 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2010/12/08 17:09:04 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2010/12/08 17:09:04 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2010/12/08 17:09:02 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2010/12/08 16:56:30 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010/12/08 16:56:30 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2010/12/08 16:56:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010/12/08 16:56:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2010/12/08 16:45:30 | 000,037,600 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2010/12/08 16:45:30 | 000,035,816 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2010/12/08 16:45:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\My Documents\RegRun2
[2010/12/08 16:45:23 | 000,012,808 | ---- | C] (Greatis Software, LLC.) -- C:\WINDOWS\System32\drivers\UnHackMeDrv.sys
[2010/12/08 16:45:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\regruninfo
[2010/12/08 16:37:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\My Documents\My Pictures
[2010/12/08 16:37:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\My Documents\My Music
[2010/12/08 16:37:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Application Data\Microsoft
[2010/12/08 16:37:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Cookies
[2010/12/08 16:37:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\SendTo
[2010/12/08 16:37:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Application Data
[2010/12/08 16:37:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Start Menu
[2010/12/08 16:37:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\My Documents
[2010/12/08 16:37:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Favorites
[2010/12/08 16:37:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Templates
[2010/12/08 16:37:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\PrintHood
[2010/12/08 16:37:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\NetHood
[2010/12/08 16:37:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Local Settings
[2010/12/08 16:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Local Settings\Application Data\Microsoft
[2010/12/08 16:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Application Data\Identities
[2010/12/08 16:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Desktop
[2010/12/08 16:34:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2010/12/08 16:34:37 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2010/12/08 16:34:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINDOWS\DRM
[2010/12/08 16:33:12 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoobe.exe
[2010/12/08 16:33:10 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe
[2010/12/08 16:33:10 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notiflag.exe
[2010/12/08 16:33:10 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brpinfo.dll
[2010/12/08 16:33:10 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atrace.dll
[2010/12/08 16:33:10 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2010/12/08 16:33:10 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hcappres.dll
[2010/12/08 16:33:00 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe
[2010/12/08 16:32:59 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acctres.dll
[2010/12/08 16:32:59 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2010/12/08 16:32:59 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2010/12/08 16:32:59 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmevtmsg.dll
[2010/12/08 16:32:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2010/12/08 16:32:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icfgnt5.dll
[2010/12/08 16:32:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2010/12/08 16:32:55 | 000,725,566 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srchui.dll
[2010/12/08 16:32:55 | 000,058,434 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srchctls.dll
[2010/12/08 16:32:54 | 003,166,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgr3en.dll
[2010/12/08 16:32:53 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2010/12/08 16:32:53 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng1.dll
[2010/12/08 16:32:53 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2010/12/08 16:32:53 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2010/12/08 16:32:53 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2010/12/08 16:32:53 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauserv.dll
[2010/12/08 16:32:52 | 001,134,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2010/12/08 16:32:52 | 000,430,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2010/12/08 16:32:52 | 000,430,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2010/12/08 16:32:52 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2010/12/08 16:32:52 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt1.exe
[2010/12/08 16:32:52 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2010/12/08 16:32:52 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2010/12/08 16:32:52 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2010/12/08 16:32:52 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2010/12/08 16:32:51 | 000,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgr.dll
[2010/12/08 16:32:51 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2010/12/08 16:32:51 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgrprxy.dll
[2010/12/08 16:32:51 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx2.dll
[2010/12/08 16:32:51 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2010/12/08 16:32:51 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx3.dll
[2010/12/08 16:32:51 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2010/12/08 16:32:49 | 000,561,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobmain.dll
[2010/12/08 16:32:49 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobcomm.dll
[2010/12/08 16:32:49 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oobebaln.exe
[2010/12/08 16:32:49 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobshel.dll
[2010/12/08 16:32:49 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobweb.dll
[2010/12/08 16:32:49 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobdl.dll
[2010/12/08 16:32:47 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uploadm.exe
[2010/12/08 16:32:46 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2010/12/08 16:32:46 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrslv.dll
[2010/12/08 16:32:46 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2010/12/08 16:32:46 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrcdlg.dll
[2010/12/08 16:32:46 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2010/12/08 16:32:46 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\racpldlg.dll
[2010/12/08 16:32:46 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2010/12/08 16:32:46 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrdm.dll
[2010/12/08 16:32:45 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pchshell.dll
[2010/12/08 16:32:45 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pchsvc.dll
[2010/12/08 16:32:43 | 000,743,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/12/08 16:32:43 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconfig.exe
[2010/12/08 16:32:43 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hscupd.exe
[2010/12/08 16:32:42 | 000,768,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpctr.exe
[2010/12/08 16:32:42 | 000,124,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmgr.sys
[2010/12/08 16:32:42 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltMc.exe
[2010/12/08 16:32:42 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmc.exe
[2010/12/08 16:32:42 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltlib.dll
[2010/12/08 16:32:41 | 000,380,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rstrui.exe
[2010/12/08 16:32:41 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2010/12/08 16:32:41 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srrstr.dll
[2010/12/08 16:32:41 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srsvc.dll
[2010/12/08 16:32:41 | 000,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sr.sys
[2010/12/08 16:32:41 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srclient.dll
[2010/12/08 16:32:40 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2010/12/08 16:32:40 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ils.dll
[2010/12/08 16:32:40 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2010/12/08 16:32:40 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmdd.dll
[2010/12/08 16:32:40 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2010/12/08 16:32:40 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\isrdbg32.dll
[2010/12/08 16:32:39 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2010/12/08 16:32:39 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoeacct.dll
[2010/12/08 16:32:39 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2010/12/08 16:32:39 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoert2.dll
[2010/12/08 16:32:39 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2010/12/08 16:32:39 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconf.dll
[2010/12/08 16:32:39 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2010/12/08 16:32:39 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetres.dll
[2010/12/08 16:32:39 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmsrvc.exe
[2010/12/08 16:32:39 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2010/12/08 16:32:39 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmmkcert.dll
[2010/12/08 16:32:38 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2010/12/08 16:32:38 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schedsvc.dll
[2010/12/08 16:32:37 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstask.dll
[2010/12/08 16:32:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2010/12/08 16:32:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll
[2010/12/08 16:32:37 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2010/12/08 16:32:37 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdial.dll
[2010/12/08 16:32:37 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2010/12/08 16:32:37 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwphbk.dll
[2010/12/08 16:32:37 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2010/12/08 16:32:37 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstinit.exe
[2010/12/08 16:32:36 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2010/12/08 16:32:36 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcfg.dll
[2010/12/08 16:32:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\My Pictures
[2010/12/08 16:32:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\My Music
[2010/12/08 16:31:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2010/12/08 16:31:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2010/12/08 16:31:48 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2010/12/08 16:31:48 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2010/12/08 16:31:47 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2010/12/08 16:31:47 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2010/12/08 16:31:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2010/12/08 16:31:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2010/12/08 16:31:47 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2010/12/08 16:31:47 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2010/12/08 16:31:47 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2010/12/08 16:31:46 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2010/12/08 16:31:46 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2010/12/08 16:31:38 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2010/12/08 16:31:38 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2010/12/08 16:31:38 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2010/12/08 16:31:38 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2010/12/08 16:31:37 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2010/12/08 16:31:37 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2010/12/08 16:31:37 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2010/12/08 16:31:37 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2010/12/08 16:31:37 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2010/12/08 16:31:37 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2010/12/08 16:31:36 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2010/12/08 16:31:36 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2010/12/08 16:31:36 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2010/12/08 16:31:36 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2010/12/08 16:31:36 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2010/12/08 16:31:36 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe
[2010/12/08 16:31:36 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2010/12/08 16:31:36 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe
[2010/12/08 16:31:36 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2010/12/08 16:31:36 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe
[2010/12/08 16:31:36 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2010/12/08 16:31:36 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe
[2010/12/08 16:31:36 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2010/12/08 16:31:36 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe
[2010/12/08 16:31:35 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2010/12/08 16:31:35 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe
[2010/12/08 16:31:35 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2010/12/08 16:31:35 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qwinsta.exe
[2010/12/08 16:31:35 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2010/12/08 16:31:35 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msg.exe
[2010/12/08 16:31:35 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2010/12/08 16:31:35 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qappsrv.exe
[2010/12/08 16:31:35 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2010/12/08 16:31:35 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe
[2010/12/08 16:31:35 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdmodem.dll
[2010/12/08 16:31:35 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2010/12/08 16:31:35 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2010/12/08 16:31:35 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe
[2010/12/08 16:31:35 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2010/12/08 16:31:35 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe
[2010/12/08 16:31:35 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2010/12/08 16:31:35 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcfgex.dll
[2010/12/08 16:31:34 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtsadmin.tlb
[2010/12/08 16:31:34 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrereg.exe
[2010/12/08 16:31:33 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsnap.dll
[2010/12/08 16:31:33 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2010/12/08 16:31:33 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.dll
[2010/12/08 16:31:33 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2010/12/08 16:31:33 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2010/12/08 16:31:33 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stclient.dll
[2010/12/08 16:31:33 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comaddin.dll
[2010/12/08 16:31:33 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2010/12/08 16:31:33 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2010/12/08 16:31:33 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxlegih.dll
[2010/12/08 16:31:33 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2010/12/08 16:31:33 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxdm.dll
[2010/12/08 16:31:33 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcomcnfg.exe
[2010/12/08 16:31:33 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2010/12/08 16:31:33 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2010/12/08 16:31:33 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxex.dll
[2010/12/08 16:31:32 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmi2xml.dll
[2010/12/08 16:31:29 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipicmp.dll
[2010/12/08 16:31:29 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmimsg.dll
[2010/12/08 16:31:29 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmitimep.dll
[2010/12/08 16:31:28 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\updprov.dll
[2010/12/08 16:31:28 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmplprov.dll
[2010/12/08 16:31:28 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.tlb
[2010/12/08 16:31:28 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trnsprov.dll
[2010/12/08 16:31:28 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpcons.dll
[2010/12/08 16:31:28 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.tlb
[2010/12/08 16:31:28 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unsecapp.exe
[2010/12/08 16:31:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmtr.dll
[2010/12/08 16:31:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmt.exe
[2010/12/08 16:31:28 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.dll
[2010/12/08 16:31:27 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll
[2010/12/08 16:31:27 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\accwiz.exe
[2010/12/08 16:31:27 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2010/12/08 16:31:27 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprov.dll
[2010/12/08 16:31:27 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fwdprov.dll
[2010/12/08 16:31:26 | 000,345,088 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2010/12/08 16:31:26 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2010/12/08 16:31:26 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndrec32.exe
[2010/12/08 16:31:26 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2010/12/08 16:31:26 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2010/12/08 16:31:26 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\access.cpl
[2010/12/08 16:31:26 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2010/12/08 16:31:25 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2010/12/08 16:31:25 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spider.exe
[2010/12/08 16:31:25 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2010/12/08 16:31:25 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2010/12/08 16:31:25 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clipbrd.exe
[2010/12/08 16:31:25 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2010/12/08 16:31:24 | 000,655,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2010/12/08 16:31:24 | 000,407,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstsc.exe
[2010/12/08 16:31:24 | 000,139,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2010/12/08 16:31:24 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2010/12/08 16:31:24 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscfgwmi.dll
[2010/12/08 16:31:24 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdtcp.sys
[2010/12/08 16:31:24 | 000,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdpipe.sys
[2010/12/08 16:31:23 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2010/12/08 16:31:23 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdchost.dll
[2010/12/08 16:31:23 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sessmgr.exe
[2010/12/08 16:31:23 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2010/12/08 16:31:23 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdshost.exe
[2010/12/08 16:31:23 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\remotepg.dll
[2010/12/08 16:31:23 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2010/12/08 16:31:23 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscupgrd.exe
[2010/12/08 16:31:23 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2010/12/08 16:31:23 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdsaddin.exe
[2010/12/08 16:31:22 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\termsrv.dll
[2010/12/08 16:31:22 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2010/12/08 16:31:22 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcuiu.dll
[2010/12/08 16:31:22 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2010/12/08 16:31:22 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwsx.dll
[2010/12/08 16:31:22 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2010/12/08 16:31:22 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpclip.exe
[2010/12/08 16:31:22 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgbkend.dll
[2010/12/08 16:31:22 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2010/12/08 16:31:22 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2010/12/08 16:31:22 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qprocess.exe
[2010/12/08 16:31:22 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2010/12/08 16:31:22 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpsnd.dll
[2010/12/08 16:31:22 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2010/12/08 16:31:22 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icaapi.dll
[2010/12/08 16:31:21 | 000,949,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2010/12/08 16:31:21 | 000,949,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtctm.dll
[2010/12/08 16:31:21 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2010/12/08 16:31:21 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcprx.dll
[2010/12/08 16:31:21 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2010/12/08 16:31:21 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxoci.dll
[2010/12/08 16:31:20 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2010/12/08 16:31:20 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtclog.dll
[2010/12/08 16:31:20 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2010/12/08 16:31:20 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xolehlp.dll
[2010/12/08 16:31:20 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtc.exe
[2010/12/08 16:31:19 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comadmin.dll
[2010/12/08 16:31:19 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clbcatex.dll
[2010/12/08 16:31:19 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2010/12/08 16:31:19 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrvps.dll
[2010/12/08 16:31:19 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2010/12/08 16:31:19 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2010/12/08 16:31:19 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2010/12/08 16:31:19 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.exe
[2010/12/08 16:31:18 | 001,251,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsvcs.dll
[2010/12/08 16:31:18 | 001,251,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2010/12/08 16:31:18 | 000,628,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrvut.dll
[2010/12/08 16:31:18 | 000,628,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2010/12/08 16:31:18 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrv.dll
[2010/12/08 16:31:18 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2010/12/08 16:31:17 | 000,540,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comuid.dll
[2010/12/08 16:31:17 | 000,540,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2010/12/08 16:31:17 | 000,501,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clbcatq.dll
[2010/12/08 16:31:15 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipcima.dll
[2010/12/08 16:31:15 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmisvc.dll
[2010/12/08 16:31:15 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprov.dll
[2010/12/08 16:31:15 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmidcprv.dll
[2010/12/08 16:31:15 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipdskq.dll
[2010/12/08 16:31:15 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiutils.dll
[2010/12/08 16:31:15 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipjobj.dll
[2010/12/08 16:31:15 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipiprt.dll
[2010/12/08 16:31:15 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmicookr.dll
[2010/12/08 16:31:15 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipsess.dll
[2010/12/08 16:31:14 | 000,530,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcore.dll
[2010/12/08 16:31:14 | 000,358,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmic.exe
[2010/12/08 16:31:14 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemess.dll
[2010/12/08 16:31:14 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcomn.dll
[2010/12/08 16:31:14 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemupgd.dll
[2010/12/08 16:31:14 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiadap.exe
[2010/12/08 16:31:14 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcntl.dll
[2010/12/08 16:31:14 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.dll
[2010/12/08 16:31:14 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiapsrv.exe
[2010/12/08 16:31:14 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemtest.exe
[2010/12/08 16:31:14 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiaprpl.dll
[2010/12/08 16:31:14 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcons.dll
[2010/12/08 16:31:14 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemsvc.dll
[2010/12/08 16:31:14 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemprox.dll
[2010/12/08 16:31:14 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiapres.dll
[2010/12/08 16:31:13 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\provthrd.dll
[2010/12/08 16:31:13 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\repdrvfs.dll
[2010/12/08 16:31:13 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viewprov.dll
[2010/12/08 16:31:13 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\policman.dll
[2010/12/08 16:31:13 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stdprov.dll
[2010/12/08 16:31:13 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrcons.exe
[2010/12/08 16:31:12 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntevt.dll
[2010/12/08 16:31:12 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\framedyn.dll
[2010/12/08 16:31:12 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofd.dll
[2010/12/08 16:31:12 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ncprov.dll
[2010/12/08 16:31:12 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\krnlprov.dll
[2010/12/08 16:31:12 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofcomp.exe
[2010/12/08 16:31:11 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\esscli.dll
[2010/12/08 16:31:10 | 001,352,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cimwin32.dll
[2010/12/08 16:31:10 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmprops.dll
[2010/12/08 16:31:10 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2010/12/08 16:31:10 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2010/12/08 16:31:10 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licwmi.dll
[2010/12/08 16:31:10 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2010/12/08 16:31:10 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\servdeps.dll
[2010/12/08 16:31:10 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2010/12/08 16:31:10 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mmfutil.dll
[2010/12/08 16:31:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\My Videos
[2010/12/08 13:44:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/08 13:27:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/12/08 13:12:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/12/07 22:32:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/12/07 18:17:22 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/12/07 18:14:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/12/07 14:23:13 | 000,000,000 | ---D | C] -- C:\Program Files\Cyberlink
[2010/12/07 13:58:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010/12/07 10:34:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/12/06 12:42:50 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/12/06 12:42:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/12/06 12:42:48 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spttseng.dll
[2010/12/06 12:42:48 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll
[2010/12/06 12:42:48 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll
[2010/12/06 12:42:47 | 000,741,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.dll
[2010/12/06 12:42:47 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.cpl
[2010/12/06 12:42:47 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2010/12/06 12:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010/12/06 12:42:46 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/12/06 12:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010/12/06 12:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2010/12/06 12:42:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/12/06 12:42:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010/12/06 12:41:49 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/12/06 12:41:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010/12/06 12:37:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010/12/06 12:37:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010/12/06 12:37:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2010/12/06 12:37:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2010/12/06 12:37:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2010/12/06 12:37:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/12/06 12:37:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/12/06 12:37:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010/12/06 12:37:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010/12/06 12:37:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2010/12/06 12:37:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010/12/06 12:37:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010/12/06 12:37:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010/12/06 12:37:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010/12/06 12:37:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010/12/06 12:37:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010/12/06 12:37:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010/12/06 12:37:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010/12/06 12:37:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010/12/06 12:37:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010/12/06 12:37:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2010/12/06 12:37:18 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010/12/06 12:37:18 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/12/06 12:37:18 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010/12/06 12:37:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010/12/06 12:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010/12/06 08:06:33 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2010/12/06 08:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/12/06 07:58:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/12/06 07:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/12/06 07:53:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010/12/06 07:53:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/12/06 07:53:37 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/12/06 07:51:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung_USB_Drivers
[2010/12/06 07:51:18 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/12/06 07:51:06 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2010/12/06 07:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/12/06 07:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010/12/06 07:43:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS
[2010/12/06 07:42:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2010/12/06 07:39:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2010/12/06 07:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/12/06 07:38:48 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/12/06 07:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/12/06 07:37:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/12/06 07:37:31 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/12/06 07:37:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/12/06 07:37:26 | 000,000,000 | ---D | C] -- C:\Intel
[2010/12/06 07:37:15 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/12/06 07:37:10 | 000,000,000 | ---D | C] -- C:\TempEI4
[2010/12/06 07:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\a-squared Free
[2010/12/06 07:28:34 | 000,000,000 | ---D | C] -- C:\Pro
[2010/12/06 07:24:54 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/12/06 07:23:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/12/06 07:23:40 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/12/06 07:23:39 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/12/06 07:23:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/12/06 07:23:27 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/12/06 07:23:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/12/06 07:22:07 | 000,618,605 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4autl.dll
[2010/12/06 07:21:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/12/06 07:21:40 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/12/06 07:21:40 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/12/06 07:20:50 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/12/06 07:20:50 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/12/06 07:20:44 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010/12/06 07:20:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010/12/06 07:19:58 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe
[2010/12/06 07:19:58 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wb32.exe
[2010/12/06 07:19:58 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cb32.exe
[2010/12/06 07:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/12/06 07:19:54 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2010/12/06 07:19:54 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2010/12/06 07:19:54 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll
[2010/12/06 07:19:54 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wisc10.dll
[2010/12/06 07:19:54 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoapr.dll
[2010/12/06 07:19:54 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/12/06 07:19:53 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoap1.dll
[2010/12/06 07:19:53 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieinfo5.ocx
[2010/12/06 07:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/12/06 07:19:50 | 000,848,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2010/12/06 07:19:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/12/06 07:19:49 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpband.dll
[2010/12/06 07:19:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/12/06 07:19:48 | 000,786,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migrate.exe
[2010/12/06 07:19:48 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe
[2010/12/06 07:19:48 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpvis.dll
[2010/12/06 07:19:48 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2010/12/06 07:19:48 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll
[2010/12/06 07:19:47 | 000,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2010/12/06 07:19:47 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2010/12/06 07:19:47 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2010/12/06 07:19:47 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2010/12/06 07:19:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res2.dll
[2010/12/06 07:19:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2eres.dll
[2010/12/06 07:19:43 | 004,256,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res.dll
[2010/12/06 07:19:43 | 000,502,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxa.dll
[2010/12/06 07:19:43 | 000,402,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2filt.dll
[2010/12/06 07:19:43 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxb.dll
[2010/12/06 07:19:43 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ae.dll
[2010/12/06 07:19:43 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ext.dll
[2010/12/06 07:19:42 | 003,555,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/12/06 07:19:42 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010/12/06 07:19:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/12/06 07:19:33 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmas.dll
[2010/12/06 07:19:33 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcap32.dll
[2010/12/06 07:19:33 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmasnt.dll
[2010/12/06 07:19:32 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\callcont.dll
[2010/12/06 07:19:32 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nac.dll
[2010/12/06 07:19:32 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rrcm.dll
[2010/12/06 07:19:32 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\h323cc.dll
[2010/12/06 07:19:32 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\confmrsl.dll
[2010/12/06 07:19:31 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst120.dll
[2010/12/06 07:19:31 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmwb.dll
[2010/12/06 07:19:31 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmoldwb.dll
[2010/12/06 07:19:31 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmft.dll
[2010/12/06 07:19:31 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmchat.dll
[2010/12/06 07:19:31 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmcom.dll
[2010/12/06 07:19:31 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst123.dll
[2010/12/06 07:19:30 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\conf.exe
[2010/12/06 07:19:30 | 000,504,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32.dll
[2010/12/06 07:19:30 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32res.dll
[2010/12/06 07:19:30 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabimp.dll
[2010/12/06 07:19:30 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/12/06 07:19:30 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabfind.dll
[2010/12/06 07:19:30 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabmig.exe
[2010/12/06 07:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010/12/06 07:19:29 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oeimport.dll
[2010/12/06 07:19:29 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\directdb.dll
[2010/12/06 07:19:29 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msimn.exe
[2010/12/06 07:19:28 | 002,479,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoeres.dll
[2010/12/06 07:19:28 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemig50.exe
[2010/12/06 07:19:28 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemiglib.dll
[2010/12/06 07:19:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup50.exe
[2010/12/06 07:19:27 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010/12/06 07:19:25 | 000,561,179 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dao360.dll
[2010/12/06 07:19:25 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn1.exe
[2010/12/06 07:19:25 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwhelp.dll
[2010/12/06 07:19:25 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn2.exe
[2010/12/06 07:19:25 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn.dll
[2010/12/06 07:19:25 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwutil.dll
[2010/12/06 07:19:25 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdl.dll
[2010/12/06 07:19:25 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwrmind.exe
[2010/12/06 07:19:25 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetwiz.exe
[2010/12/06 07:19:24 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32.dll
[2010/12/06 07:19:24 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqlxmlx.dll
[2010/12/06 07:19:24 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaps.dll
[2010/12/06 07:19:24 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatl3.dll
[2010/12/06 07:19:24 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaosp.dll
[2010/12/06 07:19:24 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32r.dll
[2010/12/06 07:19:23 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasql.dll
[2010/12/06 07:19:23 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaora.dll
[2010/12/06 07:19:23 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll
[2010/12/06 07:19:23 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll
[2010/12/06 07:19:23 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll
[2010/12/06 07:19:23 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado27.tlb
[2010/12/06 07:19:23 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado26.tlb
[2010/12/06 07:19:23 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado25.tlb
[2010/12/06 07:19:23 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadrh15.dll
[2010/12/06 07:19:23 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msador15.dll
[2010/12/06 07:19:23 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxactps.dll
[2010/12/06 07:19:23 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatt.dll
[2010/12/06 07:19:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasqlr.dll
[2010/12/06 07:19:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaorar.dll
[2010/12/06 07:19:23 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaurl.dll
[2010/12/06 07:19:23 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasc.dll
[2010/12/06 07:19:23 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaer.dll
[2010/12/06 07:19:23 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaenum.dll
[2010/12/06 07:19:23 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdadc.dll
[2010/12/06 07:19:22 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2010/12/06 07:19:22 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprst.dll
[2010/12/06 07:19:22 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadds.dll
[2010/12/06 07:19:22 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdarem.dll
[2010/12/06 07:19:22 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado21.tlb
[2010/12/06 07:19:22 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado20.tlb
[2010/12/06 07:19:22 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdfmap.dll
[2010/12/06 07:19:22 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msader15.dll
[2010/12/06 07:19:22 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaddsr.dll
[2010/12/06 07:19:22 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaremr.dll
[2010/12/06 07:19:22 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprsr.dll
[2010/12/06 07:19:21 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2010/12/06 07:19:21 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadco.dll
[2010/12/06 07:19:21 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcf.dll
[2010/12/06 07:19:21 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcs.dll
[2010/12/06 07:19:21 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcer.dll
[2010/12/06 07:19:21 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcor.dll
[2010/12/06 07:19:21 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcfr.dll
[2010/12/06 07:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/12/06 07:19:20 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2010/12/06 07:19:20 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hmmapi.dll
[2010/12/06 07:19:20 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedw.exe
[2010/12/06 07:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/12/06 07:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/12/06 07:18:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/12/06 07:18:51 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010/12/06 07:18:51 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/12/06 07:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/12/06 07:18:46 | 001,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2010/12/06 07:18:46 | 000,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2010/12/06 07:18:46 | 000,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2010/12/06 07:18:46 | 000,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2010/12/06 07:18:46 | 000,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2010/12/06 07:18:46 | 000,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2010/12/06 07:18:45 | 002,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2010/12/06 07:18:45 | 000,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2010/12/06 07:18:45 | 000,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2010/12/06 07:18:45 | 000,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2010/12/06 07:18:45 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2010/12/06 07:18:45 | 000,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2010/12/06 07:18:44 | 001,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2010/12/06 07:18:44 | 001,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2010/12/06 07:18:44 | 000,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2010/12/06 07:18:44 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2010/12/06 07:18:44 | 000,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2010/12/06 07:18:44 | 000,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2010/12/06 07:18:44 | 000,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2010/12/06 07:18:44 | 000,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2010/12/06 07:18:43 | 000,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2010/12/06 07:18:43 | 000,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2010/12/06 07:18:43 | 000,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2010/12/06 07:18:43 | 000,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2010/12/06 07:18:43 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2010/12/06 07:18:33 | 000,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll
[2010/12/06 07:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010/12/06 07:18:00 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2010/12/06 07:17:58 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dialer.exe
[2010/12/06 07:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2010/12/06 07:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010/12/06 07:17:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/12 13:02:14 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Orbit.lnk
[2010/12/12 13:01:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/11 21:26:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Desktop\OTL.exe
[2010/12/10 12:09:19 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\defogger_reenable
[2010/12/10 11:23:40 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/12/10 11:20:41 | 000,000,722 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\RegistryBooster 2.lnk
[2010/12/09 13:52:10 | 000,034,704 | ---- | M] () -- C:\WINDOWS\syscall.dat
[2010/12/09 13:52:08 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Zemana AntiLogger.lnk
[2010/12/09 13:08:04 | 000,110,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/09 11:39:57 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/12/09 11:39:42 | 000,001,730 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/12/09 11:35:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/12/09 11:35:14 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/09 11:35:14 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2010/12/09 11:31:10 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Desktop\LG Power Tools.lnk
[2010/12/09 11:31:07 | 000,001,713 | ---- | M] () -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Desktop\LG Burning Tool.lnk
[2010/12/09 11:14:19 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2010/12/09 10:12:53 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk
[2010/12/08 23:41:01 | 000,006,044 | ---- | M] () -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Desktop\Document.rtf
[2010/12/08 23:08:25 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/12/08 19:24:10 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/08 19:07:00 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Professional.lnk
[2010/12/08 19:01:57 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\a-squared Free.lnk
[2010/12/08 18:56:42 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Winamp.lnk
[2010/12/08 18:52:33 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\IObit Security 360.lnk
[2010/12/08 18:41:01 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Desktop\Orbit.lnk
[2010/12/08 18:39:55 | 000,002,460 | ---- | M] () -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Desktop\Google Chrome.lnk
[2010/12/08 18:39:55 | 000,002,438 | ---- | M] () -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/08 18:36:54 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/12/08 18:36:54 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk
[2010/12/08 18:36:15 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Application Data\$_hpcst$.hpc
[2010/12/08 18:36:01 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Samsung New PC Studio.lnk
[2010/12/08 18:29:06 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2010/12/08 18:29:06 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2010/12/08 18:23:07 | 000,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/08 18:23:07 | 000,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/08 18:11:12 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Desktop\CCleaner.lnk
[2010/12/08 18:10:38 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9.lnk
[2010/12/08 17:55:13 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/08 17:11:28 | 000,002,300 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/08 17:10:36 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/12/08 17:01:59 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/12/08 17:00:59 | 000,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/12/08 16:45:33 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/12/08 16:45:33 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010/12/08 16:45:30 | 000,037,600 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2010/12/08 16:45:30 | 000,035,816 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2010/12/08 16:45:24 | 000,000,558 | ---- | M] () -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Desktop\UnHackMe.lnk
[2010/12/08 16:39:37 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/12/08 16:37:42 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/12/08 16:37:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/12/08 16:34:59 | 000,173,197 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/12/08 16:34:46 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/12/08 16:34:46 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/12/06 07:21:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/12/06 07:21:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/12/06 07:21:29 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/12/06 07:21:29 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/10 12:09:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\defogger_reenable
[2010/12/10 11:20:41 | 000,000,722 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\RegistryBooster 2.lnk
[2010/12/09 13:52:10 | 000,034,704 | ---- | C] () -- C:\WINDOWS\syscall.dat
[2010/12/09 13:52:08 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Zemana AntiLogger.lnk
[2010/12/09 11:39:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/12/09 11:39:42 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/12/09 11:35:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/12/09 11:35:14 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/09 11:35:14 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2010/12/09 11:15:47 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Desktop\LG Power Tools.lnk
[2010/12/09 11:13:46 | 000,001,713 | ---- | C] () -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Desktop\LG Burning Tool.lnk
[2010/12/09 10:12:53 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk
[2010/12/08 23:41:01 | 000,006,044 | ---- | C] () -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Desktop\Document.rtf
[2010/12/08 22:36:34 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Orbit.lnk
[2010/12/08 21:58:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/12/08 21:58:01 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/12/08 21:57:53 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/12/08 21:57:37 | 000,173,197 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2010/12/08 21:57:14 | 000,110,192 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/08 21:56:35 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/12/08 19:24:09 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/08 19:07:00 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Professional.lnk
[2010/12/08 19:01:57 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\a-squared Free.lnk
[2010/12/08 18:56:42 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Winamp.lnk
[2010/12/08 18:52:33 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\IObit Security 360.lnk
[2010/12/08 18:41:01 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Desktop\Orbit.lnk
[2010/12/08 18:39:55 | 000,002,460 | ---- | C] () -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Desktop\Google Chrome.lnk
[2010/12/08 18:39:55 | 000,002,438 | ---- | C] () -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/08 18:36:54 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk
[2010/12/08 18:36:24 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/12/08 18:36:24 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/12/08 18:36:15 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Application Data\$_hpcst$.hpc
[2010/12/08 18:36:01 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Samsung New PC Studio.lnk
[2010/12/08 18:29:06 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2010/12/08 18:29:06 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2010/12/08 18:25:52 | 000,982,192 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2010/12/08 18:25:52 | 000,417,344 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2010/12/08 18:25:52 | 000,032,416 | R--- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2010/12/08 18:25:52 | 000,002,096 | R--- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2010/12/08 18:22:37 | 000,000,553 | R--- | C] () -- C:\WINDOWS\USetup.iss
[2010/12/08 18:11:12 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Desktop\CCleaner.lnk
[2010/12/08 18:10:38 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9.lnk
[2010/12/08 17:55:13 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/08 17:10:09 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/12/08 17:09:57 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/12/08 17:09:52 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/12/08 17:09:51 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/12/08 17:09:49 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/12/08 17:09:40 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/12/08 17:09:36 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/12/08 17:09:33 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/12/08 17:09:25 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/12/08 16:56:23 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/12/08 16:56:23 | 000,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/12/08 16:56:23 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/12/08 16:56:23 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/12/08 16:56:23 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/12/08 16:56:23 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/12/08 16:56:23 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/12/08 16:56:23 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/12/08 16:56:22 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/12/08 16:56:22 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/12/08 16:56:22 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/12/08 16:56:22 | 000,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/12/08 16:56:22 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/12/08 16:56:22 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/12/08 16:56:22 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/12/08 16:56:22 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/12/08 16:56:22 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/12/08 16:56:22 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/12/08 16:45:33 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010/12/08 16:45:24 | 000,000,558 | ---- | C] () -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Desktop\UnHackMe.lnk
[2010/12/08 16:39:37 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/12/08 16:37:42 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/12/08 16:37:33 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/12/08 16:36:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/12/08 16:34:49 | 000,002,626 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/12/08 16:34:46 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/12/08 16:34:46 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/12/08 16:34:45 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/12/08 16:33:42 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2010/12/08 16:33:07 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010/12/08 16:33:07 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010/12/08 16:33:00 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2010/12/08 16:32:43 | 000,376,320 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2010/12/08 16:32:20 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/12/08 16:31:40 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/12/08 16:31:40 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/12/08 16:31:40 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/12/08 16:31:40 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/12/08 16:31:40 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/12/08 16:31:40 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/12/08 16:31:40 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/12/08 16:31:40 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/12/08 16:31:39 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/12/08 16:31:39 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/12/08 16:31:39 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/12/08 16:31:36 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010/12/08 16:31:36 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010/12/08 16:31:34 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010/12/08 16:31:27 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2010/12/06 12:42:48 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2010/12/06 12:42:48 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2010/12/06 12:42:47 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2010/12/06 12:42:47 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2010/12/06 12:41:02 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2010/12/06 07:21:29 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/12/06 07:21:29 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/12/06 07:21:29 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010/12/06 07:21:29 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010/12/06 07:19:47 | 000,004,639 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2004/10/08 15:00:00 | 000,001,030 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/04 04:26:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/07/17 15:06:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

< End of report >

OTL Extras logfile created on: 12/12/2010 1:15:04 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 43.95 Gb Total Space | 37.42 Gb Free Space | 85.14% Space Free | Partition Type: NTFS
Drive D: | 53.71 Gb Total Space | 52.68 Gb Free Space | 98.07% Space Free | Partition Type: NTFS

Computer Name: WIPRO-0CE5894D7 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Cyberlink\PowerDVD8\PowerDVD8.exe" = C:\Program Files\Cyberlink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Pro\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Pro\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Pro\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Pro\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Cyberlink\PowerDVD8\PowerDVD8.exe" = C:\Program Files\Cyberlink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014534FF-1D46-4A77-9B48-29EFD145995B}" = AntiLogger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}" = WinZip 14.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AntiLogger" = AntiLogger
"a-squared Free_is1" = a-squared Free 4.5
"avast5" = avast! Pro Antivirus
"CCleaner" = CCleaner
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Internet Download Manager" = Internet Download Manager
"IObit Security 360_is1" = IObit Security 360
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Orbit_is1" = Orbit Downloader
"RegistryBooster 2_is1" = Uniblue RegistryBooster 2
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"UnHackMe_is1" = UnHackMe 5.99 release
"Winamp" = Winamp

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/9/2010 1:48:49 AM | Computer Name = WIPRO-0CE5894D7 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/9/2010 1:48:49 AM | Computer Name = WIPRO-0CE5894D7 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/9/2010 1:48:56 AM | Computer Name = WIPRO-0CE5894D7 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/10/2010 1:46:17 AM | Computer Name = WIPRO-0CE5894D7 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 12/10/2010 1:46:20 AM | Computer Name = WIPRO-0CE5894D7 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/10/2010 1:46:20 AM | Computer Name = WIPRO-0CE5894D7 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/10/2010 1:46:20 AM | Computer Name = WIPRO-0CE5894D7 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/10/2010 1:46:23 AM | Computer Name = WIPRO-0CE5894D7 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/10/2010 1:46:23 AM | Computer Name = WIPRO-0CE5894D7 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/10/2010 1:46:30 AM | Computer Name = WIPRO-0CE5894D7 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 12/10/2010 1:46:46 AM | Computer Name = WIPRO-0CE5894D7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 12/10/2010 1:47:34 AM | Computer Name = WIPRO-0CE5894D7 | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 12/10/2010 1:47:34 AM | Computer Name = WIPRO-0CE5894D7 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 12/10/2010 1:47:34 AM | Computer Name = WIPRO-0CE5894D7 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 12/10/2010 1:47:34 AM | Computer Name = WIPRO-0CE5894D7 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 12/10/2010 1:47:34 AM | Computer Name = WIPRO-0CE5894D7 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AFD aswSnx aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV
SASKUTIL
Tcpip
WS2IFSL

Error - 12/10/2010 1:50:10 AM | Computer Name = WIPRO-0CE5894D7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 12/10/2010 1:53:42 AM | Computer Name = WIPRO-0CE5894D7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/10/2010 2:34:58 AM | Computer Name = WIPRO-0CE5894D7 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 12/10/2010 2:37:38 AM | Computer Name = WIPRO-0CE5894D7 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.


< End of report >

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0xB9798000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 6279168 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xA86AF000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 5140480 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xBF2E8000 C:\WINDOWS\System32\igxpdx32.DLL 3837952 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xBF058000 C:\WINDOWS\System32\igxpdv32.DLL 2686976 bytes (Intel Corporation, Component GHAL Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2142208 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2142208 bytes
0x804D7000 RAW 2142208 bytes
0x804D7000 WMIxWDM 2142208 bytes
0xBF800000 Win32k 1839104 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1839104 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB9E36000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA83C3000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xA8343000 C:\WINDOWS\System32\Drivers\aswSnx.SYS 364544 bytes (AVAST Software, avast! Virtualization Driver)
0xA8512000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA7C19000 C:\WINDOWS\system32\DRIVERS\srv.sys 339968 bytes (Microsoft Corporation, Server driver)
0xA764C000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 212992 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xB9617000 C:\WINDOWS\system32\DRIVERS\update.sys 212992 bytes (Microsoft Corporation, Update Driver)
0xB9673000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA7D5C000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9E09000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA845A000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 180224 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xA6BC0000 C:\WINDOWS\system32\drivers\kmixer.sys 172032 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA84C9000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xA839C000 C:\WINDOWS\System32\Drivers\aswSP.SYS 159744 bytes (AVAST Software, avast! self protection module)
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB975F000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 151552 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA82F8000 C:\Program Files\AntiLogger\AntiLog32.sys 143360 bytes (Zemana Ltd., Zemana AntiLogger Driver (stand-alone))
0xA7240000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB96CC000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB971E000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xA84A7000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA868D000 C:\WINDOWS\system32\drivers\portcls.sys 139264 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xA84F1000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0xA8486000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 135168 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806E2000 ACPI_HAL 134400 bytes
0x806E2000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9EEC000 fltMgr.sys 126976 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9741000 C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 122880 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xB9DEE000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA82E0000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xA7FE1000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xB9EC3000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB96B5000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA78BC000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB970A000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB9784000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA856A000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xB9EDA000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB96A4000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBA158000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA178000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA258000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA1A8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA7AA1000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA288000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA198000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA168000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA1C8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA1E8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA188000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA1D8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA2E8000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0xBA248000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA0F8000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA228000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA308000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xA7E69000 C:\WINDOWS\system32\FsUsbExDisk.SYS 36864 bytes
0xBA138000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA1B8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xA76D5000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xBA0A8000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA1F8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA2F8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA73AF000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA318000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA410000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA328000 Partizan.sys 32768 bytes (Greatis Software, Partizan - Rootkit detector)
0xBA3B0000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xBA478000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA330000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA3A0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA480000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xBA3A8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA3D0000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA418000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xBA400000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA440000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xBA408000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA338000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA3C0000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA3C8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA3B8000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA398000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA488000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xA7D10000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xA82BC000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xBA578000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA844A000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA554000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xA82B8000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xA832B000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xA843E000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xA8432000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA55C000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB966F000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB965F000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xBA5CA000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA620000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA5C8000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5CC000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA624000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xBA5CE000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA650000 C:\WINDOWS\system32\DRIVERS\ss_bcm.sys 8192 bytes (MCCI Corporation, Windows 2000/XP support functions)
0xBA64E000 C:\WINDOWS\system32\DRIVERS\ss_bwh.sys 8192 bytes (MCCI Corporation, SAMSUNG USB Mobile Device (Windows 2000/XP support functions))
0xBA5BA000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5F0000 C:\WINDOWS\System32\DRIVERS\UnHackMeDrv.sys 8192 bytes (Greatis Software, LLC., UnHackMe Kernel Driver)
0xBA5C2000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA78D000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA6C1000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA705000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 131):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E2000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xBA328000 Partizan.sys
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA330000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA338000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EEC000 fltMgr.sys
0xB9EDA000 sr.sys
0xBA0F8000 PxHelp20.sys
0xB9EC3000 KSecDD.sys
0xB9E36000 Ntfs.sys
0xB9E09000 NDIS.sys
0xB9DEE000 Mup.sys
0xB9798000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB9784000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB975F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB9741000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xBA398000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB971E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3A0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA168000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA3A8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA3B0000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA178000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA554000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB970A000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA188000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA198000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB96CC000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA78D000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA55C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB96B5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB96A4000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3C0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3C8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB9673000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA228000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5BA000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9617000 \SystemRoot\system32\DRIVERS\update.sys
0xBA578000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA248000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA86AF000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA868D000 \SystemRoot\system32\drivers\portcls.sys
0xBA258000 \SystemRoot\system32\drivers\drmk.sys
0xBA288000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5C2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA5C8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA705000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5CA000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA400000 \SystemRoot\System32\drivers\vga.sys
0xBA5CC000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5CE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA408000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA410000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB966F000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA856A000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA8512000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA2E8000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xA84F1000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA84C9000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB965F000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xA84A7000 \SystemRoot\System32\drivers\afd.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA8486000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xBA418000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xA845A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA83C3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA308000 \SystemRoot\System32\Drivers\Fips.SYS
0xA839C000 \SystemRoot\System32\Drivers\aswSP.SYS
0xA8343000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xA843E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA138000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA478000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA82F8000 \??\C:\Program Files\AntiLogger\AntiLog32.sys
0xBA480000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xA8432000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA158000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA82E0000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA620000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA488000 \SystemRoot\System32\watchdog.sys
0xA832B000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6C1000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF058000 \SystemRoot\System32\igxpdv32.DLL
0xBF2E8000 \SystemRoot\System32\igxpdx32.DLL
0xA82BC000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xA82B8000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xBA318000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA844A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA7FE1000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA7D5C000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA624000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA7C19000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA440000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xBA5F0000 \SystemRoot\System32\DRIVERS\UnHackMeDrv.sys
0xA78BC000 \SystemRoot\system32\drivers\wdmaud.sys
0xA7AA1000 \SystemRoot\system32\drivers\sysaudio.sys
0xA7E69000 \??\C:\WINDOWS\system32\FsUsbExDisk.SYS
0xA764C000 \SystemRoot\System32\Drivers\HTTP.sys
0xA76D5000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xA7240000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBA64E000 \SystemRoot\system32\DRIVERS\ss_bwh.sys
0xBA650000 \SystemRoot\system32\DRIVERS\ss_bcm.sys
0xA6BC0000 \SystemRoot\system32\drivers\kmixer.sys
0xA7D10000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 33):
0 System Idle Process
4 SYSTEM
480 C:\WINDOWS\system32\smss.exe
540 C:\WINDOWS\system32\csrss.exe
564 C:\WINDOWS\system32\winlogon.exe
608 C:\WINDOWS\system32\services.exe
620 C:\WINDOWS\system32\lsass.exe
780 C:\WINDOWS\system32\svchost.exe
1024 C:\WINDOWS\system32\svchost.exe
1076 C:\WINDOWS\system32\svchost.exe
1164 C:\WINDOWS\system32\svchost.exe
1192 C:\WINDOWS\system32\svchost.exe
1364 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1512 C:\WINDOWS\explorer.exe
1764 C:\WINDOWS\system32\spoolsv.exe
1860 C:\Program Files\a-squared Free\a2service.exe
1924 C:\WINDOWS\system32\FsUsbExService.Exe
1968 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
2016 C:\Program Files\Cyberlink\Shared files\RichVideo.exe
944 C:\WINDOWS\system32\alg.exe
2012 C:\WINDOWS\system32\wscntfy.exe
2288 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2300 C:\WINDOWS\RTHDCPL.EXE
2340 C:\WINDOWS\system32\hkcmd.exe
2388 C:\WINDOWS\system32\igfxpers.exe
2444 C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe
2468 C:\Program Files\Cyberlink\PowerDVD8\PDVD8Serv.exe
2668 C:\WINDOWS\system32\igfxsrvc.exe
3316 C:\Program Files\Internet Download Manager\IEMonitor.exe
916 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
1264 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
3040 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
4288 C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000a`fca6d000 (NTFS)

PhysicalDrive0 Model Number: ST3250318AS, Rev: CC38

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:43 PM

Posted 12 December 2010 - 02:42 PM

Please be sure to copy and paste all the logs into your reply. Do not attach the logs unless I instruct you to do so.

Please right click and delete Combofix from your desktop.

Please download ComboFix from one of these locations:

Link 1
Link 2

Save it to your Desktop <-- Important!!!

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click it & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


==========

  • Press the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • Copy and past the following into the box
C:\Qoobox\ComboFix-quarantined-files.txt
  • Click ok
  • Copy and paste the report into this topic for me to review


Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#8 Nathaniyelu

Nathaniyelu
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:INDIA
  • Local time:12:43 PM

Posted 14 December 2010 - 11:34 AM

Hi "The bytes".I followed instructions before going to run Combofix..Unfortunately i didnt get any Log!!
1.I installed "Microsoft recovery console"
2.Disablled all AV and Anti spywares
and lastly i ran combofix from the desktop..while running combofix a Message appeared"Combofix detected the prsence of rootkit activity need to reboot the machine".i clicked O.K and then computer Restarted ..a blank Desktop and a Blue color combofix[also blank!!] screens appeared and i thought removal process was going on ..i waited still 2hours!!!!!..and stopped the process.After that i didnt get any log.,Qoobox folder[20.4KB] is there in the "C" drive..plz help ..thanks in Advance..

#9 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:43 PM

Posted 14 December 2010 - 02:49 PM

Please reboot your computer and visit c:\combofix.txt and post the log. If the log is not there then do this...

:exclame: Warning: This script was specifically written and designed for this user only. Unsupervised use of this tool could render your computer unbootable permanently!! :exclame:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the all of the text in the quotebox below (including the hyperlink if present) into it:

4. Combofix might upload a few suspicious files. Please allow this!!

KillAll::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#10 Nathaniyelu

Nathaniyelu
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:INDIA
  • Local time:12:43 PM

Posted 17 December 2010 - 10:24 AM

Hi "the Bytes'..sorry for this dely..can i run combofix in safemode??becoz iam not able to run in normal mode.today[17Dec2010]@12:34p.m i ran[dragged CFScript into combofix] combofix in safemode..!!combofix successfully ran and generated log.by mistake i didnt switch off AVAST AV..i thought i might be swithched off in safe mode.two days back IOBit360 detected two malicious files~WTR4141~WTR4141.TMPin a pendrive i deleted at that time and checked computer with fullscan nothing found..Today after combofix scan..i have noticed two files(~WRL3329.tmp,~WRL0002.tmp.[invisible]) in system's D-DRIVE.after malwarebytes fullscan now they r not appearing..!!iam sending combofix log..plz help me..

-----------------------------------------------------------------"""""""""""""""""""""""""---------------------------------------------------------------------------------
ComboFix 10-12-15.06 - Administrator 12/17/2010 12:37:45.1.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2010.1780 [GMT 5.5:30]
Running from: c:\documents and settings\Administrator.WIPRO-0CE5894D7\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator.WIPRO-0CE5894D7\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-11-17 to 2010-12-17 )))))))))))))))))))))))))))))))
.

2010-12-08 13:11 . 2010-12-10 12:38 -------- d-----w- C:\downloads

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-09 05:44 . 2010-01-18 06:30 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-12-09 05:44 . 2010-01-18 06:30 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-09-29 19:31 . 2010-11-06 10:04 210272 ----a-w- c:\windows\system32\idmmbc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-09-07 15:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnHackMe Monitor"="c:\pro\UnHackMe\hackmon.exe" [2010-11-11 594200]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-11-06 3257696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-23 18077696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]
"CLMLServer"="c:\program files\Cyberlink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-29 210216]
"AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" [2010-09-01 2483048]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-11-29 443728]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2010-12-8 1805584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 09:51 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0prestrt\0Partizan

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 10:27 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 20:27 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2009-04-02 12:35 102400 ----a-w- c:\pro\Samsung\Samsung New PC Studio\NPSAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-07-12 16:32 74752 ----a-w- c:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Pro\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Pro\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Cyberlink\\PowerDVD8\\PowerDVD8.exe"=

R3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [12/8/2010 4:45 PM 35816]
S1 AntiLog32;AntiLog32;c:\program files\AntiLogger\AntiLog32.sys [9/1/2010 3:50 PM 120168]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12/8/2010 9:19 PM 340048]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/8/2010 6:14 PM 165584]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [12/8/2010 7:01 PM 1858144]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/8/2010 6:14 PM 17744]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [12/8/2010 6:36 PM 233472]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [12/8/2010 6:52 PM 312152]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/8/2010 5:55 PM 363344]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [12/8/2010 6:36 PM 36608]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/8/2010 5:55 PM 20952]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\B.tmp --> c:\windows\system32\B.tmp [?]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [12/16/2010 7:14 PM 24416]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [12/8/2010 6:36 PM 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [12/8/2010 6:36 PM 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [12/8/2010 6:36 PM 121856]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.orbitdownloader.com
uInternet Settings,ProxyOverride = <local>
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\idmmbc.dll
FF - ProfilePath - c:\documents and settings\Administrator.WIPRO-0CE5894D7\Application Data\Mozilla\Firefox\Profiles\y7bpvn2j.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\documents and settings\Administrator.WIPRO-0CE5894D7\Application Data\IDM\idmmzcc3
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-17 12:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\B.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):00,3a,70,b6,fd,90,66,ba,6d,45,16,59,da,92,48,53,e2,26,a7,58,09,
3e,75,42,d5,f8,17,39,52,76,b9,93,19,67,45,46,f0,71,82,ca,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ab337247-5bb5-4f23-b04d-a3c595de61d9}]
@Denied: (Full) (Everyone)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f47da023-aacd-4c21-a2d3-4e5c0a6ee78a}]
@Denied: (Full) (Everyone)
"Model"=dword:0000015e
"Therad"=dword:00000009

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(240)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2010-12-17 12:44:03 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-17 07:14

Pre-Run: 39,595,630,592 bytes free
Post-Run: 39,577,620,480 bytes free

- - End Of File - - 8FF05FDE55A466DA58AE2DB2710D5527

---------------------------------------------""""""""""""""""""""""""""""""""""""""""-------------------------------------------------------------------------------------

ComboFix-quarantined-files:

2010-12-17 07:09:25 . 2010-12-17 07:09:25 6,008 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-12-17 07:07:42 . 2010-12-17 07:07:42 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2010-12-17 07:06:33 . 2010-12-17 06:08:17 408 ----a-w- C:\Qoobox\Quarantine\catchme.log
2004-10-08 09:30:00 . 2004-10-08 09:30:00 9,216 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\THUMBS.DB.vir

----------------------------------------"""""""""""""""""""""""""----------------------------------------------------------------------------------------------------

#11 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:43 PM

Posted 17 December 2010 - 04:40 PM

In normal mode please do this...

Download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

==========

Next...

RKill by Grinler

Link #1
Link #2
Link #3

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using Vista please right click and run as Admin!
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.
  • It shall produce a log located at C:\RKill. Please copy and paste it into your next reply.

Now try to re-run Combofix.

Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#12 Nathaniyelu

Nathaniyelu
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:INDIA
  • Local time:12:43 PM

Posted 19 December 2010 - 08:22 AM

Hi ,"the bytes" thank u for ur help.. i followed ur instructions and then i ran all the tools what u specified..
1. TDSS killer ran successfully but didnt find any maliciuos files..sending log of this
2.Rkill ran at first attempt{ before that i disablled all AV ,Antimalwares} log ..generated
and
3.same problem repeating while running combofix ..why it's happening like this i dont know ...didnt generate any log!!!
plz help me..

--------------------------------'''''''''''''''------------------------------------------------------------------------------------------------------------------
2010/12/19 17:36:58.0343 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/19 17:36:58.0343 ================================================================================
2010/12/19 17:36:58.0343 SystemInfo:
2010/12/19 17:36:58.0343
2010/12/19 17:36:58.0343 OS Version: 5.1.2600 ServicePack: 2.0
2010/12/19 17:36:58.0343 Product type: Workstation
2010/12/19 17:36:58.0343 ComputerName: WIPRO-0CE5894D7
2010/12/19 17:36:58.0343 UserName: Administrator
2010/12/19 17:36:58.0343 Windows directory: C:\WINDOWS
2010/12/19 17:36:58.0343 System windows directory: C:\WINDOWS
2010/12/19 17:36:58.0343 Processor architecture: Intel x86
2010/12/19 17:36:58.0343 Number of processors: 2
2010/12/19 17:36:58.0343 Page size: 0x1000
2010/12/19 17:36:58.0343 Boot type: Normal boot
2010/12/19 17:36:58.0343 ================================================================================
2010/12/19 17:36:58.0734 Initialize success
2010/12/19 17:37:03.0718 ================================================================================
2010/12/19 17:37:03.0718 Scan started
2010/12/19 17:37:03.0718 Mode: Manual;
2010/12/19 17:37:03.0718 ================================================================================
2010/12/19 17:37:04.0265 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/12/19 17:37:04.0328 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/19 17:37:04.0359 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/19 17:37:04.0390 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2010/12/19 17:37:04.0406 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2010/12/19 17:37:04.0484 AntiLog32 (531838ce8a5a1c6247fde7df882a1bb2) C:\Program Files\AntiLogger\AntiLog32.sys
2010/12/19 17:37:04.0531 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/12/19 17:37:04.0531 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/12/19 17:37:04.0546 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/12/19 17:37:04.0562 aswSnx (81f10376af5f0f466f03cb2c5321b7ed) C:\WINDOWS\system32\drivers\aswSnx.sys
2010/12/19 17:37:04.0593 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2010/12/19 17:37:04.0609 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/12/19 17:37:04.0640 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/19 17:37:04.0671 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/19 17:37:04.0687 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/19 17:37:04.0718 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/19 17:37:04.0750 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/19 17:37:04.0781 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/19 17:37:04.0796 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/19 17:37:04.0828 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/19 17:37:04.0859 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/19 17:37:04.0906 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/19 17:37:04.0937 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/19 17:37:04.0968 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\DRIVERS\dmio.sys
2010/12/19 17:37:04.0984 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/19 17:37:05.0000 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/19 17:37:05.0015 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/19 17:37:05.0046 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/19 17:37:05.0078 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/19 17:37:05.0093 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/19 17:37:05.0125 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/19 17:37:05.0140 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/12/19 17:37:05.0171 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
2010/12/19 17:37:05.0187 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/19 17:37:05.0203 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/19 17:37:05.0218 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/19 17:37:05.0250 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/19 17:37:05.0265 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/19 17:37:05.0312 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/19 17:37:05.0343 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/19 17:37:05.0468 ialm (3b743262b6456167888d15f1121b3bf7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/12/19 17:37:05.0562 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/19 17:37:05.0671 IntcAzAudAddService (2cb7c44a36b54d1712ea3e537ca827b1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/12/19 17:37:05.0734 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/19 17:37:05.0734 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/12/19 17:37:05.0750 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/19 17:37:05.0781 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/19 17:37:05.0796 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/19 17:37:05.0812 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/19 17:37:05.0843 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/19 17:37:05.0859 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/19 17:37:05.0859 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/19 17:37:05.0890 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/19 17:37:05.0906 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/19 17:37:05.0937 MBAMProtector (9b5cc6c481bdd00a963829b892623247) C:\WINDOWS\system32\drivers\mbam.sys
2010/12/19 17:37:05.0968 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/19 17:37:06.0000 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/19 17:37:06.0015 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/19 17:37:06.0031 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/19 17:37:06.0031 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/19 17:37:06.0062 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/19 17:37:06.0078 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/19 17:37:06.0078 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/19 17:37:06.0125 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/19 17:37:06.0125 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/19 17:37:06.0125 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/19 17:37:06.0156 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/19 17:37:06.0171 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/19 17:37:06.0187 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/19 17:37:06.0203 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/19 17:37:06.0250 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/19 17:37:06.0265 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/19 17:37:06.0296 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/19 17:37:06.0312 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/19 17:37:06.0328 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/19 17:37:06.0343 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/19 17:37:06.0375 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/19 17:37:06.0421 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/19 17:37:06.0437 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/19 17:37:06.0453 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/19 17:37:06.0484 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/19 17:37:06.0515 Partizan (6ddcf3f801ec15fe698f6a215cf30a1f) C:\WINDOWS\system32\drivers\Partizan.sys
2010/12/19 17:37:06.0531 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/19 17:37:06.0546 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/19 17:37:06.0578 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/12/19 17:37:06.0609 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/19 17:37:06.0625 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/19 17:37:06.0656 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/19 17:37:06.0750 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/19 17:37:06.0750 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/19 17:37:06.0765 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/19 17:37:06.0781 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/19 17:37:06.0828 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/19 17:37:06.0843 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/19 17:37:06.0875 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/19 17:37:06.0890 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/19 17:37:06.0906 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/19 17:37:06.0921 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/19 17:37:06.0953 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/19 17:37:06.0984 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/19 17:37:07.0000 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/19 17:37:07.0031 RegGuard (37ecebdd930395a9c399fb18a3c236d3) C:\WINDOWS\system32\Drivers\regguard.sys
2010/12/19 17:37:07.0062 RTLE8023xp (7f033e61d7825f10473dcb1d455d3fde) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/12/19 17:37:07.0125 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/12/19 17:37:07.0125 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2010/12/19 17:37:07.0140 SASKUTIL (67d2688756dd304af655349baad82bff) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/12/19 17:37:07.0171 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/19 17:37:07.0203 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/19 17:37:07.0203 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/19 17:37:07.0218 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/19 17:37:07.0265 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/19 17:37:07.0296 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/19 17:37:07.0328 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/19 17:37:07.0359 ss_bbus (eaa66218cd39f5bb1b4853a78c67c787) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
2010/12/19 17:37:07.0375 ss_bmdfl (91765f99914ed8693d8bc76524f21581) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
2010/12/19 17:37:07.0390 ss_bmdm (840e7b738b03c10ee91d9b7d3d6eff15) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
2010/12/19 17:37:07.0406 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/19 17:37:07.0437 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/19 17:37:07.0500 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/19 17:37:07.0515 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/19 17:37:07.0546 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/19 17:37:07.0562 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/19 17:37:07.0578 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/19 17:37:07.0625 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/19 17:37:07.0640 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/19 17:37:07.0671 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/19 17:37:07.0687 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/19 17:37:07.0703 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/19 17:37:07.0718 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/19 17:37:07.0734 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/12/19 17:37:07.0765 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/19 17:37:07.0781 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/19 17:37:07.0812 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/19 17:37:07.0875 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/12/19 17:37:07.0953 ================================================================================
2010/12/19 17:37:07.0953 Scan finished
2010/12/19 17:37:07.0953 ================================================================================
2010/12/19 17:37:29.0718 Deinitialize success


-----------------------------------------------------------------''''''''''''''''''''''''''''''''''''''------------------------------------------------------------------

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 12/19/2010 at 17:42:18.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:



Rkill completed on 12/19/2010 at 17:42:27.

#13 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:43 PM

Posted 19 December 2010 - 12:07 PM

Does Combofix crash? At what point does it stop? Does it get through all the Stages? What dialogue does it present to you?

Please do this and take note where CF stalls ..

Click Start then copy paste the following command into the search box & hit enter:

"c:\documents and settings\Administrator.WIPRO-0CE5894D7\Desktop\ComboFix.exe" /stepdel


Please post the resultant log or clearly detail for me what you see happening.

==========

Next..

  • Please download MGADiag and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Push Posted Image
  • Push Posted Image
  • Go to Start -> Run and type in "Notepad"
  • Go to Edit -> Paste in notepad.
  • x out all of the numbers and letters in the line beginning with "Windows Product Key:"
  • Copy and paste that log here.

Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#14 Nathaniyelu

Nathaniyelu
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:INDIA
  • Local time:12:43 PM

Posted 21 December 2010 - 11:45 AM

Hi the bytes,,I did combofix scan once again according to ur instructions..its running upto "Combofix has detected the prsence of rootkit activity need to reboot the machine".after rebooting the system a blank blue clour command prompt like screen appearing..thats all even 1st stage itself not completing no fonts appearing !!no dialogue appearing !! i had waited upto 30min and decided as combofix was not running.In the C drive i have found desktop like(combofix as name)symbol having 18MB size..and Qoobox(few KB).iam sending MGA diag log ..tomarrow(22nd)i have to go native place for christmas ..plz dont close this..i want to reopen on 1st week of January 2011..can i re open?? plz remember this .thanks in advance ..

****************************************************************************************************************************************************************************
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Blocked VLK
Validation Code: 3
Cached Validation Code: N/A
Windows Product Key: *****-*****-xxx-xxx-xxxxx
Windows Product Key Hash: Csd6k5ZhDIfYIqppW5EHykFgwRs=
Windows Product ID: 55274-648-2323245-23762
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.2.0.pro
ID: {142871C9-933F-4FCE-981C-B3769FAA885B}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-8009_E2AD56EA-766-2ee7_E2AD56EA-148-80004005_16E0B333-89-80004005
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office XP Professional - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-8009_E2AD56EA-766-2ee7_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Documents and Settings\Administrator.WIPRO-0CE5894D7\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{142871C9-933F-4FCE-981C-B3769FAA885B}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.2.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-4Q67Y</PKey><PID>55274-648-2323245-23762</PID><PIDType>1</PIDType><SID>S-1-5-21-1801674531-1085031214-725345543</SID><SYSTEM><Manufacturer>INTEL_</Manufacturer><Model>DG41RQ__</Model></SYSTEM><BIOS><Manufacturer>Intel Corp.</Manufacturer><Version>RQG4110H.86A.0009.2009.0108.1005</Version><SMBIOSVersion major="2" minor="4"/><Date>20090108000000.000000+000</Date></BIOS><HWID>80D73F7F0184E078</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>India Standard Time(GMT+05:30)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>WIPRO LIMITED</name><model>WIPRO</model></SBID><OEM/><GANotification/></MachineData> <Software><Office><Result>100</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office XP Professional</Name><Ver>10</Ver><Val>36C9A1FCC629DE4</Val><Hash>nHyzcal8zBRq8fRQKMUNe3gsBFU=</Hash><Pid>54186-640-7656821-17046</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="10" Result="100"/><App Id="16" Version="10" Result="100"/><App Id="18" Version="10" Result="100"/><App Id="1A" Version="10" Result="100"/><App Id="1B" Version="10" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: no
Marker string from BIOS: N/A
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A

#15 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:43 PM

Posted 21 December 2010 - 07:36 PM

Your copy of Windows XP is not valid.

Windows Validation Data-->
Validation Status: Blocked VLK


Were you aware of this?
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users